While email might have fallen out of favor as the primary tool for everyday social interaction, it remains the most popular platform by far for business communication. According to Forrester, 87% of all corporate communications were carried out via email, a statistic that should give an idea of just how much company and consumer data gets moved around every day. It also gives an idea of just how hard spam filters need to work.
For cash-strapped small businesses looking for ways to save money, a free email address might seem like the obvious solution. After all, it only takes a matter of minutes to register with one of the well-known public email giants such as Yahoo, Gmail or Hotmail. It will never cost you a cent either. Many people also believe it's safer, assuming the large companies will also be able to afford the toughest security measures. Unfortunately, the reality isn't quite that simple.
What We Can Learn from the Yahoo Data Breach of 2016
Yahoo is one of the oldest and largest public email service providers of all. For many years, people assumed that the technology giant was all but impenetrable. They were left sorely disappointed in September 2016 when Yahoo confirmed that no less than half a billion user accounts had been compromised in what was one of the largest cybersecurity attacks ever known. Stolen account information included not just names and email addresses, but also other contact details, password hashes and even security questions and answers. Perhaps, however, the most alarming fact of all was that the breach itself happened in 2014, two years before being discovered.
The Yahoo data breach perfectly illustrates the fact that the major public email providers are far from immune to cyberattacks. In fact, they present the perfect target for cybercriminal teams all over the world. After all, with digital data now being among the most valuable commodities in the criminal underworld, it stands to reason that hackers would rather go after the big companies than spend all their time and resources on smaller providers of relatively miniscule value.
Using Public Email Addresses Can Lead to Costly Legal Issues
Personal email accounts, which invariably use one of the major public service providers, are completely beyond the control of the company. All emails and account data are stored externally, on servers owned and operated by the service providers, such as Yahoo or Hotmail. Since they're not subject to regulatory restrictions, enterprise-level security measures or backup and archiving, using public email addresses also leaves your business open to potentially costly legal issues.
With email content stored on servers beyond your control, you have no way of knowing exactly where your data is or through which networks it's being transmitted. As such, corporate data stored or transmitted using a public email address will not be subject to your business's security policies. For example, an employee might have accepted the service agreement of the public email provider, even though your business did not. In other words, it doesn't matter how solid your company's email security policy might be if an employee decides to use a personal email address for corporate communications.
Should a data breach occur because someone in your company uses a public email address, you'll have very little legal recourse. Most personal email account providers prohibit any scanning of their emails, so unless the employee ultimately responsible for the data breach decides to be forthcoming about their error, there's not much you can do. The same usually applies even to employees who send personal emails from company-owned devices. If such an email contained any confidential corporate information, you probably still won't have any legal rights to scan and control the account.
Corporate Risks of Using Public Email Addresses
With no control over the content being stored or transmitted, there are also serious corporate risks of using public email addresses for businesses. As illustrated by the Yahoo data breach, the theft of corporate data is a constantly present risk that even the most secure business email accounts aren't completely immune from.
Letting your employees use their personal accounts for corporate communications brings many risks. For a start, the risk of IP theft is greatly increased, as is the possibility of unwittingly violating company or customer privacy. At the same time, exploits or service outages can cause major disruptions in your business communications which, in themselves can quickly become very costly.
The increased chance of a data breach is perhaps the biggest concern when it comes to using public email addresses. For example, any public email service provider may find themselves forced by the law to give up things like account credentials and other data during a criminal investigation. In fact, security agencies such as the NSA, now have the right to scan and store pretty much any emails they like on their own servers. In other words, if your employees are using public email addresses for work, confidential corporate information could end up on external servers, such as those belonging to government security agencies.
One might assume that government security agencies are... well... secure, but these collections have themselves ended up being leaked to third parties. After all, that's pretty much how WikiLeaks has become so successful. Of course, if your customers feel they can't entrust their personal and payment information to you and you alone, satisfaction could plummet as well.
Email Continuity and Public Service Providers
Email continuity is critical for any businesses that rely heavily on the medium. Service interruptions, for example, can become extremely costly, particularly if they occur during important sales negotiations. Unsurprisingly, using a public email address provides practically no recourse should an interruption occur. Additionally, if the owner of the address leaves the company, they take everything with them, making future searches practically impossible.
Business email providers generally provide some form of email continuity as standard, with various optional extras you can add on. An email continuity service might be something as simple as a message-spooling service or fully replicated server clusters. At the very least, there should be nothing stopping you from having all corporate email communications stored either in-house or on a remote server that you still retain complete control over.
Microsoft themselves recommend that Exchange users adopt a server-clustering system, preferably one that also involves having a separate server cluster hosted remotely. In other words, even if a disaster befalls your in-house systems, you'll at least have all important data hosted in another location to fall back on.
Protecting Critical Company Functions
The dangers of using a public email address for business go beyond the risks concerning email communications themselves. For example, if you or one of your employees uses a public email address when setting up an account for a service that's critical to your company, you could end up losing access to that service if the email account is compromised or the account owner leaves the company. To ensure that your company retains ownership of such systems and services, you need to make sure that any associated account information is owned by the business itself.
The above might sound like common sense, but it's a surprisingly easy mistake to make. For example, an employee might naturally presume that it's fine to use their personal email address for creating an Web hosting account or purchasing a domain name. Should the employee leave the company, however, you'll be fully reliant on them to hand over the account details or, if possible, allow you to change them to retain ownership. Such an issue could lead to critical corporate assets becoming unavailable and costing your business dearly in the process.
The Importance of Professionalism
Let's say, for example, that you run a legal practice. Which is a better email address: firstname.lastname@example.org or email@example.com? Verisign found in a recent survey that some two thirds of consumers consider a branded, professional email address is much more credible than a personal one. Of course, this goes doubly true for industries in which trust and professionalism are among the most important factors, as they are in the legal profession.
Exactly what email address you use might sound insignificant, and it's something that a lot of smaller businesses, startups and sole traders underestimate the importance of. However, just like a company name or logo, an email address is often one of the things that people will see when dealing with your company for the first time. A branded email address will help give the right first impression while also helping you stand out.
There are far more reasons to have a branded, professional email address for your business than not to. The same also applies to any accounts for individual employees or departments. It also doesn't have to cost very much, thanks to the wide availability of scalable, enterprise-ready solutions. Anyhow, the benefits over using a public email provider are enormous:
. Reduced chance of data breaches and other disruptions
. Greater legal protection thanks to control over corporate communications
. Improved email continuity
. Safeguard critical company functions
. More professional image