We’ve all felt it – the momentary panic when you press send and a work email is fired off in the wrong direction. When the email involves sensitive data, it can be a sinking feeling. But it’s important not to panic, and to think rationally.
There are some mitigating steps you can take to immediately reduce the risk of a serious breach. More importantly though, we’ll also walk you through how intelligent email DLP can protect both you and your organization from incidents such as these in the future.
What can I do right now?
Unfortunately, your options are limited once an email has been sent to the wrong person. If your message has gone to someone within your own organization, there’s a chance of recalling an Outlook email if you’re fast.
However, if a confidential email has been sent to someone outside your organization, there isn’t a whole lot you can do. The best plan is to send a follow up to apologize and request that the recipient deletes the email without reading its contents. And even though it might be embarrassing, it’s important to report the incident to your IT security team.
When it comes to misdirected email, the best method is always prevention.
Misdirected email is a common problem – even more so after the recent boom in remote working. We’ll never be able to eliminate human error from the workplace, so it makes sense to offer employees a ‘guardrail’ to keep them safe.
Organizations can take steps such as turning off autocorrect within Outlook and Gmail and setting up ‘send delay’ functions that hold your email in an outbox for a set period of time. However, these makeshift solutions tend to create friction and problems of their own.
Another common but limited solution is to set up ‘static rules’ (e.g. you can send attachments to Company A but not Company B). The problem with rigid rules is that they don’t account for the way people actually work, which means they end up denting productivity and causing ‘click-fatigue.’ The most effective kind of email DLP is able to understand human behaviour and react to context-driven incidents.
Egress Intelligent Email Security is an example of human layer security, which uses machine learning to adapt to the behaviour of each individual within a business. It works seamlessly in the background, only popping up with a prompt when it recognizes a genuine real-life mistake that could result in a leak of sensitive information.
How risky is going without email DLP?
From an organization’s perspective, the risks are high (and really not worth taking). In a best-case scenario, misdirecting an email can be a little embarrassing. However, in the worst case, there can be serious implications for both the individual and the organization involved.
It isn’t usually a major issue when an employee misdirects a sensitive email within their own organization. Leaking confidential data to an external party is a different story entirely. We spoke to 500 IT leaders across the US and UK in our 2021 Data Loss Prevention Report to try and understand the scale of the issue.
Over the last 12 months alone, we discovered that 83% of organizations had reported their data being put at risk directly from misdirected emails. On top of that, 37% of the surveyed businesses had experienced damage to their reputations over the same time period as a result of data loss via email.
Of course, it’s not only organizations that can be impacted by data breaches. Email DLP offers valuable protection for individuals too.
How does email DLP protect individuals?
While it’s often the organization who bears the cost of an email data breach, the impacts to individuals can be serious too. We surveyed CISOs in the Egress 2020 Outbound Email Report to find out how individual breachers had been subsequently dealt with.
In 78% of email data loss incidents, further action was taken against individuals by the organization. These varied in seriousness. Almost half (46%) received formal warnings, while in 27% of incidents the employee ended up losing their job.
These stories are concerningly common, but easy to prevent with the right tools in place. The vast majority of email data loss incidents could have been avoided if the organizations had intelligent email DLP in place!
Learn more about how human layer security protects you from misdirected email in our dedicated email DLP information hub. Or if you’re ready to start a free (no strings attached) trial, ask your IT team to get in touch for a demo.