Written by: Tyler Wright, Owner & Chief Technology Officer at Wright Way
Effective business relies on seamless communication, and email plays a vital role in facilitating both internal and external business interactions. Investing in a professional email domain, like @contoso.com, fosters a more credible and secure business environment while establishing trust in your company and safeguarding any sensitive information. Using free email accounts for business, on the other hand, can pose significant risks.
What is a “free email?”
Email services like Google, Outlook, Hotmail, and more, offer the creation of free (typically for personal use) emails. These emails end with @gmail.com, @outlook.com, @hotmail.com, @yahoo.com, @icloud.com, etc
Why do we recommend NOT using free emails for business purposes?
Account Ownership
Using free email accounts can lead to a lack of control and ownership over company data and communications. There are generally two ways free emails are used within a business: either the employee is using their own personal email that they created, or the business created a free email for the employee to use. Businesses should have a stated policy to not allow employees to create their own email for business use. However, even if the business created the free email for the employee, the business has limited control over the email because the account is tied to a specific individual rather than the business itself. The individual could change the account information without the consent of the business. If the employee leaves or is terminated and refuses to relinquish access, the business can’t take the account from them – it belongs to the individual as it’s a personal-type account.
When there is a dispute on account ownership, or loss of access either due to negligence or due to a scam attack, the business would have to go through a legal process to regain control and that would take time (months, likely).
In the case of an employee replacement, it’s beneficial for the new employee to have access to past communications with clients by accessing the old emails. If the email is lost access to, or if the past employee was using their personal email, the new employee cannot access the old emails unless the old employee takes time to move all of their emails to the new person. Furthermore, if it is the business owner that is using a personal email for business, they may have trouble splitting their personal and business emails apart when they retire or sell the business.
Account Recovery
Additionally, recovery of the email becomes complicated. The employee may tie their personal cell phone number to the account. If they lose access to the account and don’t have the recovery options set up correctly, there would be no getting back into the account. If the email account gets hacked or compromised, and the hacker changes the recovery options, there would be no way to get back into it. You are placing trust in that individual to do all the work to make sure the account remains secure. Failure to properly set up, maintain, or update security settings, such as keeping their phone number up to date, can result in the user inadvertently locking themself out. You can’t call Gmail or Hotmail (etc.) to get back into the account; when you don’t pay for it, there’s no support for it.
Compliance
Compliance is also a key factor to consider. Having a free Gmail (or Outlook/Hotmail/etc.) address and using it for sending emails for HIPAA-related items (for example) is not compliant. Google Workspace (Google’s Business email platform) and Microsoft 365 (Outlook) can be made compliant – but it’s dangerous to use a free email address that you could potentially lose access to. The second you lose that access you are no longer compliant with HIPAA because you cannot get back into it or control it. This could incur fines for a HIPAA violation as it cannot be proven that nothing was accessed or if it was accessed, and by who.
Data Backup
Finally, free email accounts have no data backup. If an account is compromised, or even if a user accidentally deletes something, there are no backup options. Paid business accounts can be configured with third-party tools to backup data to a third-party location, to protect from loss of data by accidental deletions or malicious intents. Storing files in Google Drive or Microsoft OneDrive on a personal account is dangerous. If access to the account is lost, so is access to any data stored in that account. If that account is holding sensitive information, such as financial information, or Social Security Numbers, and it is compromised, there is virtually no recourse to get back into the account and limit the damage being done. Once a bad actor has accessed a free account, you cannot kick them out and they can take their leisure time to scour the data for information.
Conclusion
While opting for free email services may seem like a cost-effective choice for your business, the potential drawbacks significantly outweigh the initial savings. With a professional business account, if something were to happen – the account is compromised, gets hacked, the employee leaves the business, etc. – the IT admins can lock down the account and clean it up before restoring functionality in order to protect the business’s best interests. We strongly recommend that businesses give a business email to people who do work on their behalf and not allow the use of personal accounts.