IT Support, Security & Managed IT Services Blog - iCorps

Why Using Your Business Email Address on Personal Websites is a Cybersecurity Risk

Written by Jeffery Lauria | 2024/04/30

Maintaining cybersecurity for your business is paramount in the age of interconnected digital platforms. One often overlooked vulnerability is the casual use of business email addresses on personal websites or social media profiles. In this blog, I've highlighted the risks associated with this common oversight and why businesses should take proactive steps to protect themselves.

Diving in Deeper

The Problem: Exploiting Business Resources

I want to emphasize a simple yet crucial point: employees using their business email addresses on personal websites inadvertently expose their organizations to potential breaches and exploitation of business resources.  This includes even professional platforms like LinkedIn.

Understanding the Risks

A website that identifies if an email address has been compromised in a data breach. By entering their own email address, they discover it has been exposed in breaches related to various services like Adobe, Apollo, Box, Evite, LinkedIn, and even personal endeavors like MGM Resorts.

Here's where the issue becomes critical. The information obtained from such breaches can be sold on the dark web, including full names, email addresses, phone numbers, and even addresses. With this data, malicious actors can piece together a frighteningly comprehensive profile, potentially compromising not only personal accounts but also leveraging this information to breach business accounts. 

How It Happens

By using a business email address on a personal website or service, individuals inadvertently link their professional identity with personal online activity. This connection creates a bridge for attackers to exploit, potentially leading to targeted attacks against the organization. For example, if an individual's business email is exposed in a breach related to a personal endeavor like MGM Resorts, attackers can use this information to escalate their efforts and target the individual's employer.

Protecting Yourself

The best way to get ahead of a cyberattack is to be prepared and secure to reduce the chances of it happening. Luckily, there are several free tools that anyone can use to check if an email address has been breached quickly. Visit Haveibeenbreached.com, type in your email, and within seconds this site can detect if your email address has been breached.

In most cases, your email will be safe, but if a breach has occurred, it will include the sites that have been breachedwhat date the breach happened, and more details about what happened during the breach. Looking at the screenshot below, you can see that the 359 million email addresses linked to MySpace have been breachedTo put this number in perspective, the population of the entire United States is 333.3 million (2022).

Discovering your information on a platform like this doesn't indicate that you've fallen victim to a hack - rather, it suggests that your data was involved in a breach elsewhere.

Protecting Your Business

The solution is straightforward: educate employees about the risks associated with using business email addresses on non-business-related platforms. Remind them that seemingly harmless personal activities can have serious implications for organizational cybersecurity. It is also critical that businesses be properly prepared for a breach and to react accordingly.

Key Takeaways:

  1. Data Breach Implications: Breaches of personal accounts can have far-reaching consequences for business security.

  2. Dark Web Exploitation: Information sold on the dark web can be used to orchestrate sophisticated attacks.

  3. Educational Measures: Businesses should proactively inform employees about cybersecurity best practices.


Looking Ahead

By addressing this simple yet critical issue, businesses can significantly enhance their cybersecurity posture. Educating employees about the potential consequences of using business email addresses on personal websites is a proactive step towards safeguarding both individual and organizational security.

Connect with iCorps Technologies

For more insightful tips on cybersecurity and technology, follow iCorps Technologies on Facebook, LinkedIn, and X. If you have specific technology inquiries, reach out to iCorps Technologies—we're dedicated to keeping businesses safe in the digital age.