My security analyst is recommending we shut off access to third-party personal email accounts to reduce the risk of attack as a result of phishing attempts through these platforms. Is this something many companies do?
Senior VP & CISO, 1,001 - 5,000 employees
yes - no personal email (ex. gmail), collaboration sites (google doc, for instance), and social media except where we have a presence (LI, Twitter...), CISO in Software, 10,001+ employees
I am not aware of any major public enterprises that restrict employee use of personal email, etc. in the work environment. The only exception is in government or restricted classified environments, etc.Director of Network Transformation, Self-employed
Maybe in the government or high security role within a company but in our networked economy, not recommended. Director in Manufacturing, 1,001 - 5,000 employees
We did shut it off decades ago With 130k employees and a lot of contractors it was a frequent source of problems. Less problems is always better and there was no business justification to allow access to those personal emails. People could access them from their personal phonesAnd in general we did not do BYOD on PCs or phones
CIO in Healthcare and Biotech, 1,001 - 5,000 employees
We haven't done it, nor are there any plans to do so. My experience is that locking people down leads to more "workarounds" and efforts to subvert what you're trying to accomplish. It also creates a cultural message that you may not want. In high-security or government functions I can see it, but I would be opposed to it. Rather, I would focus on training, protection tools, etc. VP of IT & CISPO in Finance (non-banking), 201 - 500 employees
We don't believe in being this restrictive and believe it creates a different problem where the employee starts to blur the lines between business and personal emails since they don't have access to their personal emails. The only place I see this necessary is with environments with highly sensitive data.
Senior Information Security Manager in Software, 501 - 1,000 employees
Yes.But there are still plenty of phishing and spear phishing attempts that will come through regular corporate email accounts.
VP Information Security Assurance, 10,001+ employees
I would argue to place your decision on "Need to have". Some of these questions might help you: - Does your business need your colleagues to access the personal/web-emails (third-party emails)? If the role do not require such an access by all means turn it off. Many companies in the professional services do that. Philippines, China, India, Latam are generally the geographies where i reckon such a block happens more.
- Is the company's culture such that it encourages / or has traditionally allowed such a access. Then managing this change of block should be planned/communicated very well
- YES, phishing attacks do happen on email platforms, but what if you allow web-emails using technologies like browser isolation - where the emails open only in a "container", OR limiting any upload/download using URL filters
- You can also consider role based opening (like maybe recruitment or your communications team) and block for all general users
I would recommend creating a notch higher awareness around phishing as you also want to protect the people from phishing irrespective of their machine and then that becomes habit. help them to help you. Almost akin to the wisdom quote " Give a man a fish, and he will be hungry again tomorrow; teach him to catch a fish, and he will be richer all his life"
Chief Information Security Officer in Healthcare and Biotech, 1,001 - 5,000 employees
Yes. Completed agree with your analyst it may lead to data leak as wellContent you might like
Yes – very optimistic!33%
Yes – mildly optimistic.53%
No8%
I’m not sure6%
190 PARTICIPANTS
Yes83%
No17%
259 PARTICIPANTS
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.ISSO and Director of the IRU in Healthcare and Biotech, 10,001+ employees
I would definitely suggest this based of how you categorize your types of data/systems and information being stored in certain parts of your data center. I think it’s really dependent on the size of your organization and ...read moreDirector of IT in Healthcare and Biotech, 501 - 1,000 employees
Overall fit of the provider's services is key in any recommendation when selecting one of the big 3 clouds for any organization. Multi-cloud is significantly more difficult than most companies realize, and selecting a ...read more