Why forwarding emails to personal accounts is a security risk

3 min read
Previous post
Next post
Why forwarding emails to your personal account is a security risk

It’s just one email - it can’t be dangerous right? Unfortunately, lots of organizations have been burned by data leaks caused by well meaning employees forwarding emails to their personal accounts. It seems harmless, particularly for employees keen to tick off some tasks after hours. However, even once can result in a serious data incident. 

Forwarding emails to personal accounts is both a security and compliance issue. If an email contains personally identifiable information, organizations are at risk of breaching the GDPR. Private accounts can be targeted by malicious attacks, and there is no telling who else could gain access to emails.

One seemingly harmless decision could see security teams spending hours investigating, remediating and reporting the breach, resulting in large fines, reputational damage and the need to offer identity theft protection services to thousands of employees. 

But how can IT teams prevent employees from committing this risky act? 

How to stop email forwarding to personal accounts

Zivver offers an effective way of addressing this risk - we call it Exfiltration Prevention. Zivver identifies when an employee is about to forward an email to their personal email address and alerts the user to the potential risk, prompting them to stop and consider their action. 

More effective than training, Zivver intervenes only when data is at risk, encouraging security best practice without interfering with workflows. Employees are guided by non-intrusive notifications, empowering them to work securely and adhere to their organization’s security policies.

“While malicious data exfiltration is a real risk, the reality is that the vast majority of employees want to do the right thing. Real-time prompts are the best way to help employees choose well and to become a truly security-aware and protected organization.” - Wouter Klinkhamer, co-founder and CEO of Zivver


By integrating seamlessly into an organization’s existing email client (including Gmail and Outlook), Zivver prevents the leading causes of data leaks, including emails sent to the wrong recipient, misuse of Bcc/cc and more. 

Empower your employees to protect sensitive data with effortless, one-click security. Learn more.  

If you're a Zivver customer, contact your Customer Success Manager to find out more about Exfiltration Prevention.

First published -
Last updated - 12/06/23
Free demo
Free demo
Free demo

Ready for a deeper dive? So are we.