260 – Use alternative emails

Summary

The employees must not use corporate emails to register accounts on social networks (even on +LinkedIn+).

Description

Corporate email addresses are valuable targets for phishing and social engineering attacks. Registering corporate email addresses on social networks may expose employees to targeted phishing attempts or attempts to impersonate them for malicious purposes.

Supported In

Advanced: True

References

• NIST80053-PL-4_1. Social media and external site/applications usage restrictions
• FISMA-PL-4_1. Social media and external site/applications usage restrictions

Last updated

2024/01/18