Most companies have policies that address use of the company’s email system. However, many companies have no policy regarding employees accessing their personal email ;accounts from work, other than blanket policies that prohibit personal use of the Internet while working.
At first blush, it might seem like overkill to limit an employee’s ability to check a personal email account from work. After all, limiting use of a personal email account will just encourage the employee to use their work account for personal email. And how will the company police employees accessing their personal email during breaks and lunches?
Most personal email accounts, such as those available from Hotmail, Yahoo!, Comcast, and AOL, are Web-based. When an employee accesses this type of account from work, messages sent and received bypass the employer’s security system. This means bad things—such as viruses, Trojan horses, and spyware—can get in, and good things—like trade secrets—can get out, and the company will never know about it.
Even employees with the best intentions can create huge problems for a company via their personal email accounts.Take, for example, the common practice of employees sending work-related documents or messages to their personal email address. Most employees who do this are simply trying to make it easier to work from home. Some are trying to get around an employer system that allows them to send documents of only a particular size. And still other employees automatically forward messages they receive at work to their personal account while on vacation or out of the office.
Unfortunately, all of these practices can prove harmful. The work documents pulled and sent onto personal email accounts are no longer stored on the company’s server. Rather, they are now on the personal email service’s servers. And they can – or in the case of Gmail, will be – accessed by third parties for their own, self-serving reasons. In case you were unaware, Gmail and some Internet service providers automatically scan email messages to then determine what targeted advertising to post.
Also, what happens if the employee’s personal email account gets hacked and a third party accesses confidential information or trade secret information of the company? Or what if the hacker attempts to communicate through the employee’s account with other members of the organization or its patients, clients, or consumers?
As you can, this is much more problematic than on first glance. And this is merely the tip of the iceberg. The above problems could be much more concerning if your business is constantly engaged in actions and transactions involving confidential information or legally-protected information such as medical records. Thus, for these reasons, all companies should consider a prohibition on use of personal email accounts to transact business. In addition, limiting use of personal email accounts at a designated work station, rather than their normal computer. Both will go a long way towards preventing an unnecessary headache.