My security analyst is recommending we shut off access to third-party personal email accounts to reduce the risk of attack as a result of phishing attempts through these platforms. Is this something many companies do?
Sort By:
Oldest
Senior VP & CISOa year ago
yes - no personal email (ex. gmail), collaboration sites (google doc, for instance), and social media except where we have a presence (LI, Twitter...), CISO in Softwarea year ago
I am not aware of any major public enterprises that restrict employee use of personal email, etc. in the work environment. The only exception is in government or restricted classified environments, etc.Director of Network Transformationa year ago
Maybe in the government or high security role within a company but in our networked economy, not recommended. Director in Manufacturinga year ago
We did shut it off decades ago With 130k employees and a lot of contractors it was a frequent source of problems. Less problems is always better and there was no business justification to allow access to those personal emails. People could access them from their personal phonesAnd in general we did not do BYOD on PCs or phones
CIO in Healthcare and Biotecha year ago
We haven't done it, nor are there any plans to do so. My experience is that locking people down leads to more "workarounds" and efforts to subvert what you're trying to accomplish. It also creates a cultural message that you may not want. In high-security or government functions I can see it, but I would be opposed to it. Rather, I would focus on training, protection tools, etc.