My security analyst is recommending we shut off access to third-party personal email accounts to reduce the risk of attack as a result of phishing attempts through these platforms.  Is this something many companies do?

4.6k views9 Comments

Senior VP & CISO, 1,001 - 5,000 employees
yes - no personal email (ex. gmail), collaboration sites (google doc, for instance), and social media except where we have a presence (LI, Twitter...), 
CISO in Software, 10,001+ employees
I am not aware of any major public enterprises that restrict employee use of personal email, etc. in the work environment. The only exception is in government or restricted classified environments, etc.
Director of Network Transformation, Self-employed
Maybe in the government or high security role within a company but in our networked economy, not recommended.  
Director in Manufacturing, 1,001 - 5,000 employees
We did shut it off decades ago With 130k employees and a lot of contractors it was a frequent source of problems. Less problems is always better and there was no business justification to allow access to those personal emails. People could access them from their personal phones

And in general we did not do BYOD on PCs or phones
CIO in Healthcare and Biotech, 1,001 - 5,000 employees
We haven't done it, nor are there any plans to do so. My experience is that locking people down leads to more "workarounds" and efforts to subvert what you're trying to accomplish. It also creates a cultural message that you may not want. In high-security or government functions I can see it, but I would be opposed to it. Rather, I would focus on training, protection tools, etc. 
VP of IT & CISPO in Finance (non-banking), 201 - 500 employees
We don't believe in being this restrictive and believe it creates a different problem where the employee starts to blur the lines between business and personal emails since they don't have access to their personal emails. 

The only place I see this necessary is with environments with highly sensitive data. 
Senior Information Security Manager in Software, 501 - 1,000 employees

But there are still plenty of phishing and spear phishing attempts that will come through regular corporate email accounts.
VP Information Security Assurance, 10,001+ employees
I would argue to place your decision on "Need to have". Some of these questions might help you: 
- Does your business need your colleagues to access the personal/web-emails (third-party emails)? If the role do not require such an access by all means turn it off. Many companies in the professional services do that. Philippines, China, India, Latam  are generally the geographies where i reckon such a block happens more.
- Is the company's culture such that it encourages / or has traditionally allowed such a access. Then managing this change of block should be planned/communicated very well
- YES, phishing attacks do happen on email platforms, but what if you allow web-emails using technologies like browser isolation - where the emails open only in a "container", OR limiting any upload/download using URL filters
- You can also consider role based opening (like maybe recruitment or your communications team) and block for all general users

I would recommend creating a notch higher awareness around phishing as you also want to protect the people from phishing irrespective of their machine and then that becomes habit.  help them to help you. Almost akin to the wisdom quote " Give a man a fish, and he will be hungry again tomorrow; teach him to catch a fish, and he will be richer all his life"
Chief Information Security Officer in Healthcare and Biotech, 1,001 - 5,000 employees
Yes. Completed agree with your analyst it may lead to data leak as well

Content you might like

Yes – very optimistic!33%

Yes – mildly optimistic.53%


I’m not sure6%


762 views1 Upvote




1.1k views4 Upvotes

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
42.3k views131 Upvotes319 Comments