Tech Memo – Business Owners | Do You Have Control Over Staff Email Accounts?

Want my podcasts and blog posts delivered to your inbox? Click here to subscribe

To listen to the podcast version of memo click here —> Podcast Version

This memo is for business owners whose staff members have email accounts used in their business. 

Imagine one of your vital staff’s email accounts is no longer available. 

Imagine the entire history of those emails was gone. This is a disaster and it is something that happens to business owners far too often.

There are different levels of email security.

Staff email systems can be linked to your website. For example, I might have staff1@chriswhalencpa.com or chris@chriswhalencpa.com. Having emails directly linked to your website is a more secure way for you to maintain control over your company’s email data being used by your staff.

Some people use GMail Workspace, which is a hybrid type that is linked to your domain but using GMail. 

Others just have their staff create their own email accounts, using GMail or Yahoo for example. This is the least secure method and I strongly advise against this. 

When a GMail account is set up, recovery information is entered such as a phone number or alternate email account. This is used in case a password is forgotten. 

For any staff member’s email, your information, phone number and recovery email, must be what is entered or you may never be able to recover those emails. 

Quick example. Staff member quits and refuses to give you the current email account password. They originally set the email up, so the recovery email and phone number that GMail has is THEIR information. So, when you attempt to recover that GMail account by clicking on FORGOT PASSWORD, the GMail system will be sending text messages and emails to your former staff member to attempt that recovery. We can see what a terrible position this puts you in, especially when you have a disgruntled former employee who is not cooperative. You are permanently locked out and those emails, that are vital to your business, are lost forever.

I want to urge all business owners to immediately do an inventory of all company related email accounts. If any of your staff is using an email they created, transition them to an email account that you create and control. 

Do this today, in fact, do this right now.

The next step is to make sure you have all of those emails backed up in a secure location that only you have access to. Why? Because, as I asked at the start of this memo, what if you suddenly do not have access to a staff member’s email history? What if it was deleted, even by accident? 

If you are allowing your staff to create their own work emails with Gmail or Yahoo, or allowing them to use their personal emails, I urge you to stop this practice immediately.

My suggestion is to institute an email system that is completely in your control and creates emails that are YOUR property, not your staffs’.

This email system can be linked to your company’s domain name. A more sophisticated system would include some of the safeguards I am suggesting here.

So, do you have all the login information for your staff’s email accounts? Do you test this information regularly to make sure that passwords haven’t been changed? Have you made sure that the recovery information for those email accounts is your information and not your staff member’s?

Do not try to institute a new email system on your own. That would be like using Turbo Tax to prepare your own taxes. That is a complete disaster and a terrible mistake. 

There are very easy ways to protect your staff’s emails. Mirrored backups, forwarding of emails, etc. 

Make sure to use an email professional who will give you a fully documented system, including instructions for future maintenance and additions. Make sure you test the disaster recovery procedures, so in the future, you will be able to access the backups of all of your staffs’ email account easily and quickly. 

One last important point. Emails are official business documents that are admissible in court. They should be treated with that level of respect. They need to be archived and accessible on a moment’s notice for the daily running of your business and if a legal matter arises where they may be vital evidence to protect you in court.