How Can You Prevent Data Being Emailed to The Incorrect Recipient?

A risk for all organisations

It is no surprise that the ICO recently reported that emailing data to the incorrect recipient was one of the most common data breach types.

Email is the primary method of communication for most businesses in 2021. The speed and convenience of email is invaluable, but it also comes with risks. Most people have at some point made the dreaded mistake of entering the wrong email address in the ‘to box’ and hitting send!

Preventative actions

Like with most human error related breaches, it would be very difficult to stop such breaches occurring all together, but there are a number of preventative actions you can take to reduce the likelihood of occurrence and mitigate the potential impact…

Train Staff

Annual data protection training for all staff can help colleagues understand the importance of taking due care when emailing personal data, pausing to double check before sending an email can make all the difference.

Use secure email

Most secure email packages will afford you the ability to remove the recipient’s access from the email and provide with you a clear audit history to assess whether the email has been viewed and whether its contents has been downloaded.

Promote recall awareness

Explain to staff that there is a recall feature available. For those businesses using Microsoft Outlook, you can recall or retract messages in limited circumstances. You must be using a Microsoft Exchange email system, and you must be on the same Exchange server as the recipient. Therefore this feature is usually limited to correspondence within your organisation depending on the scope of your exchange server.

Avoid including personal data in the email subject

By making a policy decision not to include personal data in the subject of emails you can better manage containment in the event of a breach. One of the most of the effective containment activities is to obtain confirmation that the email sent in error has been deleted before it has been opened and read. If you have included personal data in the subject line you will need factor in that this data has been viewed.

Promote the issue

By engaging discussion and reminding colleagues of the risk and best practice, they are more likely to afford due care and attention to try and avoid these mistakes.

Data Loss Prevention (DLP) in email

Your organisation can apply DLP features to your email exchange server to prevent certain information leaving the organisation. It is always important to balance these policy decisions to ensure that they do not generate a hindrance to key business operations.

Check contact details

Regularly review contact details to check you the most up to date and accurate contact details

Containment activity

It is essential to prepare your organisation for the likelihood of data breaches occurring you will need:

  • Clear data breach reporting procedures
  • Clear containment response plans

Here at Midland Data Protection, we can offer a range of support mechanisms to help protect your organisation against these data breaches from conducting staff training right through to drafting incident management procedures. Contact us for a discussion.

Sign Up to Receive Articles and Information about our Services

To view our privacy notices please click here