Security researchers at DoControl have released their annual report on the software-as-a-service industry. Titled the 2024 State of SaaS Data Security Report, contains insights about how the use of SaaS assets has ballooned. Alongside that, there was a surge in employees sharing assets using personal email accounts.
On Email Sharing
Like most accounts, emails are only as secure as the person managing them. Unlike most accounts, emails are the hub of most people’s online activity, including verification for other accounts across the internet.
Given how much work is done online nowadays, emails are a staple of work life. Emails are even necessary for most entertainment platforms, like video-streaming or iGaming. That means an email account is a basic necessity to access hundreds of genre slot games like Wanted Dead or a Wild, among other digital services.
To keep work and personal life separate, many people keep a professional inbox. Many businesses will assign new employees a work email, especially if they run their own email service from the company website.
As a rule, those work emails are considered more secure than personal ones. This is just a numbers game – most people will solicit more emails of a personal nature, and connect more accounts to it. That presents more security concerns, even if they’re vague and not targeted at the user specifically.
This is why sending business information or assets through personal email is seen as a security concern, especially by larger tech companies. Vulnerabilities can happen anywhere, however, and work emails are still more likely to be targeted with other strategies by bad actors who know what they are doing.
The Report’s Findings
Using the above context, we can understand why DoControl’s discovery was alarming for the security-conscious research firm. They recorded an 182% boost in business-related assets shared through personal email accounts.
While there have always been businesses that used personal email, which is certainly viable if responsibly managed, it’s a startling increase in just a year.
The report was carried out by checking in with 1,000+ employees working at SaaS companies across the world. They specifically found participants from the US, Europe, Africa, and the Middle East region. It didn’t just include private companies, it covered services in the public sector too.
When extrapolated, the report’s data found that the average business had one employee out of six who shared assets using a personal account. In total, it is estimated that 1.3 million assets were exposed by this kind of activity.
To solve this, the report advocated nipping the issue in the bud. Teaching email security etiquette will never eliminate human errors, so instead they suggest that businesses should manage sharing permissions very strictly.
Then only approved individuals are given sharing permission which can also get revoked as soon as they are no longer needed. A dedicated segment of the report indicated that 90% of participating companies had employees who could access their SaaS framework despite no longer working there.
Email threats and outdated permissions were just two of the four areas highlighted by the report. The other two concerned third-party data sharing with the SaaS application managed by each business.
Their data claims that the average company exposed 21,000 new assets every week and productivity software like Slack received a lot of the blame, having seen a 107% boost in exposed assets using the app. Once again, the report urges that executives can solve this by being more stringent with sharing permissions.