A risk for all organisations
It is no surprise that the ICO recently reported that emailing data to the incorrect recipient was one of the most common data breach types.
Email is the primary method of communication for most businesses in 2021. The speed and convenience of email is invaluable, but it also comes with risks. Most people have at some point made the dreaded mistake of entering the wrong email address in the ‘to box’ and hitting send!
Preventative actions
Like with most human error related breaches, it would be very difficult to stop such breaches occurring all together, but there are a number of preventative actions you can take to reduce the likelihood of occurrence and mitigate the potential impact…
Train Staff
Annual data protection training for all staff can help colleagues understand the importance of taking due care when emailing personal data, pausing to double check before sending an email can make all the difference.
Use secure email
Most secure email packages will afford you the ability to remove the recipient’s access from the email and provide with you a clear audit history to assess whether the email has been viewed and whether its contents has been downloaded.
Promote recall awareness
Explain to staff that there is a recall feature available. For those businesses using Microsoft Outlook, you can recall or retract messages in limited circumstances. You must be using a Microsoft Exchange email system, and you must be on the same Exchange server as the recipient. Therefore this feature is usually limited to correspondence within your organisation depending on the scope of your exchange server.
Avoid including personal data in the email subject
By making a policy decision not to include personal data in the subject of emails you can better manage containment in the event of a breach. One of the most of the effective containment activities is to obtain confirmation that the email sent in error has been deleted before it has been opened and read. If you have included personal data in the subject line you will need factor in that this data has been viewed.
Promote the issue
By engaging discussion and reminding colleagues of the risk and best practice, they are more likely to afford due care and attention to try and avoid these mistakes.
Data Loss Prevention (DLP) in email
Your organisation can apply DLP features to your email exchange server to prevent certain information leaving the organisation. It is always important to balance these policy decisions to ensure that they do not generate a hindrance to key business operations.
Check contact details
Regularly review contact details to check you the most up to date and accurate contact details
Containment activity
It is essential to prepare your organisation for the likelihood of data breaches occurring you will need:
- Clear data breach reporting procedures
- Clear containment response plans
Here at Midland Data Protection, we can offer a range of support mechanisms to help protect your organisation against these data breaches from conducting staff training right through to drafting incident management procedures. Contact us for a discussion.