Online Security: The Pitfalls of Web-Based Email

A lot of small businesses are using webmail, and what we mean by that is free webmail like Gmail, Yahoo, AOL, et cetera. Let’s go over why it’s not a good idea because of all of the pitfalls of web-based email.

 “Free” Isn’t Always the Best Choice for Your Business

It can be tempting. Many web-based emails are free and convenient. You open up your web browser, you’re able to get your email from your phone, from your tablet, from your laptop, et cetera.

However, we need to talk about security, because that’s where the problem lies. If you look deep enough into the licensing agreements and terms and conditions, it will clearly state in there that they have the right to sift through your email and database information for advertising purposes.

In fact, we’ve shared several articles on social media where Google is in hot water with customers because they allow developers from 3rd party apps to read your email. They were always allowing it, it’s just that most are only now realizing it’s been going on.

Two Women reading your email

Using a Free Email Service? Google allows developers for their 3rd party apps to read your emails!

HIPAA & FINRA Violations

If your business is under the legislation of HIPAA and FINRA, now you are in gross violation of those laws. The penalties are very stiff. For a HIPAA, it’s $250,000 per instance and five years in prison.

Let’s say a hundred of your customers information is hacked, that’s a hundred times $250,000 and a hundred times five years. This is very serious. Does your business have these kinds of resources readily available and do you look good in orange?

The need for businesses to watch expenses is important, but not at the extreme risk of a security breach or violation of federal law. What we recommend is that you spend a little bit of money and use your domain name with your email along with a desktop email service.

Office 365

We recommend the services of Office 365 because your business will leverage the enterprise power that exchange server has available. Until recently, this was only available to businesses that were able to spend $5,000 to $10,000. However, now you pay a small monthly fee per user and you’ll get the power of this tool.

With Office 365, your emails are synchronized between all devices you choose to link up to your email account, including your phone, your tablet, your laptop, your desktop, whatever it may be. You can access your email from anywhere in the world.

Secure Email Access

A lot of people are still accustomed to webmail because it’s convenient and familiar to them. We understand it. We don’t want to learn something new. However, there’s a very serious security risk in using webmail. From our experience, we find that most people save their credentials in their web browser.

Click to Tweet re Browser Security


What does it mean for your security if you save your credentials in your browser? Let’s say you accidentally mistyped a URL which is a web address. You meant to go to and you went to, you simply mistyped it, you misspelled it. It happens. It’s human error.

Let’s say that domain name that you typed is owned by a hacker who’s put malicious code in on their website, waiting for your typo. That malicious code can very easily grab the text file that has all of your credentials, and also has the URLs for those credentials.

This gives a hacker everything that they need to hack the accounts that have been saved in your browser. If you are saving your login credentials for your webmail or any other site, you’ve just handed your email account over to a hacker on a golden plate and said, “Please, take all of my information.”

This is even the case if you’ve been doing everything you should be doing to secure your email, like using email encryption and a third-party service to handle your emails to ensure that they are encrypted and secured. This is what happens when you use webmail and you’re saving your credentials in your web browser.


There is another security issue with webmail even if you haven’t saved your credentials in your web browser. If you click a link or you a visit a page and it has malicious code, that code allows a hacker to have complete access into your browser and do what’s called a browser hijack.

They can access sessions that are live.  This includes an encrypted session between you and a server, for instance, your email server. Your web browser has an encrypted connection to your email server, however, now those cookies can be stolen by this hacker. This is very serious, it’s very real and it does happen.

Email Security Solution

You need to use Outlook.

When you use Outlook with Exchange server, you are in 100% HIPAA and FINRA compliance if you are also maintaining data retention, meaning somebody can’t just delete emails. A serious compliance violation.

We use a third-party service called Reflexion which is managed and owned by Sophos.  Sophos is a leading information security company. Every single email that is sent and received is archived indefinitely. If you’re ever exposed to any kind of Sarbanes-Oxley, or SOX as it’s referenced, or HIPAA or FINRA audit or if you’re involved in any kind of lawsuit, you can access and retrieve these emails and get these to the proper authorities.

This keeps you in compliance with the law, will keep you out of prison, and will keep you from having headaches that you just don’t need to have in your business.

If you’re a monthly customer of 24×7 Protect IT, Inc., we offer Exchange Server through Microsoft Office 365. We handle all the administration, monitoring, backup, password recovery, and much more. We handle all of those for you and we also include our third-party spam and email retention service, Relexion.

Now that you understand the necessity and importance of email security and want to avoid the pitfalls of web-based email, contact us today to determine the best monthly service for your business.