Peter Wood, a speaker at the upcoming ISACA European Computer Audit, Control and Security Conference (EuroCACS) event in Manchester, said that personal e-mail services, are being increasingly used for business purposes¾a situation that places company data at great risk.
According to Wood, CEO of penetration testing specialists at First Base Technologies, the use of personal e-mail for business is expanding, creating security issues such as a lack of data leak prevention (DLP) controls and increased data leakage due to a lack of encryption at the endpoint.
Wood also said that the boundaries between personal and business e-mail accounts are blurring and therefore placing company data at increased risk and creating greater risks of compliance problems.
"PCI DSS, data protection, freedom of information and even a potential breach of e-mail service providers’ terms of business are potentially involved here," he said, adding that it is even possible that the employer might become a litigant in this scenario.
And, it gets worse. Wood explained that the potential for loss of corporate secrets along with corporate espionage and leaks to the news media also frequently stem from use of personal e-mail for business purposes.
"This can damage an entire organization, and even touch all of its brands. Competitors can steal pricing information and the organization can be the victim of corporate fraud, all because of this issue," he said.
The ISACA EuroCACS speaker went on to say that he and his team are also seeing personal mail used for questions being asked in forums.
"Individuals may not realise it, but they may be giving away highly technical information about their organisation, as Web mail can be much less secure than normal e-mail," he concluded.