Product Tip Tuesday: Do You Know Who’s Forwarding Company Emails to Personal Email Accounts?
December 3, 2019
2 minute read
Email forwarding is as convenient as it is seemingly innocuous. Whether it’s just one email, like a daily newsletter that you don’t want to miss, or all emails, like forwarding all of your work emails to your personal account to centralize your inbox, plenty of people have set up this feature to make their lives a little easier.
However, automatic email forwarding can not only jeopardize your data, but it can also put your company at risk of compliance breaches. For example, if an employee receives an email that contains PHI and they automatically forward it to their personal email account, this act of convenience can quickly turn into a serious HIPAA violation.
Scarier still, it can even lead to data breaches. In 2015, Middlesex Hospital discovered that an attacker had set up email forwarding rules in four users’ compromised G Suite email inboxes that resulted in a potential breach of almost 1,000 patients’ personal and demographic information.
With BetterCloud, you can automatically detect and remediate any external email forwarding (e.g., Gmail, Outlook, or Yahoo) that’s happening within your organization by creating an email forwarding policy.
First, you’ll need to create an alert that will notify you when emails are forwarded to external accounts. You can determine if the alert will be sent after a threshold number of emails is exceeded, or if you really want to lock down email forwarding, you can set the threshold to zero. The alert will look like this:
Once you publish this alert, you will be able to see in the triggered Alerts grid if anyone has forwarding enabled.
If you want to remediate this behavior, you can create a workflow using the new alert that you published in order to disable email forwarding. Your “when” statement will be the alert you just created, and your “then” statement will be “Set forwarding settings for user.” Be sure to disable forwarding in the properties toolbar.
A few simple steps in BetterCloud can help ensure that your organization remains in compliance and your corporate data remains secure.
You can learn more about automating email forwarding policies in our Help Center article.