Old business email policy promotes use of personal Gmail for business

New findings suggest outdated email restrictions are forcing younger users to adopt unsafe practices that could expose organizations to data loss.

Emails bounce back because the recipient's mailbox is full or an attachment exceeds email size. Often, staff will attempt to get around the problem by sending a file using a personal email account.


Andrew McGrath,
Executive commercial director

Restrictions on corporate email systems and outdated business email policies are encouraging users to find alternative ways of sending large attachments -- such as through their personal webmail accounts -- that could expose their organisations to data loss.

The findings come from new research commissioned by UK-based email management company Mimecast Ltd., and are based on interviews with 2,400 corporate email users in the UK, US, Canada and South Africa.

The study found younger users especially are prepared to find new ways of bypassing corporate rules on email, which they see as barriers to their personal productivity. In the age group under 25 -- which Mimecast has dubbed Generation Gmail -- 85% admitted they send work-related emails or documents to or from personal email accounts.

Among this group, the research also found:

  • 36% of email in younger users' work inboxes was not work-related
  • Each member of Generation Gmail sent an average of 300 emails, via personal  Gmail, for business purposes.
  • Half of these work-related emails contained attachments.

The reason for this behaviour appears to be a general frustration with corporate rules and the quality of tools offered by their employers. For instance, more than half (51%) of the under-25s said they would be less likely to resort to webmail if they had a work email box with unlimited storage, while 52% said they rated Gmail better than their work-based systems because it imposed fewer restrictions.

"With social networks and personal email a ubiquitous part of their lives, the way email is used by this demographic is bleeding into the workplace," said Nathaniel Borenstein, chief scientist at Mimecast. "The results find workers frustrated with corporate restrictions, and [they're] working around these by using personal email accounts in order not to affect their productivity or flexibility."

While respondents in this survey claimed their activities were legitimate and well intentioned, the sending of messages and attachments via an uncontrolled route leaves organisations open to the theft or loss of confidential data or valuable intellectual property.

For instance, a recent survey of British office workers carried out by Symantec Corp. found that 27% of users had removed information to take to another job, and 6% admitted taking information to show to a third party.

The Mimecast findings are supported by another new study, carried out by Virgin Media Business Ltd. (VMB) in cooperation with 10 large UK public sector bodies.

The study found that, due to employer-created storage restrictions, 69% of workers could not send or receive emails larger than 10 MB in size, and 89% were unable to send or receive emails in excess of 15 MB. The average worker could only send emails of up to 12.5 MB and had just 140 MB of space in his or her mailbox.

According to Andrew McGrath, executive commercial director at VMB, these restrictions mean that workers are frequently unable to share large PDF documents, slideshows, images and video content.

"Many workers regularly find that emails bounce back because the recipient's mailbox is full or an attachment exceeds email size limits," McGrath said. "Often, staff will attempt to get around the problem by sending a file using a personal email account, file sharing website or unsecured USB device. But, despite having the best intentions, these solutions can create more problems than they solve by potentially putting confidential data at risk."

Mimecast's Borenstein argues that the main reason for applying limits on corporate email accounts -- which was to save storage -- is no longer relevant. "Most of these mailbox limitations made sense 10 years ago," he said, "but they make no sense at all now with storage being so cheap."

His advice is to avoid setting arbitrary limits. "Whenever you make a policy, you should bear in mind that you are not just dealing with a bunch of automata who will automatically obey what you say," Borenstein said. "You are dealing with your most precious resource -- human talent -- and you need to consider how it will affect them, and how it will affect their ability to do their jobs."

Read more on Application security and coding requirements