Why You Shouldn’t Use Free Webmail Services for Business
OK, we’ve all done it. You’re working at home, trying to log in to a business application and you have forgotten your password. So you use your Gmail account to request your password and it is promptly sent to you – in clear text. Or maybe you are going on vacation and you want to give those key customers an easy way to communicate with you while you’re away – your mac.com account can easily be checked from your phone without requiring you to wade through the dozens (hundreds?) of email messages in your corporate email account.
Most people have multiple email addresses, often for different uses. But crossing over from a managed environment for your corporate email to a free webmail service can have unforeseen consequences:
1. Hackers
2. Unencrypted transfers
3. Policies of the service provider
In 2008, hackers breached the Yahoo! email account of Republican Vice Presidential Candidate Sarah Palin, accessing exchanges with state politicians, a contact list and some family photos. Ms. Palin should not have been using Yahoo! for official state business, and this breach reflects one reason why. More recently, a C-level executive had her Yahoo! email account hacked, as detailed in this Computerworld article. There is a lot more potential for security breaches in large webmail services like Yahoo! or Google. With millions of subscribers, the attraction for hackers is far greater than trying to hack a corporate server with a few hundred to a few thousand users, although those types of breaches can also happen.
Email is natively unsecure. We use it so frequently, and nearly always with success, so it’s easy to be lulled into the feeling that an email between you and an associate is just like a private conversation. It is not. Your email takes many hops between you and the recipient. And along the way, the information is as easy to read by an interested party as the front page of the newspaper. Your email is in plain text. There is absolutely no protection for the content of that email once you hit the “send” button.
Now, raise your hand if you have read the “Terms of Use” for your free webmail account. Yes, that’s what I thought. Yahoo! Mail Plus terms of service specifically states that Yahoo! makes no warranties that the service will be secure. “The use of the service is at your sole risk,” states the terms of service. Do you know who has access to the email that they store on their servers?
The important point, as data breaches continue to make the news, is this: think about the value of the information that you retain and that you share. What’s the value of your business contacts list? What’s the harm to you if your personal contacts list is breached? What’s the value of a calendar, a password, a description of a problem? Understanding the value of the data, and the impacts of a data breach, may result in making better decisions about what we share – and the services through which we share it.
Do you use your personal email account for work-related activities?
