Setting up a dedicated business email account improves your branding and gives a more professional impression (firstname.lastname@example.org, for example, comes across as more businesslike than email@example.com). But there’s even more at risk than your business reputation.
Keeping your business and personal email accounts separate is important. While merging your business and personal email accounts can make your life easier in the short term, you might find it causes a bigger problem in the long run. If an attacker can get into your business email account, for example, as well as causing your business problems, they may be able to find information that will help them get into your personal accounts too.
Getting business and personal mixed up is especially easy to do as a small business.
Even if you’ve set up a separate email account for business matters, it’s very easy to end up merging the two, either accidentally or deliberately. Perhaps you are running a small business from a personal laptop, and decide to automatically forward all business emails to your personal email address (or vice versa) so that you don’t have to switch between the two. Or perhaps you’ve ended up using one email address for most things; as a small business owner, it’s sometimes hard to set boundaries between work and not-work. That weekly newsletter you signed up for—is that work, or are you just interested? What about that order you placed—is it just for work things, or does it include personal items?
This can lead to complications. Not just the cyber security risks, which we’ll come back to, but it can make business tasks harder, if you have to sort through all the personal and domestic emails to find the business ones. You might miss something important—and this could matter to your bottom line, your accountant and the tax man.
If you (or one of your employees) have reused a password/email pair on both a personal account and a business account, and that password/email pair becomes known, then both the personal and the business accounts become vulnerable to attack.
Blurring of the line between business and personal can make it easier for criminals to build a social profile of you, based on what you post on social media, which gives them more plausibility when spear-fishing you to attack your business.
Mistakes happen, too: you might end up accidentally sending company confidential information that you meant to send to a business contact to a personal friend with the same name (and who works for the competition).
So, while business is personal (especially if it is your own business), and people like to do business with people they like, try to keep your business email account and your personal emails separate.
For more advice on cyber security, sign up for our newsletter. Or, if you’d like some specific help, please call the Click and Protect team on 0113 733 6230.