sb-eu logo
Story image

Employees using corporate emails for private purposes putting companies at risk

 A new study has revealed 40% of all corporate email breaches occurred on websites used for personal purposes.

Employees using corporate emails for private purposes are putting companies at risk, it says.

Researchers from NordVPN Teams analysed global breach activity and looked at over 1.7 million email breaches that affected the worlds largest enterprises across different sectors. The research revealed that people tend to use their corporate emails for registrations regardless of whether the registration is for corporate or personal purposes. It also shows the technology and education sectors are the most affected by data breaches.

Company emails in the US and Europe are widely used on entertainment and media sites. Interestingly, the top list includes dating, gaming, last-minute travel deal websites, and restaurant booking platforms. In fact, almost 40% of all breaches occurred on websites that were used for personal purposes. 

The data also revealed which sectors were the most breached. The technology industry was the most exposed, accounting for almost 20% of all corporate email breaches. Education and health sectors came in second and third at 13.3% and 12.9%, respectively.

Credential theft has been on the rise in recent years. According to the 2020 Verizon Data Breach Investigations Report, more than 80% of hacks are the result of credential theft (most of which is enabled by successful phishing attempts). Credential theft is a growing industry within the cybercriminal ecosystem for the trade and direct use of compromised login-password credentials.

The theft of a single password could compromise an entire database that is not properly protected. Experts warn that employees are making companies more vulnerable to cyber attacks.

"Using company email addresses for personal use puts businesses at risk," says Juta Gurinaviciute, chief technology officer at NordVPN Teams.

"If those email credentials are compromised, companies might fall victim to account hijacking when hackers have both the email address and password of an email account," he says.

"They're then able to change the password and take over the account."

In terms of enterprise security, the most widely used and most easily compromised are login-password credentials, posing a significant amount of risk to any organisation.

Data shows that of all email breaches, only 9% of passwords involved were unique.

Despite the heightened awareness of security implications, many users still continue to reuse passwords and rarely, if ever, change them. 

According to a survey done by NordPass, 63% of respondents admitted reusing their passwords across their accounts. If that reused password gets leaked as part of a data breach, hackers may then have the key to the corporate network too no matter how complex the phrase is.

"Google has been working on helping people to proactively create better passwords with Password Checkup," says Gurinaviciute.

"The tool checks logins against a database of 4 billion leaked credentials, recognising if the password typed matches the one that's been leaked. 

"Password managers like NordPass also offer the possibility to check if your password has been compromised in data breaches," he says. 

"The problem is that it is impossible to apply company security policy to websites that the company does not have control over, and this makes companies vulnerable to attacks," says Gurinaviciute.

"Educating employees on security is crucial, and companies should invest in regular employee security training, explaining the possible risk scenarios."

Story image
Acronis expands global data centre network, including new facilities in NZ
The expansion ensures that the full range of Acronis Cyber Protection Solutions will be available to partners and organisations around the world.More
Story image
IBM Security completes industry first with updates to Cloud Pak for Security solution
"With these updates, we will be the first in the industry to bring together external threat intelligence and threat management alongside data security and identity."More
Story image
One in five employees download commercially sensitive files onto personal devices
Of these respondents, 40% admitted that the devices either had no password protection or no up-to-date security installed.More
Story image
Zoom to begin rolling out end-to-end encryption
Available starting from next week, it represents the first phase out of four of the company’s greater E2EE offering, which was announced in May following backlash that the company was lax on its security and privacy.More
Story image
Palo Alto Networks launches new SD-WAN solutions and enhancements
Palo Alto Networks has introduced two new SD-WAN appliances and enhancements to its next-generation SD-WAN solution, expanding the company’s CloudGenix SD-WAN solutions reach.More
Story image
Insider threat report reveals deception in the workforce
Insider threats come from people inside an enterprise, whether they divulge proprietary information with nefarious intentions, or are just careless employees that unwittingly share sensitive data, writes Bitglass product marketing manager Juan Lugo.More