Email security

Sent an email to the wrong recipient? Email DLP can protect you.

Published on 27th Apr 2021
Evening Phone 1440X320

We’ve all felt it – the momentary panic when you press send and a work email is fired off in the wrong direction. When the email involves sensitive data, it can be a sinking feeling. But it’s important not to panic, and to think rationally.

There are some mitigating steps you can take to immediately reduce the risk of a serious breach. More importantly though, we’ll also walk you through how intelligent email DLP can protect both you and your organization from incidents such as these in the future.

What can I do right now?

Unfortunately, your options are limited once an email has been sent to the wrong person. If your message has gone to someone within your own organization, there’s a chance of recalling an Outlook email if you’re fast.

However, if a confidential email has been sent to someone outside your organization, there isn’t a whole lot you can do. The best plan is to send a follow up to apologize and request that the recipient deletes the email without reading its contents. And even though it might be embarrassing, it’s important to report the incident to your IT security team.

When it comes to misdirected email, the best method is always prevention.

How can email DLP help?

Misdirected email is a common problem – even more so after the recent boom in remote working. We’ll never be able to eliminate human error from the workplace, so it makes sense to offer employees a ‘guardrail’ to keep them safe.

Organizations can take steps such as turning off autocorrect within Outlook and Gmail and setting up ‘send delay’ functions that hold your email in an outbox for a set period of time. However, these makeshift solutions tend to create friction and problems of their own.

Another common but limited solution is to set up ‘static rules’ (e.g. you can send attachments to Company A but not Company B). The problem with rigid rules is that they don’t account for the way people actually work, which means they end up denting productivity and causing ‘click-fatigue.’ The most effective kind of email DLP is able to understand human behaviour and react to context-driven incidents.  

Egress Intelligent Email Security is an example of human layer security, which uses machine learning to adapt to the behaviour of each individual within a business. It works seamlessly in the background, only popping up with a prompt when it recognizes a genuine real-life mistake that could result in a leak of sensitive information.

How risky is going without email DLP?

From an organization’s perspective, the risks are high (and really not worth taking). In a best-case scenario, misdirecting an email can be a little embarrassing. However, in the worst case, there can be serious implications for both the individual and the organization involved.

It isn’t usually a major issue when an employee misdirects a sensitive email within their own organization. Leaking confidential data to an external party is a different story entirely. We spoke to 500 IT leaders across the US and UK in our 2021 Data Loss Prevention Report to try and understand the scale of the issue.

Over the last 12 months alone, we discovered that 83% of organizations had reported their data being put at risk directly from misdirected emails. On top of that, 37% of the surveyed businesses had experienced damage to their reputations over the same time period as a result of data loss via email.

Of course, it’s not only organizations that can be impacted by data breaches. Email DLP offers valuable protection for individuals too.

How does email DLP protect individuals?

While it’s often the organization who bears the cost of an email data breach, the impacts to individuals can be serious too. We surveyed CISOs in the Egress 2020 Outbound Email Report to find out how individual breachers had been subsequently dealt with.

In 78% of email data loss incidents, further action was taken against individuals by the organization. These varied in seriousness. Almost half (46%) received formal warnings, while in 27% of incidents the employee ended up losing their job.

These stories are concerningly common, but easy to prevent with the right tools in place. The vast majority of email data loss incidents could have been avoided if the organizations had intelligent email DLP in place!

Learn more about how human layer security protects you from misdirected email in our dedicated email DLP information hub. Or if you’re ready to start a free (no strings attached) trial, ask your IT team to get in touch for a demo.

You might also be interested in ...

Email security
DLP has failed you – and here’s what you need to do now

Legacy DLP solutions have failed to stop data breaches from happening - and you need to understand your alternatives today to prevent your incidents of tomorrow.

Email security
How risky is sending a sensitive work email to the wrong person?

Understand the true risk of accidentally hitting send to the wrong person. 

Email security
Email DLP: Everything you need to know

Traditionally, email data loss prevention software has used static rules to stop users from emailing sensitive or confidential data. Specifically, email DLP protects organizations from accidentally exposing sensitive data such as bank account numbers, passwords, credit card numbers, intellectual property, or trade secrets.