With the ease of sending emails comes the risk of errors and sensitive data being leaked. Yet, only in some situations can misfired emails be taken back. In this interview with CEO Paul, we explore common questions related to email recall and human error.
Learn why email errors are so pervasive, how your organisation can protect against them, and the common mistakes businesses make.
📹 Watch the video on YouTube
Key Takeaways
- Learn about shared responsibilities in protecting email data between senders, recipients, and organisations.
- Understand the significance of human error in data breaches and the underestimation of its impact by businesses.
- Discover immediate actions to take if an email is sent in error and the role of technologies in preventing such mistakes.
Interview Summary
Q: How common is sending an email in error?
A: Sending emails in error is relatively common. It can happen to anyone, regardless of their level of experience with email. It's the top cause of data incidents and a mistake that can happen for various reasons, including accidental clicks, autofill errors, or lapses of concentration.
The standard email providers don't seem to offer the right tools to protect against this. For example, you can recall an email in Outlook, but only in very limited contexts. That can create anxiety on behalf of users, and it leaves organisations without an avenue for data recovery.
Q: Who is responsible for making sure email data is protected?
A: The responsibility for ensuring email data is protected falls on both the sender and the recipient. Organisations, however, have a responsibility to their customers in implementing security measures, such as encryption and authentication, to safeguard email communications.
Although many businesses may not directly leak sensitive data via email, encouraging customers to send personal information unsecured could mean they fall short of their duty to consumers. This is especially concerning in highly regulated industries where businesses are entrusted with a lot of information.
Q: What is considered data that needs to be protected?
A: Data that needs protection in emails includes sensitive and confidential information, such as personal identification details (e.g., addresses and passport numbers), financial information (e.g., bank account numbers and sort codes), medical records, proprietary business data, and any other information that, if exposed, could lead to harm or unauthorised access.
On a human level though - anyone sending sensitive data should consider if they would want their data shared in the same way. If it's information that you wouldn't want a cyber criminal to get hold of, or could be embarrassing if it was sent to the wrong person, it needs protecting.
Q: Who do we need to protect email data from?
A: Data in emails should be protected from unauthorised access by individuals or organised entities, including hackers, cybercriminals, competitors, and anyone who may misuse or exploit the information for personal gain or malicious purposes.
It's important to understand that industrial-scale organisations are scraping internet data, looking for information to exploit for financial gain. Email is a prime target because it's most often used in business contexts and transactions.
Q: Is human error a risk many businesses underestimate?
A: Human error is absolutely a significant risk that many businesses underestimate. It's the leading cause of data breaches and security incidents. Training and awareness programs are crucial to reducing the impact of human error. But there are many technologies that remove the burden of responsibility from individuals by putting safeguards in place.
It's crucial that protecting data is not left wholly to individuals, as mistakes can be reduced but not wholly avoided. Technology can deploy unilateral barriers that increase company-wide coverage. It can also reduce the anxiety around human error for employees, enhancing wellbeing.
Q: What are the consequences of an email misfire?
A: The consequences of an email misfire can vary depending on the content of the email and who it was sent to. It can lead to privacy breaches, loss of sensitive data, damage to reputation, legal liabilities, and financial repercussions. Severe fines can be imposed by regulators for businesses who compromise customer data.
Additionally, the stress caused by an email error involving sensitive data can impact an individual's mental health.
Q: What should you do if you send an email in error?
A: If you send an email in error, it's important to act quickly. You should notify the recipient of the mistake, apologise if necessary, and ask them to delete or not access the email. You may be able to recall the email under certain circumstances if you use Outlook. If you use a secure email solution like Mailock, you can revoke access completely.
You also need to inform your organisation's IT or security team so that they can assess the situation and take any necessary actions to mitigate risks. If you've leaked sensitive data, you must notify the ICO (Information Commissioner's Office) within 72 hours.
Q: About Mailock secure email… is the revoke function used often?
A: The usage of the revoke function in Mailock secure email or any secure email system can vary depending on individual preferences and organisational policies. However, I rarely see it used at the individual level because it also provides recipient authentication.
If you make sure you authenticate the identity of your recipients for access, it's unlikely you'll be in a situation where you need to revoke it. Nevertheless, a revoke function is a nice comfort blanket.
Email data protection is a shared responsibility between senders, recipients, and organisations. Human error is a real risk that should not be underestimated, and prompt action is essential if an email is sent in error. Secure email systems like Mailock can provide additional safeguards, including the ability to revoke emails sent in error. Ultimately, the consequences of letting sensitive data escape can be severe, highlighting the importance of robust email data protection measures.
Reviewed By:
Sam Kendall, 05.06.24
Sabrina McClune, 05.06.24