We’ve all had that sinking feeling. The one that comes when you send an email to the wrong person, and all you can do is follow up with an Outlook email recall or ask them to delete it.
Next, you have to figure out whether your mistake put data at risk. At best, you’re a bit red-faced and have wasted a bit of time, but no damage has been done. At worst, you’ve breached personal customer data or sensitive corporate information – and you have to report this to your boss and face the consequences.
Email is the world’s most popular business communication tool with around 269 billion emails sent daily. And yet employees are actually mis-sending a significant number of these and regularly putting sensitive data at risk. The ICO, for example, reported a 46% increase in the number of reported data breach incidents caused by emailing the wrong person for April – June 2017, which followed a 20% increase for January – March 2017. On top of this, incidents reported due to mass emails where recipients were in the To / Cc fields, rather than the Bcc, increased by 19% between April – June 2017, again following an increase from January – March 2017 (9%).
Beware the EU GDPR
The EU General Data Protection Regulation (GDPR) is rightly getting a lot of airtime within organisations at both a cybersecurity and a board level. This comes in direct response to the hugely significant changes the legislation will make to how data owners collect, handle, process, share and retain data.
Significantly, any breach that puts sensitive data at risk must be reported to the ICO and to the data subjects where their rights and freedoms might be impacted. This not only opens organisations up to regulatory penalties but also to litigation by clients whose data wasn’t adequately protected.
With mandatory breach reporting enforced by law, it is realistic to expect a spike in the number of data breach incidents referred to the ICO from May 2018 – including those caused by emails sent to the wrong person.
It's not just a question of personal data
The GDPR certainly represents a much-needed opportunity to ensure all organisations are handling personal data responsibly and securely. However, forward-thinking organisations will also be able to recognise the importance of ensuring the measures taken can also be applied to corporate data, such as intellectual property, financial reports, contracts and business strategy documents.
Plus, when it comes to corporate data, the accidental email can also become an intentional one.
Recent research showed that 20% of people have intentionally shared their organisation’s sensitive data with a range of recipients, including competitors, future and previous employers, friends and family, and the press.
It makes sense, therefore, that organisations should be able to prevent not just a personal data breach but also protect themselves from corporate data being leaked.
We need to make email safer for everyone to use
At Egress, we think that every email should reach the right recipient(s) every time. That’s why we’ve developed technology to help you do just that, with an add-in to check and confirm your email recipients.
As a privacy and risk management company, we believe this will help organisations significantly reduce the number of data breaches that email causes – which is good news in light of the EU GDPR. Additionally, we can help you protect your corporate assets from both accidental and intentional leaks. Finally, it’s also good business sense to ensure every email your employees send is effective, just simply by making sure it gets to the right person at the right time.