Speaking at the ISACA European Computer Audit, Control and Security Conference (EuroCACS) in Manchester yesterday, Wood said that boundaries between personal and business e-mail accounts are blurring and so placing company data at increased risk, as well as creating greater risks of compliance problems.
"PCI DSS, data protection, freedom of information and even a potential breach of e-mail service providers terms of business are potentially involved here," he said, adding that it is even possible that the employer might become a litigant in this scenario.
Wood, who is CEO of penetration specialist First Base Technologies, went on to say that the problems could get worse, as there is also potential for loss of corporate secrets along with corporate espionage and leaks to third parties.
If this data leaks to the media, it can, he explained, damage an entire organisation, and even touch all of its brands. "Competitors can steal pricing information and the organization can be the victim of corporate fraud, all because of this issue", he said.
The ISACA EuroCACS speaker added that he and his team are also seeing personal mail used for questions being asked in forums.
"Individuals may not realise it, but they may be giving away highly technical information about their organisation, as Web mail can be much less secure than normal e-mail", he explained.