Gen-Z using corporate email for personal use raises security concerns

Survey says: 93% of Gen Z employees use their corporate email for personal use, raising concerns on email security.
10 November 2021


Email security is a prerogative that companies can’t afford to look at as an afterthought. All organizations rely on emails for communication, with some investing heavily in private email servers to better protect their emails and employees.

Yet, emails are the most convenient method used by cybercriminals to launch cyberattacks. Emails can be easily compromised with malicious content, from spyware to malware, so organizations are doing the most they can to improve email security, especially in ensuring their employees are well aware of the situation.

Statistics show that roughly 306.4 billion e-mails were sent and received daily in 2020. This figure is expected to increase to over 376.4 billion daily emails by 2025. Out of this, cybercriminals are sending over three billion emails a day, as part of phishing attacks designed to look like they come from trusted senders.

With employees often regarded to be the weakest link when it comes to cybersecurity, companies have invested in training and workshops for their employees to understand emails more. This includes being able to understand how phishing emails work, how to identify email scams, and also malicious attachments in emails.

Despite this, a recent survey by SailPoint Technologies Holdings showed that more than half of all workers are using their corporate email for personal use. Findings from the survey also showed that 93% of workers using a corporate email for personal use are Gen Zs. As the lines between work and home became increasingly blur amid the ongoing COVID-19 pandemic, SailPoint examined workers’ awareness levels when it comes to identifying and acknowledging a phishing attack. The survey found that nearly half (44%) noticed that the number of phishing messages they’ve received is up year-over-year.

“Over the last year and a half, we’ve seen countless, high-profile cyberattacks, stemming from email activity, that have brought organizations – like retailers, currency exchanges, and healthcare organizations – down to their knees,” said Heather Gantt-Evans, CISO at SailPoint. However, there are glaring generational differences when it comes to their behaviors that are putting Baby Boomers, Gen X, Millennials, and Gen Z and their employers at risk.

“By using a corporate email for personal use, employees are inadvertently expanding the threshold for malicious actors to enter into a corporate network, completely unnoticed. As demonstrated by the data, most don’t know what to do if they see suspicious activity, but with proper education and training, we can deter these types of events to ensure the business remains operating as usual,” added Gantt-Evans.


Monitoring email security and usage

The survey found that Gen Z (77%) and Millennials (55%) are using corporate emails for their social media logins, compared to just 15% of Gen X and 7% of Boomers. It is important to note that some of these social platforms have experienced data breaches, meaning employees that use corporate emails on them risk exposing their organization to cybercriminals as well. For example, Facebook had half a billion accounts stolen earlier this year, while financial services company Robinhood had data of 7 million customers, including email addresses, affected in a data breach.

With the holiday season approaching, nearly one in three workers (29%) say they use their corporate email for online shopping. More pressingly, 39% have received a phishing message impersonating a retailer, and 22% have received a message impersonating a marketing email. On the heels of one of the busiest online shopping seasons ever, consumers can expect increased phishing attacks and retail breaches in the coming months.

Interestingly, training and workshops on email security have been paying off some with 94% confidence or very confident in their ability to detect a phishing message. But only 29% know how to appropriately react to a phishing email. When pressed on how they would respond to a suspicious-looking email with a link or attachment, 46% of Gen Z respondents said they would open the link or attachment, compared to just 1% of Boomers.

The reality is, employees should not be using their corporate emails for personal use as it not only compromises email security but can also lead to more serious repercussions. Companies should also come up with policies regarding the usage of corporate emails and also conduct checks if the emails have been compromised or used for personal reasons. Failure to do so may only lead to corporate emails becoming less relevant for the purposes they’re intended for, possibly compromising other internal systems in the long run.