sb-nz logo
Story image

Employees using corporate emails for private purposes putting companies at risk

 A new study has revealed 40% of all corporate email breaches occurred on websites used for personal purposes.

Employees using corporate emails for private purposes are putting companies at risk, it says.

Researchers from NordVPN Teams analysed global breach activity and looked at over 1.7 million email breaches that affected the worlds largest enterprises across different sectors. The research revealed that people tend to use their corporate emails for registrations regardless of whether the registration is for corporate or personal purposes. It also shows the technology and education sectors are the most affected by data breaches.

Company emails in the US and Europe are widely used on entertainment and media sites. Interestingly, the top list includes dating, gaming, last-minute travel deal websites, and restaurant booking platforms. In fact, almost 40% of all breaches occurred on websites that were used for personal purposes. 

The data also revealed which sectors were the most breached. The technology industry was the most exposed, accounting for almost 20% of all corporate email breaches. Education and health sectors came in second and third at 13.3% and 12.9%, respectively.

Credential theft has been on the rise in recent years. According to the 2020 Verizon Data Breach Investigations Report, more than 80% of hacks are the result of credential theft (most of which is enabled by successful phishing attempts). Credential theft is a growing industry within the cybercriminal ecosystem for the trade and direct use of compromised login-password credentials.

The theft of a single password could compromise an entire database that is not properly protected. Experts warn that employees are making companies more vulnerable to cyber attacks.

"Using company email addresses for personal use puts businesses at risk," says Juta Gurinaviciute, chief technology officer at NordVPN Teams.

"If those email credentials are compromised, companies might fall victim to account hijacking when hackers have both the email address and password of an email account," he says.

"They're then able to change the password and take over the account."

In terms of enterprise security, the most widely used and most easily compromised are login-password credentials, posing a significant amount of risk to any organisation.

Data shows that of all email breaches, only 9% of passwords involved were unique.

Despite the heightened awareness of security implications, many users still continue to reuse passwords and rarely, if ever, change them. 

According to a survey done by NordPass, 63% of respondents admitted reusing their passwords across their accounts. If that reused password gets leaked as part of a data breach, hackers may then have the key to the corporate network too no matter how complex the phrase is.

"Google has been working on helping people to proactively create better passwords with Password Checkup," says Gurinaviciute.

"The tool checks logins against a database of 4 billion leaked credentials, recognising if the password typed matches the one that's been leaked. 

"Password managers like NordPass also offer the possibility to check if your password has been compromised in data breaches," he says. 

"The problem is that it is impossible to apply company security policy to websites that the company does not have control over, and this makes companies vulnerable to attacks," says Gurinaviciute.

"Educating employees on security is crucial, and companies should invest in regular employee security training, explaining the possible risk scenarios."

Story image
Fortinet promises free cybersecurity training until skills gap trend reverses
"We are committed to continue offering the entire catalogue of self-paced Network Security Expert training at no cost until we see the skills gap trend reverse."More
Story image
IronNet expands Asia Pacific presence with new strategic partnership
“The combination of M.Tech’s extensive network in Asia Pacific and our unparalleled expertise in threat intelligence and detection will help more enterprises across the region to proactively identify and take down known and unknown threats before they happen.”More
Story image
Cybercriminals leverage AI to sustain attacks on enterprises
What is less discussed is how cybercriminals are taking advantage of those very same technologies to automate their attacks, too.More
Story image
How the editorial team works at Techday: Our tips for you
Preparing your releases in a particular way will not only make our lives easier, but improve the chances of your lead being picked among the masses.More
Story image
UPDATED: RBNZ ascribes data breach to third-party file sharing service
“The nature and extent of information that has been potentially accessed is still being determined, but it may include some commercially and personally sensitive information,” says RBNZ Governor.More
Story image
Malware variants becoming increasingly prevalent, sophisticated and evolved
"The modern threat landscape and ongoing evolution of malware are loud factors pushing every business to understand and identify modern malware threats and the necessary precautions to take to protect against them."More