In many low-income countries like Sierra Leone, The Gambia, Liberia, Ghana, Nigeria, and Kenya, it’s common for government employees, educational institution staff, NGO workers, and private company staff to use private email services like Gmail, Hotmail, or Yahoo for official communications.
This practice has deep roots — and serious consequences for information security, privacy, transparency, accountability, and organizational credibility.
In the age of AI-generated misinformation, scams, and alternative truths, official communications must be authentic, verifiable, and secure. Yet, when a supposed government officer emails you from [email protected], would you trust them enough to send confidential documents? How would you verify their authority? What happens when they leave the organization — how do you know their access has been revoked?
The use of private emails isn’t just unprofessional — it’s dangerous.
Organizational Challenges
1. Business Priorities
Most organizations in these countries do not prioritize IT infrastructure. Information systems are seen as optional “nice-to-haves,” not critical enablers. Budgets favor salaries, logistics, and overheads — leaving IT investments neglected.
Solution: Boards and management teams must recognize that secure communication is mission-critical. It should be treated as a core infrastructure expense, like electricity or rent.
2. Total Cost of Ownership (TCO)
Building and maintaining email systems with official domains (.gov, .edu, .org) isn’t free. Domain registration, hosting, backups, and support contracts add up. Many organizations start strong but can’t sustain payments, causing service disruptions.
Solution: Organizations must budget multi-year IT service plans, not just one-time purchases. Include renewals, upgrades, and incident response costs in planning. Negotiate with vendors for installment or flexible payment options to ease financial strain.
3. Availability of Reliable Service Providers
The market is flooded with small resellers, many with weak financial standing. They often use personal overseas cards to pay for enterprise services on behalf of clients. When payments lapse, services are suspended without warning, and critical data is lost.
Solution: Organizations should vet and contract established IT firms with verifiable references. Service Level Agreements (SLAs) should include downtime penalties and data protection clauses. Payment should be secured in advance to avoid mid-cycle suspensions.
4. Policy Enforcement
Even where email and security policies exist, they are rarely enforced. Employees openly conduct official business on Gmail because nobody holds them accountable.
Solution: Organizations must implement and enforce strict Acceptable Use Policies (AUP). Violations should lead to disciplinary actions. Monitoring and periodic audits of email usage should become standard.
5. Transparency and Accountability
There is little demand for organizations to disclose their security practices publicly. As a result, few are motivated to invest in robust, auditable IT systems.
Solution: Introduce mandatory IT transparency reports for all major institutions, similar to financial audits. Donors and regulators should demand verifiable proof of cybersecurity measures before releasing funds or renewing licenses.
6. Privacy and Data Protection
Most low-income countries either lack data protection laws or have new and poorly enforced laws. Without regulatory pressure, organizations don’t feel compelled to protect sensitive data.
Solution: Governments must enact and enforce strong data protection laws. Organizations should be legally liable for breaches caused by misuse of personal or organizational data.
7. Information Security Requirement
Since many processes are still manual (paper-based), leadership does not feel the urgency to secure information systems.
Solution: Leadership training is crucial. Decision-makers must understand that digital records — even limited ones — need protection. Mandate basic cybersecurity training for all top-level staff.
Staff Challenges
1. Fear of Losing Data
Staff have repeatedly seen systems fail: emails lost after domain expirations, migrations gone wrong, or unpaid vendor suspensions. They prefer private accounts because they own and control them.
Solution: Organizations must guarantee data portability and backups. Staff should be reassured that their historical data will be preserved no matter the vendor.
2. Corporate Espionage
Personal emails make it easier for individuals to take sensitive information when they leave. Organizations cannot monitor external accounts, allowing data theft to go unnoticed.
Solution: Use official email systems tied to organizational directories. Disable accounts immediately when an employee resigns or is terminated. Implement Data Loss Prevention (DLP) tools to monitor sensitive data movement.
3. Corruption
Private emails allow corrupt practices to happen outside organizational oversight. Unauthorized deals, bribery, and misappropriations flourish without an official paper trail.
Solution: Mandatory use of corporate email for official communications, combined with internal audits of email records, is necessary. Independent oversight bodies should enforce transparency.
4. Transparency and Accountability
When official communication happens on Gmail or Yahoo, it’s easy to delete evidence before a court or investigation requests it.
Solution: Emails must be archived for set periods — typically 7+ years — even after employees leave. Enterprise email solutions like Google Workspace or Microsoft 365 make retention easy and legally compliant.
5. Privacy and Data Protection
Staff fear corporate IT might snoop on them. Free personal accounts feel more “private,” and since they are tied to a third party (Google, Microsoft, Yahoo), employers cannot demand access.
Solution: Organizations must establish clear, ethical privacy policies for official email systems. IT administrators cannot arbitrarily read emails without cause, and audits should require top-level authorization.
How We Know This
We aren’t guessing. We are a service provider in Sierra Leone with over 20 years of hands-on experience supporting government MDAs, universities, NGOs, and private companies.
We have:
- Migrated clients from failing services to stable platforms.
- Interviewed hundreds of organizational heads and staff.
- Witnessed lost data, unpaid services, collapsed systems, and successful turnarounds.
- Maintained some client systems for 15+ years, keeping them running even when payments were delayed by months or years.
We have learned that trust and reliability matter more than technology itself. Organizations stay with us because we care about their data more than their invoices. This level of commitment, sadly, is rare.
Final Thought
Your email domain is your public identity if you are a serious organization — whether a government, university, NGO, or private business.
If you let your staff conduct business from staff.name @gmail.com, don’t be surprised when people don’t take you seriously — or when sensitive information leaks without your knowledge.
Professionalism starts with secure, official communication.
It’s time to act.
