With the pandemic running its course, we have been driven to conduct our lives in ways that limit human contact. Online shopping has become a necessity, and has allowed us to have access to essential and non-essential items without risking our health.
In order to complete an online transaction, most vendors require that an account be created using an email address and a password. It is the quickest way to update a consumer on the status of their order, shipping, pickup details, etc. Using an email that is checked regularly and a password that is easy to remember is important, otherwise, key notifications can be missed.
For most people, the email address that is most frequently accessed is their work email as they have access to it at least 8 hours a day during working hours. Using the same email and password combination seems like the easiest way to remember account information. If you know one, you know all. However, they are unaware of the risk they are taking by using their work email and password for online shopping.
In the event that a vendor’s data is compromised, company email addresses and passwords can end up in the wrong hands unraveling a series of events that can put an entire company’s network at risk. Hackers are able to access the compromised person’s email inbox which contains a list of contacts, their email addresses, emails that may contain sensitive information like bank account numbers, routing numbers, social security numbers, etc. They have access to their email signature, which can be used on a spoofed email to trick a sender into sending sensitive information under the assumption that they are sending it to a trusted contact.
The amount of damage that can be done with the information stored in one’s email inbox can be devastating to a company. There are countless examples of wire fraud done using this method.
The best thing a company can do to prevent this is training. Constantly reminding their employees of the importance of keeping their work email away from any vendor sites, requiring that they use a unique password for their company email, and ensuring there are company policies in place to address violations.
Reach out to your assigned consultant if you suspect your employees might be misusing their email and/or password. They can help you set up training seminars, webinars, or one-on-one sessions to educate them on the dangers of those practices.