According to independent research conducted for the Egress Data Loss Prevention Report, 85% of employees are sending more emails than ever before and 80% of are using email to share sensitive data with clients and colleagues. To ensure users can be productive, Microsoft has continued to evolve Outlook to provide a richer and more integrated email experience for end users, adding functionality like autocomplete, clutter, and message access via the reading pane. As with most software changes, these features have been met with mixed responses. In particular, autocomplete – sometimes called autofill – has often been a cause of disagreement and the source of undesirable outcomes for organizations.
Autocomplete, or autofill, functionality has been available since the early versions of Microsoft Outlook. Once an initial email is sent to a new recipient, they will then appear in suggested recipients when you type the first few characters of their address moving forward. A contact’s place in the suggested recipient list is determined by how recently or frequently the sender has emailed them. This simple functionality provides a far better end user experience and is intended to improve productivity, as people don’t have to fully type out each address on every new email. Autocomplete also means you don’t have to add and look up every user you regularly email via the Outlook address book.
On the other hand, there are still risks involved with using autocomplete that can lead to misdirected emails and data breaches. An example of these risks include, sending a confidential email to the wrong person by selecting a suggested email address similar to that of the intended recipient, resulting in a breach of confidentiality.
Disabling autocomplete in Outlook to mitigate risk
While disabling autocomplete may mitigate some risk of data loss, it also introduces new challenges. End user productivity can be reduced by having to type every email address manually rather than using autocomplete.
Additionally, while users are prevented from sending an email to the wrong person via their autocomplete list, this approach introduces a much greater risk of misdirected emails caused by mistyping an address. Composing an email with multiple external recipients is time-consuming and increases the chances of getting one or more characters wrong. While for business email addresses this is most likely to result in an inefficient bounce back, it’s more likely that different configurations of webmail accounts are registered, which can lead to data loss.
Inevitably, employees will end up building their own ‘autocomplete list’ or address books in other applications, such as Excel, which could lead to storing other associated sensitive data locally on their device, creating further risk for the organization. There’s also still a chance that the user could select an incorrect recipient from their list.
Data Loss Prevention ReportGet your copy
How to turn off Outlook Autocomplete
The steps below show how end users can disable autocomplete in Outlook. There are also options available for administrators to disable autocomplete company-wide via registry keys or other policy settings, depending on the organizations’ needs and configurations.
Select 'File > Options > Mail'
Under 'Send messages' untick the box that says, 'Use Auto-Complete List to suggest names in the To Cc and Bcc lines'
An alternative to disabling autocomplete in Outlook
Whether Outlook autocomplete is disabled or not, there are common mistakes associated with it that lead to misdirected emails. At Egress, we take a new approach to solve this problem, so that organizations don’t need to disable Outlook autocomplete. As a result, Egress improves both employee productivity and data loss prevention (DLP).
Egress Prevent uses machine learning to analyze a sender’s behavior, email body and attachment content, and recipient/domain authenticity to deeply understand how each individual person uses email to determine whether they are about to make a mistake. A simple prompt alerts users to mistakes, such as selecting the wrong recipient via Outlook autocomplete, attaching an incorrect document, failure to use Bcc, and not encrypting sensitive information.
Consequently, Prevent ensures users send the right information to the right recipients – all with an appropriate level of protection applied when sharing sensitive information (such as using Egress email encryption, TLS, or other third-party solutions).
It’s time to think differently about disabling autocomplete in Outlook
Email Security Risk ReportGet your copy