cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
jerwin
Viewer II

Using Personal email addresses for official company communications

just want to pick the community's brains about employees using third-party accounts for work-related communications. Ie. using outlook.com account to manage their emails.

 

i'm assuming that the employee is using outlook.com as a consolidator and/or management of emails, but what are the repercussions of this on the information security of the company? 

 

for reference, an outlook.com account will send emails on behalf of the real address as below:

Employee Name <employee.name@outlook.com>; on behalf of; Employee Name <employee.name@company.com>

3 Replies
Deyan
Contributor I

In my opinion using personal email address for official company communications is ridiculous, however it all comes down to the company policy and requirements towards mailing. Companies usually have acceptable use policy and ethics codes that speak about not using personal email for company related matters. In addition corporate emailing is usually company managed and security policies are applied to it - not to mention the auditing and logging features, but I guess it all comes down to the company and its reuqirements towards mailing. Security-wise - I'd say anything outside the predefined and pre-approved way of mailing is wrong - personal mailing of business matters is nonsense and introduces a variety of risks.

JayCee
Newcomer II

Personal email should not be used for business purposes and business email should not be used to sign up to non-business services.

 

My 2p...

CISOScott
Community Champion


@JayCee wrote:

Personal email should not be used for business purposes and business email should not be used to sign up to non-business services.

 

My 2p...


Ditto this.

 

Using personal email addresses for business purposes can blur the lines of privacy also. Since you used your personal email address for business purposes does that mean in an investigation your personal email account can be subpoenaed? Can investigators seize your device when you leave the company to make sure there is no company data on your device(s)? Is an employee exfiltrating sensitive company data through their personal email (think Edward Snowden type stuff)? If they receive work related emails on their personal account on the weekend does that mean that they are on the clock and should expect to be compensated for working that time?

 

You can see that allowing, or heaven forbid - requiring, an employee to use their personal email address for business use can have consequences you may not have planned for. This topic is heavily discussed in BYOD scenarios if you need more resources as to what you would be getting in to.