What are the practices you are using with respect to email user names to differentiate between employees and consultant/temps in order to limit co-employment risks associated with consultant/temps inadvertently being included in all company meetings, communications, etc.?

Security & GRCProcess Management
2.5k viewscircle icon4 Comments
Sort by:
Chief Information Security Officer in IT Servicesa year ago

Similar to what Yvonne posted - using an identifier like john.smith.ctr@xxxx.com

VP of IT in Educationa year ago

I've seen unique email addresses used - ie c-johnsmith@xxxx.com.  Then it is also easy to find them all when IT is asked.  

Director of IT in Retaila year ago

We use to give special named accounts for external, and consultant personnel.  The Full-time employees are the only ones that uses the corporate standard email addresses/network accounts.

Director of IT in Educationa year ago

We address co-employment risks by using a special subdomain for all mailboxes related to external, temporary, and consultant personnel. This approach makes it easier to distinguish them from full-time employees, and helps to filter them out from general company meetings or communications. 

Additionally, using a subdomain allows for more straightforward implementation of Role-Based Access Control (RBAC) and other types of filtering and differentiation querying across various components of our user and identity management ecosystem.

Content you might like

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Read More Comments

Digital transformation isn’t just about new tools, it’s about changing how teams work. Key lessons I’ve observed: 1. Start with process bottlenecks, not technology 2. Empower cross-functional teams 3. Measure outcomes, not outputs   What has been the most surprising lesson your teams have learned during a transformation?

Read More Comments

Which pitfalls—model bias, false positives/negatives, data quality, regulatory constraints—often impede AI-based security tools, and how can they be mitigated in a financial-services context?

Read More Comments

To what extent do you agree or disagree with this statement: I'd prefer to leverage existing on-prem compliance, policies, controls and knowledge for cloud workloads over rebuilding security and compliance in the cloud.

Strongly Agree10%

Agree60%

Neutral14%

Disagree14%

Strongly Disagree

View Results

Who decides how much security risk to take for a specific system?

Chief Information Security Officer31%

Chief Information Officer35%

Chief Risk Officer13%

Chief Executive Officer6%

Board6%

System Owner5%

Others (Please specify)1%

View Results