How Organizations Can Overcome Simple Email Mistakes
Training, controls and layered email security can help overcome potentially damaging staff email mistakes.
August 17, 2023
Oliver Paterson
Threats to email security are rising. In 2022, 92% of organisations fell victim to successful phishing attacks, according to a recent survey, while 91% of the respondents admitted to experiencing email data loss.
Companies make themselves, their clients and their customers vulnerable to cybersecurity incidents when they don’t implement sufficient email security strategies aimed at stopping phishing, data breaches and business email compromises (BEC). Being mindful of external cyber threats isn’t enough; organisations must consider the human element, too.
Let Me Count the Ways …
Let’s explore what businesses can do to prevent so many email-related incidents and data loss.
Incorrect email recipient: The traditional single office-based computer setup is becoming less popular within businesses as the number of hybrid employees increases. It’s easy to understand why employees don’t always verify the validity of the email addresses they’re sending information to with the increasing pressure to work harder, better and faster, especially now that smarter technology such as autofill is rapidly advancing.
Such errors could have far-reaching consequences. Just one incorrect character or autocorrect taking over is all it takes for sensitive information to be sent to the wrong inbox. And, what if that recipient’s email is intercepted by a cybercriminal, or what if they are a competitor to your business?
Sending email attachments to the wrong contact: Sending the wrong attachment to the wrong person is another common error, one which could put company data at risk. A company’s reputation could be harmed beyond repair, or competitors could be provided with an advantage upon the accidental release of confidential corporate information, such as unpatented new-product information.
What’s more, violating data protection regulations now comes with severe consequences, including General Data Protection Regulation (GDPR) and other industry-specific regulations. Businesses can take advantage of features when investing in a data-loss-prevention awareness tool that increases email security, such as prompting employees to confirm all internal and external recipients, and ensuring your intended distribution list is correct by flagging attachments that contain confidential information.
To BCC or not to BCC? It may seem simple enough to add email recipients to an email. However, if done incorrectly, it can cause repercussions for a company. Your entire contact database could be exposed due to the misuse of CC and BCC functions, exposing customer emails to competitors or potential hackers.
NHS Highland was reprimanded for a data breach in March 2023 which exposed the personal email addresses of people invited to use HIV services. This type of accident is a common error when sending emails and, in many cases, it often goes undetected or unreported. However, as none of the involved parties have consented to share their contact details with others, it is considered a data breach.
Implementing solutions that warn and educate people to use the CC and BCC fields properly should be an objective when considering technology.
Security Risks for Sensitive Information
There are several security risks that businesses dealing with sensitive information need to be aware of, such as problems arising from the use of autocomplete, reply all, errors when adding attachments and lack of user awareness about the information contained in the email’s body and attachments.
Is a data breach an accident or done with intent? Misaddressed emails are the largest source of data loss for organisations, which is not a surprise when considering that more than 300 billion emails are sent each day. Hackers use a number of techniques to take advantage of complacency within email culture. Some forge emails to appear as though they are internal, whereas they’re being sent from a spoofed domain that appears almost identical to the real thing. Employees may not notice this when working quickly and could expose the network and sensitive information by falling victim to a malware or ransomware attack.
Data breaches are also being carried out with malicious intent. An example of this is a frustrated former Morrisons supermarket employee, who conducted the Morrisons insider threat breach. The employee stole and exposed payroll data of nearly 100,000 staff members online, with the aim of disparaging the reputation of his former employer after a disciplinary incident. The company reportedly spent £2 million trying to rectify the breach.
It’s crucial to acknowledge and learn about the common email mistakes that often occur since emails account for such a big part of the way we communicate professionally, particularly when working remotely. Businesses can support their employees and reduce the risk of a data breach by implementing intuitive technology that detects and highlights errors and points out potential errors and threats.
Organisations can rapidly reduce errors without impacting employee productivity by investing in technology that informs users about poor email security techniques by providing a simple safety check and prompting them to recheck a message twice before hitting “send all.” Through this, organisations can be protected from exposing the wrong information to the incorrect person through a quick double-check of the intended recipients of emails and attachments before sending.
Build an Intelligent Defense
Foresight is crucial, but so is ensuring a company can build an intelligent defence. Implementing best practices can safeguard businesses from email threats and minimise their risk of becoming the next easy target.
These best practices include:
Introducing a strategy for layered email security
Ensuring a better security awareness amongst employees through training
Implementing controls that are email-specific
Through implementing email safeguards today, businesses will experience a more extensive effect as the company develops. Be sure any email security vendors used have security solutions that are specific to your businesses’ size and can scale with company growth.
Oliver Paterson is director of product management at Vipre Security Group. You may follow him on LinkedIn or @VIPRESecurity on X.
About the Author
You May Also Like