In-depth

My email address is [CENSORED]

In this week's column, Davey Winder looks at whether businesses should keep email addresses secret.

How public should your email be? That's a question many of us do not really think about, especially within the world of business.

After all, your email address is really no different to your street address, is it? The closest dictionary to hand on the iPad I am writing this on (WordWeb if you are interested in such things) confirms my understanding that an address is defined as "the place where a person or organisation can be found or communicated with," be that a geographic location or something non-corporeal such as a web or mail server that exists in the cloud.

The point being that an address, be it office, web or email, exists to enable your customers to contact you. So why is one security vendor warning business users that revealing their email addresses is a security risk?

Now that, it seems to me, is something on a backwards approach to the phishing problem.

Here's what Websense Security Labs has to say on the matter after conducting research into the number of email addresses appearing on Twitter: "Thousands of businesses and consumers are putting themselves at risk each day by publicly revealing their email addresses on Twitter." The company goes on to argue that because those addresses are "connected with their inboxes, social media identities and bank accounts" it leaves business users exposed to "advanced social spear phishing attacks."

Carl Leonard from the Websense Security Labs goes as far as to warn businesses using social media to communicate with customers that they "need to consider ways to ensure that employees are protected from these new threats." Furthermore, employers should "re-evaluate acceptable use policies to discourage staff from sharing email addresses on Twitter." Now that, it seems to me, is something on a backwards approach to the phishing problem.

To suggest that acceptable use policies need updating to make placing already-public email addresses on social media some kind of hanging offence is, frankly, daft. The warning that cyber criminals could use the addresses, together with associated information harvestable from public services, to launch spear phishing attacks is perfectly valid, but the conclusion is all wrong. What business should be doing, I would suggest, is ensure employees are sufficiently aware of the risk of clicking on unsolicited links - an action that has led to many a successful phishing attack.

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Most Popular

REvil threatens to release Apple’s hardware schematics
ransomware

REvil threatens to release Apple’s hardware schematics

21 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Samsung Galaxy S21 Ultra review: Ultra in every sense of the word
Mobile Phones

Samsung Galaxy S21 Ultra review: Ultra in every sense of the word

22 Apr 2021