Danger Will Robinson! Be cautious with your email!

By | September 24, 2008

Sorry about the title, was watching lost in space the other day. Anyhow the point being you need to be cautious and manage your email accounts properly. This article is part of a series of blog posts regarding identity theft and security. Today I will be writing about mixing personal and business email, primarily when you leave a company or it goes bust.

It is so tempting to use your work email for personal use and lets face it, you’ve all probably done it. I have! From sending a joke, signing up to a newsletter or joining a community etc. Now the line gets quite blurred if that community is linkedin or a similar business connectivity service.

Here are some of the problems you are faced with:

  • Possible increased spam or phishing emails.
  • Breaking company policy regarding email use.
  • Email snooping by bosses (it happens).
  • Identity theft.
  • Lose of money.
  • You leave the company.
  • The company goes bust.

Now forgive me, but I am not going to cover the first three today.

So what happens to your email account when you leave the company? Chances are it is forwarded to your line manager for a while. Standard procedure at many places. This allows the manager to tie up any lose ends that you might of missed or to quickly respond to business contacts who were not aware you left or forgot.

This actually opens the door for identity theft or for someone to go snooping! Consider how the majority of password reminders work for online services…. they send an email! The only problem is you can’t receive it anymore and some once the email has been sent often don’t have further security to verify you. Regardless whether your ex-line manager is a lovely person and wouldn’t do such a thing, you are reliant on people currently within the organisation or working for the organisation in the future not to take advantage if you don’t log in quickly and change the contact details or have not already shut the account down. How would they find out you are signed up to services? Many send periodic newsletters via email.

Okay you’ve gathered I am not exactly being mr cheerful today. Now the next situation is quite unlikely to happen, but I wouldn’t put it past people. You sign up for a service or two, the company goes bust and down the line someone buys the domain. They setup the email to do ‘catch all’ and et voila they are receiving all emails sent to that domain and again can cause problems. Often a domain will get tied up for quite a while if a business goes bust, before it can be repurchased, this will work in your favour.

Now the first question you might and should be asking is…..why?! Why bother, why steal my identity, read my messages and look at my data? Well depending on the online services people could place orders for products, transfer money, harvest contacts, use your identity for whatever reasons they have. The fact is since the dawn of time people have been clubbing each other, stealing and in the current day and age sometimes the methods are more subtle.

So the tips:

  • Stick to using your personal email address for non-work newsletters,forums,mailing lists,services, buying personal items etc
  • Don’t use your company email address to send jokes or ‘warnings’ that people send each other that are not company sensitive.
  • Before actually leaving a company, close accounts or unsubscribe to services you don’t use anymore on behalf of the company. Again newsletters, mailing lists, forums etc. Could someone resign up and pretend to be you? Sure, but make it harder please.
  • Know what you are signed up to. Easier said than done I know.
  • Never use a work email address for your personal ebay, paypal, facebook and similar services.
  • If you are the owner of a business make sure you are the actual owner of the domain you use and consider buying the domain for longer periods of time.

Now the above tips don’t fully protect you and I welcome feedback in the comments to improve upon this post.

By now you’ve realised I can be quite paranoid! However I hope this post has made you think about how you and your company manage your email accounts and take steps to improve guidelines and practices.