The Human Error: Using Corporate Email for Personal Use

Let’s admit it, we’ve all done it. After a long day working from your new remote office, you decide to keep your work computer open and begin to work on personal projects. It’s time to start researching that major home improvement project. A quick google search leads you to a great new site called Houzz.  Seems like a great resource and a true time saver. A few quick questions, some personal information to get your account set up, and BOOM, you are designing your new dream home decor with the stars.

So, here’s where it all went wrong. Instead of using your personal email account, you used your corporate email since its second nature to type in the email you just used all day. And to add on another mistake, you used the same password that you use for all of your other accounts.

The number of employees that have used their corporate email address to register for a Houzz account is staggering. How do I know?  Because Houzz recently suffered a cyber breach. Your information was stolen and posted for sale on the dark web and unfortunately, it’s not just Houzz.  The list of companies that house private data, which have been breached in just the last 6 months, is long and include companies like MyFitnessPal and Heritige.com, just to mention a few.

Now what?  Once the information is posted on the dark web there is no stopping it. The dark web has breached records for sale dating back several years. Remember that breach LinkedIn had 5 years ago, yeah, that information is still on the dark web as well. You can’t stop what is posted on the dark web, but you can keep this information from negatively impacting you. Here’s how:

1. Hit the Reset Button. The first step and most important step is RESET ALL of your passwords! Don’t use the same one for every site, the cyber criminals know that you want to do what’s convenient and they will take advantage of that and strike when you least expect it.
2. Everything Starts with Training. The biggest impact any organization can make is with employee training. And, no I am not talking about having your employees watch a mind-numbing, hour-long video on what not to click on once a year. You need training that is short, to the point, fun, engaging and most importantly on-going.
3. Keep Your Employees Active. You also need to have automated tests to make sure that the employees are being vigilant every day. This should be the very first step in every organization’s cyber security framework, and yet the most often overlooked. Your employees are your biggest asset and your biggest liability, so help build a human firewall and empower those assets to fortify your defenses.

In summary, there is a misconception from employees that if they are not visiting inappropriate sites or doing something illegal that it’s acceptable on their corporate account or equipment. You might think that it’s common sense, but it’s not. None of the employees who logged into Houzz had any intention of causing harm or exposing their data. The employees were making a simple human error.  

---------------------------------------------------------------------------------------------------

Want to know if your organization's data is on the dark web?

Join us for our DarkWebAdvisors webinar on Wednesday, July 8th at 1pm EST.