It increases the risk of phishing and other cyber attacks
More than half of workers admit that they use their corporate emails for personal use. In the inaugural study from SailPoint Technologies, 59% of workers disclosed that they’re using their work email addresses for personal use. Gen Zs make up the biggest number of the figure with 93%. The study also revealed that 77% of Gen Z workers and 55% of Millennials are using their corporate emails for social media logins. This is lower than the 15% of Gen X workers and seven per cent of Boomers.
Heather Gantt-Evans, chief information security officer at SailPoint, employees using corporate accounts for personal use are increasing the risk of malicious scammers entering their corporate network.
"By using corporate email for personal use, employees are inadvertently expanding the threshold for malicious actors to enter into a corporate network, completely unnoticed," said Gantt-Evans. "Over the last year and a half, we’ve seen countless, high-profile cyberattacks, stemming from email activity, that have brought organisations – like retailers, currency exchanges, and healthcare organisations – down to their knees," the CISO added.
Early this year, the Brazil-based JBS, the world's largest meat processing company was cyberattacked – impacting the company's operations in North America and Australia.
Read more: Coronavirus cyberattacks: Beware of the phish
Phishing attacks
Phishing is a form of cyber threat in which criminals pretend to be another entity to fool a victim into opening an email or message that can allow them to steal user data. The study warned of an increase of such attacks and retail breaches in the coming months thanks to a looming busy shopping season. According to the study, more attacks are expected amid a significant number of workers using their corporate emails for online shopping.
The study showed that nearly one in three workers or 29% of them are using their work email for such activities. About 39% said they already received a phishing message impersonating a retailer, while 22% received a message that pretends to be a marketing email.
While most of the respondents (94%) of the study said they are confident in their ability to detect a phishing message - only 29% know that the next step is to report it to the IT department.
Surprisingly, nearly half (46%) of Gen Z workers said they would open a suspicious-looking email,29% of Millennials admitted to doing it as well, four per cent of Gen X said they would also open it, while only one per cent from Boomers would commit such actions.
Gantt-Evans commented that proper education and training is needed to prevent the entrance of malicious actors into a corporate network.
"As demonstrated by the data, most don't know what to do if they see suspicious activity, but with proper education and training, we can deter these types of events to ensure business remains operating as usual," the CISO said.
Clement Lee, a principal consulting security architect, handed four key tips to identify and avoid phishing attacks:
- Haste is never a good adviser
- Lack of personalisation
- They incorporate attachments or several links
- They send the mail to an account that is not registered to the service
The study was carried out by Dynata for 500 US workers in companies with over 2,500 employees on behalf of SailPoint.
