Email: Personal Email Use at Work Creates Big Security Risks

It sounds innocuous, employees sending files from work to "home" email addresses so they can do work from home or on the road. But the practice can open up companies to all sorts of risks, even without the company or the employee knowing it.

New end user research from Marshal says that nearly half of the respondents to a recent poll work for companies that allow staff complete and unrestricted access to personal Web-based email accounts at work. One result-beyond the real or imagined impact of idle electronic chatter on worker productivity-is the possibility of security, legal or technological troubles resulting from a "foreign" email program entering into a corporation.

"The biggest problem in using personal email is there is no control," says Penny Freeman, director of software sales and engineering for Marshal, an email security firm. "Companies aren't able to stop the SPAM that comes through the email. So the proliferation of SPAM can be exponential, and it may also contain viruses. Organizations have to come out with a security profile that prevents them from being exposed to the Webmails of the world."

Marshal conducted its survey through its TRACE Website. TRACE is a research site that combines information from tech industry experts with Marshal's customers and end users, a research pool including the world's largest 14 banks as well as healthcare firms, manufacturers and small businesses.

Its research into personal email use at work found that 48 percent of firms allow total access to personal accounts, while only 33 percent ban the use of personal email-and back that ban up with blocking technology. Another eight percent of users report their employer bans personal email use, but without blocking technology.

Freeman says these numbers pose a problem, since electronic dangers are exposing firms to a greater chance of breeches. The problem of access to personal email at work is further complicated by the tendency to use email to transmit work files or company-related information. "There's a lot of melding going on," she says.

And there is the ever-present plague of SPAM. "SPAM is becoming such a hybrid thing [now]. It's not just SPAM with text, it's also coming with links," Freeman says. "There's also a lot of SPAM coming into people's email boxes with images attached. That's adding 15 to 20 percent to the total email traffic volume."

Market researcher David Ferris says one solution is to impose similar content controls on employees' Webmail to the ones they have for internal email.

Most firms are aware of the use of personal email at work, but it's still a tough problem to tackle, Freeman says. "Most IT organizations are very aware, but having the knowledge and acting on it are two different things. Acceptable use policies for personal Web-based email are just starting to come into the forefront of organizations these days." (c) 2006 Bank Technology News and SourceMedia, Inc. All Rights Reserved. http://www.banktechnews.com http://www.sourcemedia.com

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER