IT and Security leaders work to identify and mitigate potential vulnerabilities, yet files shared with private email accounts aren’t prioritized sufficiently.
Problem
There are three reasons why private email accounts pose a risk:
- Employee data theft
A study found 72% of employees admit to taking organizational data during their offboarding - usually by sharing files with their private email accounts. The files might contain Intellectual Property (IP), Personally identifiable information (PII), or anything else of critical matter that could put your organization at a disadvantage (e.g. GDPR). Worst of all, former employees could share this information with others (e.g. competitors) for personal or financial gain. - An entry point for hackers
Hackers know organizations share files with external stakeholders (e.g. freelancers) who use their private email accounts for work. Most private email accounts lack strong security measures, making it easier for cybercriminals to penetrate them and, through that, infiltrate your organization’s data. Worst of all, a compromised private email account could go unnoticed for a long time, due to the lack of security measures. - Unauthorized access to third-parties
Some stakeholders use private email accounts to access third-party apps or services. However, they often fail to review the service terms and the granted privileges. As a result, third parties might be granted rights to access a stakeholder’s Google Drive, OneDrive, etc., and, through that, the files your organization has shared with the given private email account.
Solution
After reading this, you might be tempted to disable or restrict sharing files with private emails. While such practice is good in theory, it could result in your employees bypassing the limitations by using unauthorized file-sharing services, which leads to Shadow IT.
Tricent provides visibility into how many files are shared with private emails and lets you remove unwanted access in bulk.
Here’s how you do that as an admin:
Tricent designed for Google Workspace:
Go to Insights and Export.
Select Target domain in Show me. And My Organization in Owned by.
Click Search.
Search for, for instance, gmail.com.
Click Bulk unshare domain. This will take you to our bulk unsharing tool.
Tricent designed for Microsoft 365:
Go to Insights.
Select External domains and search for, for instance, hotmail.com.
If you want to unshare everything shared with that domain, simply select it and click Revoke external domain access.
