InfoSec Blog - Why You Should Think Twice About Using Your UofG Email with Online Services

Letters

January 31, 2020

For students, employees, and faculty, when you become a member of the University of Guelph community, you get your very own UofG email address. It can feel very official or prestigious, and for some, using it becomes an integral part of their day-to-day life. It’s easy to think, “Hey, I have this great email address that I use all the time, so I’m going to use it for everything”! You tell your friends and family about it and it becomes one of your main communication channels. You start using it to signup for Netflix, Instagram, Facebook, and other personal services. And maybe you use it as your primary contact email for your bank, or you put it on your resume thinking “this will give me a leg up on the competition because it looks more professional than a plain Gmail address”!

While there is nothing to stop you from doing this, it’s not a good idea for several reasons:

  1. Your UofG Account Won't Last Forever - Your UofG email address has a lifecycle, which means you most likely will not have access to it forever. When you signup for personal services, the email address you provide can often be used to help verify your identity if you ever forget your password or if you want to make changes to your account. If you no longer have access to your UofG email account, you may permanently lose access to all the personal services you associated with it.

    For students especially, it’s very tempting to use your UofG email address on your resume to apply for jobs after you graduate, but if you’ve submitted resumes and lose access to your UofG email, potential employers won’t be able to contact you. Use a personal email address instead. There are other ways to prove that you were part of the UofG (list your education on your resume, provide transcripts if required, etc.), so there is no need to use your UofG email address.

    What is the lifecycle of your account? How long you get to keep your UofG email address depends on your role:

  • Students (both undergraduate and graduate) – You maintain access to your UofG email for one year after graduation. If you haven’t graduated but you step away from your studies for any reason, you maintain access to your account for two years.

  • Employees (all, including faculty) – You maintain access while you are working at the UofG. If you retiree from the UofG, you will have the option to maintain ongoing access to your UofG email for life.

  • Sessional lecturers (covered under the CUPE 3913 collective bargaining agreement) – You maintain access to your UofG email for 4 semesters following your last teaching assignment.

 

  1. Privacy - While the University of Guelph takes your privacy seriously and makes every effort to protect it, we also must abide by provincial and federal legislation. If you use your UofG email address for personal use, there is a chance that the UofG may have to review and/or provide contents of your email, including any personal correspondence, to a third-party due to a Freedom of Information (FOI) request or due to some other legal obligation.

    Keeping your personal correspondence in a separate, personal email account will ensure that your personal life remains outside the scope of the UofG’s legal obligations.

 
  1. Security – Using your UofG email for personal uses has many security implications:

  • If a security breach occurs at an external service and you’ve signed up with your UofG email account, you’re putting your UofG email account in danger! This is especially true if you use the same password for your UofG email and the service. You should NEVER use the same password for ANY email account that you use to signup for ANY service. Ideally, you should use a unique password for every online service you use.

  • Large businesses or institutions like the UofG are bigger targets for hackers since the pay-off of a successful security breach or account compromise can be far greater than the pay-off of hacking a personal email address. This means you can be exposed to more frequent and more clever phishing campaigns. And the consequences of your UofG email account being compromised? Hackers can now potentially gain access to all the external, personal services that you signed up with using your UofG email account!

  • Keeping your UofG email account for only UofG business will help limit the impact that any external security breach or personal UofG account compromise has on you. It’s like losing your debit card versus losing your whole wallet – the first means you just have to contact your bank and report the card missing, the second means you have to contact EVERYONE!

 
  1. Policies – The use of your UofG email account falls under the purview of the UofG Acceptable Use Policy (AUP). This policy “authorizes the University community to use its Information Technology Resources to fulfill and advance the University’s teaching, learning, research, service, administrative, and community development missions” and permits limited personal use of these resources. You should familiarize yourself with this policy and understand what acceptable use means and ensure you are in compliance with the policy at all times. 

 
  1. Spam – Every online service has its own idea of how it can use your personal information. The more services you sign up for with your UofG email, the more spam you are likely to receive. Limiting the number of personal services you use with your University email account will keep your inbox focused on your UofG activities so you can focus on what's most important to you.

 

Help protect yourself and the University of Guelph by using your UofG email only for your UofG activities!

 
 

Written by: Matt Searle (Senior Analyst, Information Security)