Trial Today Get in touch
close
business-laptop-mobile-phone-checking-istock-628914856
Friday July 5th 2019 | 14:00

Disable autocomplete in Outlook - are you sure?

Microsoft Outlook is the default application that employees spend most of their working day using. Microsoft has consequently continued to evolve Outlook over time to provide a richer and more integrated email experience for end users, adding functionality like autocomplete, clutter and message access via the reading pane. As with most software changes, these features have been met with mixed responses. In particular, autocomplete – sometimes called autofill – has often been a bone of contention and the source of undesirable outcomes for businesses.

Autocomplete / Autofill functionality has been available since early versions of Outlook. Once you have sent an email to a new recipient, they will then appear in suggested recipients for future emails once you have typed the first few characters of their address. This simple functionality provides a far better end user experience and is intended to improve productivity, as people don’t have to fully type out each address on every new email. Autocomplete also means you don’t have to add every user you regularly email to the Outlook address book.

There are however some undesirable risks associated with this functionality, leading some organizations to disable autocomplete in Outlook entirely.

Unvalidated suggestions added

  • If you enter a new email address incorrectly and send the email – for example, to bbo.smith@company.com rather than bob.smith@company.com – this new wrong address will be added to your autocomplete list, making it very easy to repeat the mistake in future.
  • Inbound addresses are automatically added to your suggestions, even if you have never.

The consequence of all of this is the high potential of sending a misdirected email to the wrong recipient. Research shows that 95% of IT leaders acknowledge that insider threats such as these are a concern for their organization; 79% believe employees have put sensitive company data at risk accidentally in the last 12 months, and 60% believe they will have an accidental breach in the next 12 months.

This simple and easy-to-make mistake can not only be embarrassing and inefficient but it can also be costly to the individual and business.

Disabling autocomplete to mitigate risk

One option to mitigate the risks associated to this functionality is to disable autocomplete in Outlook entirely. This solution has been adopted by many enterprise organizations, however while it may mitigate some of the risks associated with autocomplete, it also introduces some new challenges:

  • End user productivity can be considerably reduced by having to type every email address manually rather than using autocomplete.
  • While users are less likely to send an email to the wrong person in their auto-complete list, this approach introduces a much greater risk of misdirected emails caused by mis-typing an address. Composing an email with multiple external recipients is time-consuming and increases the chances of getting one or more characters wrong.
  • Inevitably, people will end up building their own ‘autocomplete lists’ or address books in other applications, such as Excel, and could end up storing other associated personal data locally on their device, creating risk for the organization.

It’s time to think differently about disabling autocomplete in Outlook

At Egress, we believe we can solve these problems in a new and innovative way that means organizations don’t need to disable autocomplete. Egress Risk-based Protection analyses user behavior, recipient/domain authenticity and security characteristics to form an opinion on whether someone is about to make a mistake when sending an email – whether caused by autocomplete or human error. Consequently, Risk-based Protection can ensure a user avoids misdirecting an email and sends the right information to the right recipients – all with an appropriate level of protection applied when sharing sensitive information (such as using Egress encryption, TLS or other third-party solutions).

For further information on how Egress can help your business to proactively mitigate Outlook autocomplete and other mistakes, please click here.

More from our bloggers


Previous Article
Re-thinking insider threats: Where traditional DLP won’t stop a leak
Top Story
CCPA and email security: Three things you need to know
Next Article
The 10 most common email mistakes
footer_cesg_2018_258x100 footer_skyhigh_89x100 NATO Common Criteria footer_bsi_iso_178x100