Data Loss Prevention

The 10 most common email mistakes

by Egress
Published on 15th Jul 2019
Email Mistake Computer 1440X285 60Pc

When was the last time you made a mistake with when sending an email?

With 269 billion emails sent every day, it’s no surprise that email mistakes are a common cause of embarrassment, business inefficiency and data breaches. Chosen from conversations with global enterprise organisations and governments, as well as incidents reported in the news, here’s a compilation of the top 10 most common email mistakes according to Egress.

1. Using To/Cc instead of Bcc

This is a common email mistake that frequently hits the headlines – including recently when an energy supplier in the UK, E.On, sent an email to customers about meter readings. This email mistake happens when you’re composing an email to multiple recipients who all need to access the information but either don’t know each other or you don’t want them to know who else has received the email. Instead of putting the recipients’ email addresses in the Bcc field, and essentially hiding them from the other recipients, in this email mistake, they addresses are accidentally exposed to the rest of the list in the To/CC. As well as disclosing the email addresses, many of the high-profile incidents reported in the press have also seen highly sensitive data leaked by association with the content in the email, for example support emails that identify medical status.

2. Misdirected emails – aka the wrong recipient

Email clients like Microsoft Outlook provide suggestions (autofill/autocomplete) to help you work more efficiently – but they can also lead to significant email mistakes, as this functionality makes it easier to also add the wrong recipient to an email. Most commonly with this email mistake, recipients have the same first name or initials as the intended recipient, and accidentally get added to the address list without being noticed.

3. Wrong salutation/name

While not always the cause of a data breach, this email mistake can be highly embarrassing when you address your intended recipients incorrectly. ‘Hi Rachel’ instead of ‘Hi Rebecca’ can look unprofessional within business communications and maybe damage business relationships if it goes on for too long!

4. Attaching the wrong document or forgetting about additional tabs in spreadsheets

Attachments can cause serious compliance headaches when it comes to email mistakes. Although not the most common error, sending the wrong document to a recipient or forgetting about sensitive information in additional tabs or metadata puts this email mistake at the top of the list for significant exposures of sensitive data. Whether it’s PII or commercially sensitive information, this email mistake is typically difficult to reverse or undo.

Attachments can cause serious compliance headaches when it comes to email mistakes. Although not the most common error, sending the wrong document to a recipient or forgetting about sensitive information in additional tabs or metadata puts this email mistake at the top of the list for significant exposures of sensitive data. Whether it’s PII or commercially sensitive information, this email mistake is typically difficult to reverse or undo.
Attachments can cause serious compliance headaches when it comes to email mistakes. Although not the most common error, sending the wrong document to a recipient or forgetting about sensitive information in additional tabs or metadata puts this email mistake at the top of the list for significant exposures of sensitive data. Whether it’s PII or commercially sensitive information, this email mistake is typically difficult to reverse or undo.

5. Forgetting to appropriately secure emails

Email security (encryption) is generally seen as something the IT department should take care of, however many businesses offer users the choice of whether to apply message-level encryption. This seems like it should actually prevent email mistakes – but it’s often difficult for the average employee to understand what should be encrypted and when, or they can expose sensitive information when they accidentally forget to select the appropriate level of encryption. In addition, how does the average employee know if a domain is appropriately secured at the transport level, is TLS mandated and using the correct version?

6. Replying to a phishing email

Phishing attacks are becoming even more sophisticated and not just when harvesting credentials by clicking on links (see below). Targeted phishing attacks can take place over a long-sustained period, where the attacker tries to gain your confidence by joining and contributing in an existing email chain. You can then unwittingly start replying to a bogus email address that is similar to an expected recipient (for example, C-level impersonation) and then carry out tasks such as payment runs or purchasing online gift cards that are sent to the attacker. This email mistake is one of the most difficult to spot using traditional security technology but can have significant financial impacts.

7. Clicking on unsafe links

While we’re on the subject of phishing emails: one of the highest-profile, enduring and most successful means of phishing is when a user clicks on a malicious link within an email, is taken to familiar-looking site and tricked into entering their security credentials (Active Directory, Office365, Online Banking etc). These credentials are then used to log into genuine systems to compromise information, usually for financial or commercial gain. One of the more common ways this email mistake can happen is through fraudulent password reset emails that look like they come from specific systems or an organisation’s administrators.

8. Reply all

A bit like when an original sender uses To/Cc rather than BCC, it’s all too easy to hit ‘Reply all’ when responding to an email. Not only can this cause unnecessary email traffic (global email infrastructures have been brought down by ‘Reply all’ chains!), but if the reply contains sensitive content, this email mistake can also cause unwanted exposure which cannot be retracted.

9. The accidental forward

Forwarding an email to the wrong person is a common issue, particularly when you’re fatigued or overworked. Information is sent to you that needs to be shared with the rest of the team or someone else in your company, but for one reason or another (including autocomplete), you send it to the wrong person. Unless you’re using message-level encryption, there is really no way to retract this email mistake, and you could potentially expose the original sender’s data and details.

Preventing Email Data Loss Gated Widget Cropped

Preventing email data loss in Microsoft 365

Download here

10. Tips going forward

Given our reliance on sharing information by email, reducing the chances that these email mistakes will happen is crucial to prevent embarrassment and, critically, protect sensitive data. Some of this can relate to simply promoting better behaviour when sending emails, and there are many good-practice guidelines you can deploy to reduce these email mistakes, including:

A. Add addresses in last

Always enter recipient email addresses after you have composed your email content and added any attachments. This can give you a moment’s pause to check all the information is suitable to be sent before it’s too late.

B. Review email before clicking send

Always review your email content and recipients before clicking send
It sounds simple and can be difficult to do when you’re busy, but this could have prevented a significant number of email mistakes.

C. Never rush

It can be difficult not to rush when sending an email – it’s something you might do hundreds of times every day and often becomes second nature. But rushing and being under pressure are serious contributors to email mistakes.

D. Use the right technology

While all of these are great guidelines, human nature means email mistakes will still be made. This is where Egress can help with our award-winning intelligent software platform, which can address all of these threats and more. To find out how we can help you and your organisation, please get in touch.

Cybersecurity Experts Views On Email Risk Within Microsoft 365 Report Img CROPPED

Cybersecurity experts' views on email risk within Microsoft 365

Download report

You might also be interested in ...

Received someone else’s confidential email? Here’s what to do.

Find out what you should do when a misdirected email lands in your inbox.

What is a misdirected email?

A ‘misdirected email’ describes an instance where an email is sent to the wrong person or the wrong attachment has been added to an email that has the correct recipients in it.

Sent a confidential email to the wrong address? Here’s what to do.

Find out what steps to take right now and learn how to prevent misdirected emails in the future.