A cleaning company in Kacyiru got hacked last year. Not their bank account. Not their website. Their Gmail. Someone sent a phishing link that looked like a Google login page. The owner clicked it, entered her password, and within an hour the attacker had access to every email sheâd ever sent. Client contracts. Bank details. Supplier terms. Three years of business communication, gone.
She couldnât get the account back for eleven days. Googleâs support for free accounts is⊠well, there isnât any. She filled out recovery forms and waited. Meanwhile her clients were getting fake invoices from her email address asking for payment to a different account.
Free email has no admin controls
When you use a free Gmail or Yahoo account for business, youâre using a consumer product. Itâs designed for personal use. Thereâs no way to enforce two-factor authentication across your team. No way to set password policies. No way to remotely wipe a device if an employee leaves or their phone gets stolen.
With a paid business email â Google Workspace, Microsoft 365, or similar â you get an admin console. You can require strong passwords. You can force two-factor authentication for everyone. You can see who logged in from where. You can revoke access instantly.
You donât own your free email
Read Gmailâs terms of service. Google can suspend a free account for any terms violation â real or suspected. When that happens, your business email is gone. All of it. Your contacts, your history, your invoices, your contracts.
With business email on your own domain, you own the domain. If Google suspends your workspace account (rare, but possible), you move to another provider and keep your email address. The domain is yours. Your [email protected] goes with you wherever you go.
The phishing problem is worse for small businesses
Phishing attacks increasingly target small businesses because theyâre easier marks than corporations. No IT department. No email security training. No advanced spam filtering. A free Gmail account has decent spam filtering for consumer email, but it lacks the enterprise-grade protections that catch sophisticated business email compromise attacks.
Business email providers include features like:
- Advanced phishing detection that flags suspicious links
- Email authentication (SPF, DKIM, DMARC) that prevents spoofing of your domain
- Audit logs showing exactly who accessed what and when
- Data loss prevention policies that flag sensitive information leaving your organisation
- Remote device management so you can wipe a stolen phone
The cost of getting hacked
That cleaning company? She estimates the hack cost her about RWF 3 million. Lost clients who didnât trust her email anymore. A fake invoice that one client actually paid (RWF 800,000 to the wrong account, never recovered). Eleven days of business disruption.
Business email costs RWF 5,000â15,000 a month. The hack cost her more than two years of business email subscription. In one incident.
What to do right now
- Enable two-factor authentication on your current email (even if itâs Gmail â do this today)
- Get a domain and set up business email. Kisimenti bundles this with your website, or use Google Workspace or Zoho directly
- Never click links in emails asking you to âverify your accountâ â go to the site directly instead
- Use different passwords for your email and everything else
- Train your team: 90% of hacks start with someone clicking the wrong link
Security isnât exciting. Nobody wakes up wanting to think about email authentication protocols. But getting hacked is a lot less exciting. Spend the RWF 5,000 a month. Sleep better.