Data Loss Prevention

You’ve accidentally received a confidential email. What now?

by Egress
Published on 30th Apr 2021
Confidential Secret Private Security 1003X250 36Kb

Emailing confidential information to the wrong person can be embarrassing at best – and in the worst-case scenario it can be highly risky for both the organization and the individual involved. But what about when the shoe is on the other foot?

If you’ve received a confidential email, it's important to handle it with care. Whether it's a personal message from a friend or a business-related communication, it's essential to respect the sender's wishes for privacy. In this blog, we'll explore some steps you can take to ensure that you handle a confidential email properly, protecting both the sender and yourself.

From determining the best way to respond to the email to ensuring that the information remains secure, we'll provide you with the knowledge you need to handle a confidential email with confidence. Here’s what to do when a confidential email meant for someone else lands in your inbox. 

You’ve received a confidential email – do you know the sender?

Of course, sometimes misdirected emails are simply spam and can be ignored or deleted. If you keep getting emails from mass marketing lists meant for someone else and it becomes irritating, you have a couple of options. Outlook and Gmail both have functions to ‘mark as junk and delete,’ plus you can block the sender.

There are other occasions when we might receive an email that was clearly meant for someone we know. For example, someone in your organization’s finance team might accidentally email sensitive customer data to someone in another department. Instances like these are surprisingly common, especially in larger businesses when autocomplete gets confused over similar names.

Things are obviously pretty easy when this happens within your own organization. You simply let the sender know you’ve received it by accident, then they can rectify their mistake and you can delete the email. When you don’t know the sender, but the email is clearly confidential and sensitive, things are little more complicated and you have a decision to make.

Should you respond if you accidentally receive a confidential email from a stranger?

From an ethical standpoint, you don’t need to do anything when you receive an email from outside your organization. A degree of common sense can be used. If the email is clearly unimportant, you just delete it and move on. On another day though, you might receive something that looks important to someone’s life or career and consider getting involved.

By accidentally sending something confidential to you, the sender might have unwittingly caused a data breach. This could be a seriously risky situation for both the individual and the organization in question. Especially if the email contains any personally identifiable information relating to the business’s employees or clients.

Responding to the sender and letting them know their mistake is a decent thing to do on two fronts. Firstly, it means they’re unlikely to bother you with misdirected emails again. And secondly, you could be saving someone’s job by helping them stop a data breach. Having said that, you’re under no legal obligation to do anything at all – the decision is yours.

In conclusion, receiving a confidential email can be a delicate situation, but with the right approach, you can handle it with confidence. Whether you're dealing with a personal message or a business-related communication, it's important to respect the sender's wishes for privacy.

By considering your options and taking steps to protect the information, you can handle a confidential email in a responsible and professional manner. The key is to be respectful of the sender's privacy and to take steps to ensure that the information remains secure.


Preventing Email Data Loss Gated Widget Cropped


Preventing email data loss in Microsoft 365

Download here

How to avoid misdirecting your own emails

Having your job on the line and panicking about whether a random recipient is going to do the right thing is not a position you want to find yourself in. Unfortunately, that’s how serious misdirected email can be in the current landscape of data privacy. The bare minimum you can to do protect yourself is double-checking the recipient email address (especially when autocomplete is involved), the cc field, and the Bcc field. You’ll also want to double-check any attachments.

We say that’s the bare minimum because we’re all only human – and it’s not possible to catch every mistake or typo over the course of your whole career. Organizations can set up static rules (for example, you can send emails to business A but not business B), but these traditional methods are rigid and unreliable. They also rely on constant prompting that can give even the most diligent employees ‘click fatigue’ after a while.

The best solution for avoiding misdirected email altogether is through intelligent email data loss prevention (DLP) technology. Egress Prevent is able to adapt to your individual behaviour through machine learning and helps you to catch context-driven mistakes such as adding the wrong recipient, attaching the wrong file, or forgetting to use Bcc instead of cc. This is far more preferable for the end user too, as they only get prompted in real time when a genuine mistake has occurred. 

Cybersecurity Hype Reality Transp

How to separate cybersecurity hype from reality

Get your copy

You might also be interested in ...

Received someone else’s confidential email? Here’s what to do.

Find out what you should do when a misdirected email lands in your inbox.

Egress named as a representative vendor in the Gartner Market Guide for Data Loss Prevention (DLP)

Industry analyst Gartner recently published their 2022 report on the state of the DLP market. They consider DLP a mature technology but do talk to the emergence of next generation data security tools for insider risk management and cloud use cases.

Email DLP: Everything you need to know

Traditionally, email data loss prevention software has used static rules to stop users from emailing sensitive or confidential data. Specifically, email DLP protects organizations from accidentally exposing sensitive data such as bank account numbers, passwords, credit card numbers, intellectual property, or trade secrets.