The Risks of Using Corporate Email for Personal Accounts: Insights and Recommendations

0

BEĞENDİM

ABONE OL

News

0

The Perils of Corporate Email Usage for Personal Accounts

A comprehensive analysis by Kaspersky Digital Footprint Intelligence highlights a significant cybersecurity risk: employees utilizing their corporate email addresses to establish personal accounts on platforms such as online marketplaces and social media networks. This practice heightens the potential for account theft and broader corporate security breaches.

In their detailed investigation, Kaspersky experts examined credentials leaked to the dark web from 2019 to 2024, focusing on popular entertainment platforms like Roblox, Discord, and Netflix. The results showed that approximately 7% of compromised users had registered on these platforms using their corporate email addresses.

Expert Opinion

Sergey Shcherbel, Kaspersky Digital Footprint Intelligence Expert, emphasized, “Using a work email for personal services is not advisable. Not only might you lose access to these accounts if you change jobs, but it also poses security threats to both you and your company. If your passwords are predictable across different services, a breach on one platform could potentially compromise your work account if your corporate email is leaked.”

Additionally, the study found that employees in the banking sector frequently register their corporate emails with streaming services, online marketplaces, and social networks. In some scenarios, these emails were also used for gaming platforms and adult content websites.

Methodology and Findings

To conduct this research, experts selected a sample of 50 banking sector companies. They analyzed credentials leaked to the dark web, identifying five popular platform categories associated with corporate domains. More detailed information can be accessed in the related report. Kaspersky has also launched a special webpage to raise awareness and provide strategies to mitigate these risks.

Immediate Actions for Data Breach Victims

In the event of a data breach due to information theft, consider the following immediate actions:

• Change compromised account passwords and vigilantly monitor for any suspicious activities linked to these accounts.
• Conduct a full security scan on all devices and eliminate any detected malware.
• It is advisable for companies to proactively monitor dark web marketplaces to identify compromised accounts before they can affect customers or employees. A detailed guide for setting up such monitoring is available. Utilize Kaspersky Digital Footprint Intelligence to keep track of what cybercriminals know about your company’s assets, identify potential attack vectors, and implement protective measures swiftly.
• Implement a security awareness program within your organization, including regular training sessions and performance evaluations. Enforce strict password policies across all organizational resources to minimize the risk of credential-related cyber threats.