Skip to content

Product Tip Tuesday (Remote Work Edition): Detect Email Forwarding to Personal Email Addresses

Kim Solow

April 7, 2020

2 minute read

PTT EmailForwarding

The lines between home and work life are blurring these days. As more and more people are working from home, we had a theory that employees might be taking actions to streamline their work life—actions that don’t necessarily take your company’s security into account.

We ran an analysis of our customers’ environments and found that since March 14th, over 50% of our customers had an increase in employees enabling email forwarding from their work account to another account as compared to the three weeks prior. This amounted to a 24.7% increase in the number of employees forwarding their work email. With the recent shift to remote work, it’s possible that users are using their personal devices for work, and may feel inclined to forward their email in order to have one streamlined inbox.

While this behavior can be completely innocuous, it can jeopardize your data and put your company at risk of compliance breaches. For example, if an employee receives an email that contains PHI and automatically forwards it to their personal email account, this act of convenience can quickly turn into a serious HIPAA violation.

With BetterCloud, you can automatically detect and remediate any external email forwarding (e.g., Gmail, Outlook, or Yahoo) that’s happening within your organization by creating an email forwarding policy.

First, you’ll need to create an alert that will notify you when emails are forwarded to external accounts. You can determine if the alert will be sent after a threshold number of emails is exceeded, or if you really want to lock down email forwarding, you can set the threshold to zero. The alert will look like this:

An alert setup interface for forwarding emails to Gmail, featuring fields such as conditions, timing, and a circled threshold field set to 0. Includes a live chat option in the bottom corner for support.

Once you publish this alert, you will be able to see in the triggered Alerts grid if anyone has forwarding enabled.

If you want to remediate this behavior, you can create a workflow using the new alert that you published in order to disable email forwarding. Your “when” statement will be the alert you just created, and your “then” statement will be “Set forwarding settings for user.” Be sure to disable forwarding in the properties toolbar.

Dashboard interface displaying email forwarding settings related to Google Alerts. The screen highlights a specific rule triggering when forwarded emails to Gmail exceed a certain threshold. Various conditions and actions are listed, including options for setting limits, defining alert parameters, and specifying recipient email addresses. The design features cleanly organized sections with labeled fields and checkboxes for detailed customization of alert behaviors.

A few simple steps in BetterCloud can help ensure that your employees don’t take an action out of convenience that puts your organization at risk.

You can learn more about automating email forwarding policies in our Help Center article.

Categories