In-depth

My email address is [CENSORED]

In this week's column, Davey Winder looks at whether businesses should keep email addresses secret.

How public should your email be? That's a question many of us do not really think about, especially within the world of business.

After all, your email address is really no different to your street address, is it? The closest dictionary to hand on the iPad I am writing this on (WordWeb if you are interested in such things) confirms my understanding that an address is defined as "the place where a person or organisation can be found or communicated with," be that a geographic location or something non-corporeal such as a web or mail server that exists in the cloud.

The point being that an address, be it office, web or email, exists to enable your customers to contact you. So why is one security vendor warning business users that revealing their email addresses is a security risk?

Now that, it seems to me, is something on a backwards approach to the phishing problem.

Here's what Websense Security Labs has to say on the matter after conducting research into the number of email addresses appearing on Twitter: "Thousands of businesses and consumers are putting themselves at risk each day by publicly revealing their email addresses on Twitter." The company goes on to argue that because those addresses are "connected with their inboxes, social media identities and bank accounts" it leaves business users exposed to "advanced social spear phishing attacks."

Carl Leonard from the Websense Security Labs goes as far as to warn businesses using social media to communicate with customers that they "need to consider ways to ensure that employees are protected from these new threats." Furthermore, employers should "re-evaluate acceptable use policies to discourage staff from sharing email addresses on Twitter." Now that, it seems to me, is something on a backwards approach to the phishing problem.

To suggest that acceptable use policies need updating to make placing already-public email addresses on social media some kind of hanging offence is, frankly, daft. The warning that cyber criminals could use the addresses, together with associated information harvestable from public services, to launch spear phishing attacks is perfectly valid, but the conclusion is all wrong. What business should be doing, I would suggest, is ensure employees are sufficiently aware of the risk of clicking on unsolicited links - an action that has led to many a successful phishing attack.

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

Education and government most at risk from email threats
phishing

Education and government most at risk from email threats

26 Nov 2021
Pizza chain exposed 100,000 employees' Social Security numbers
data breaches

Pizza chain exposed 100,000 employees' Social Security numbers

19 Nov 2021
83% of critical infrastructure companies have experienced breaches in the last three years
cyber security

83% of critical infrastructure companies have experienced breaches in the last three years

11 Nov 2021
Attackers use CSS to fool anti-phishing systems
phishing

Attackers use CSS to fool anti-phishing systems

11 Nov 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

30 Nov 2021
How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

24 Nov 2021