Across all industries, people routinely send work from their work email account to their personal account to more easily work from home, or outside office hours. On the surface, this may not seem to pose any great threat to your organization because fundraisers are emailing donors personal email addresses every day, right?
Unfortunately, that is not where the problem lies. When an employee is emailing their personal account with work information, they are sending sensitive data outside the confines of the organization's security system through a process known as data exfiltration.
The main reason employees send work home is that it’s easier. Easier than accessing files through the VPN, easier than digging out the randomly generated password to their work email for use at home, easier than printing off everything they need and taking it home with them. They send an email, go home, and the documents are ready and waiting.
While bad practice, a security breach like this (because it doesn’t have to be damaging, or even publicized to constitute a breach) most of the time will not result in damage or require clean up, but the one time it does, the financial and reputation risk can be high.
Loss of data through personal email could mean exposing sensitive donor information like bank account information, social security numbers, or anonymous giving history to an unsecured network. From there, anyone with access to your home network can access that information. And unfortunately, accessing someone else's home WiFi is easier than most people think. In brief - something as seemingly insignificant as sending sensitive company data to a personal email account can be devastating.
How do you fix the problem? There are three steps you can take to prevent a possible breach:
1. Educate your workforce
Make sure your employees know how to observe best data security practices. Make sure they understand how best to secure the data they work with, especially confidential data, and ensure they adhere to company data security policies, hosting refresher courses if necessary. While education and training alone cannot prevent data breaches, they are an important first step.
2. Ease of access
Try as much as possible to ensure that your employees don’t feel the need to send work to their personal emails. Implement secure file storage platforms they can access from home (SharePoint, GSuite, etc) or a corporate VPN so they can securely access the company network from anywhere. You need to strike that happy middle ground between “easy to use but insecure” and “airtight but really disruptive”.
3. Be proactive, not reactive
Choose email security platforms that offer the most complete protection against sending to unauthorized email accounts before it becomes a problem, instead of being left scrambling for a solution in the aftermath. Find a solution that tracks and logs attempts to send data to a personal email address, and use the metrics to open a conversation with employees about data protection.
Use today’s technology to protect against tomorrow’s cyber threats. Take our FREE 15-minute assessment and receive your own Data Security Health Score and find out if your organization is secure.