Of interest, the hackers didn’t breach the corporate network, but instead, hacked into a number of one particular analyst’s personal online accounts. There, they found some sensitive corporate documents they later released into the public eye. In all, three of FireEye’s customers were impacted, and so far, the company has notified two of them.
The thing that is especially illuminating about this incident is the fact that even companies that are “in the business” struggle to keep their own employees from using their personal accounts for business. That’s problematic, because of course, personal accounts don’t have to adhere to the same standards that corporate ones do. As such, they’re often less secure and easier to breach.
Since the rise of the internet, we’ve become a truly 24/7 world. Employees regularly take work home, and the easiest, most convenient way of doing that is to email whatever files they’re working on to themselves.
Business owners know this, and are happy to look the other way, because until and unless something goes wrong, they’re essentially getting free, off-hours work out of their staff. Unfortunately, of course, something always inevitably goes wrong, which is exactly how FireEye, and so many other companies in all areas of the economy wind up having to contact their customers or clients when sensitive data gets stolen.
There are no easy answers here. For most businesses, it’s an expectation, if not an unspoken rule, that their employees will put in extra time off hours and make sure the work gets done. It’s so commonplace that you’d struggle to find an employee in any industry who didn’t feel pressured to get the work done, even if it meant working from home, and until that changes, the use of personal accounts is all but guaranteed to continue.