Microsoft Outlook is the default application that employees spend most of their working day using. Microsoft has consequently continued to evolve Outlook over time to provide a richer and more integrated email experience for end users, adding functionality like autocomplete, clutter and message access via the reading pane. As with most software changes, these features have been met with mixed responses. In particular, autocomplete – sometimes called autofill – has often been a bone of contention and the source of undesirable outcomes for businesses.
The autocomplete functionality in Outlook
Autocomplete / Autofill functionality has been available since early versions of Outlook. Once you have sent an email to a new recipient, they will then appear in suggested recipients for future emails once you have typed the first few characters of their address. This simple functionality provides a far better end user experience and is intended to improve productivity, as people don’t have to fully type out each address on every new email. Autocomplete also means you don’t have to add every user you regularly email to the Outlook address book.
There are however some undesirable risks associated with this functionality, leading some organisations to remove autocomplete in Outlook entirely.
The problem with Outlook autocomplete
- If you enter a new email address incorrectly and send the email – for example, to firstname.lastname@example.org rather than email@example.com – this new wrong address will be added to your autocomplete list, making it very easy to repeat the mistake in future.
- Inbound addresses are automatically added to your suggestions, even if you have never.
The consequence of all of this is the high potential of sending a misdirected email to the wrong recipient. Research shows that:
- 95% of IT leaders acknowledge that insider threats such as these are a concern for their organisation
- 79% believe employees have put sensitive company data at risk accidentally in the last 12 months
- 60% believe they will have an accidental breach in the next 12 months
This simple and easy-to-make mistake can not only be embarrassing and inefficient but it can also be costly to the individual and business.
Disabling Outlook autocomplete to mitigate risk
One option to mitigate the risks associated to this functionality is to disable Outlook autocomplete entirely. This solution has been adopted by many enterprise organisations, however while it may mitigate some of the risks associated with autocomplete, it also introduces some new challenges:
- End user productivity can be considerably reduced by having to type every email address manually rather than using autocomplete.
- While users are less likely to send an email to the wrong person in their auto-complete list, this approach introduces a much greater risk of misdirected emails caused by mis-typing an address. Composing an email with multiple external recipients is time-consuming and increases the chances of getting one or more characters wrong.
- Inevitably, people will end up building their own ‘autocomplete lists’ or address books in other applications, such as Excel, and could end up storing other associated personal data locally on their device, creating risk for the organisation.
How to disable autcomplete in Outlook in 2 steps
Here is how to disable autocomplete in Outlook if you are still committed to removing it, despite the potential business and security risks.
Step 1: Select 'File > Options > Mail'
Step 2: Under 'Send messages', untick the box that says 'Use auto-complete list to suggest names when typing in the To, CC and Bcc lines'.
An alternative to disabling autocomplete in Outlook
At Egress, we believe we can solve these problems in a new and innovative way that means organisations don’t need to disable autocomplete. Egress advanced DLP and Outlook encryption analyses user behaviour, recipient/domain authenticity and security characteristics to form an opinion on whether someone is about to make a mistake when sending an email – whether caused by autocomplete or human error. Consequently, Risk-based Protection can ensure a user avoids misdirecting an email and sends the right information to the right recipients – all with an appropriate level of protection applied when sharing sensitive information (such as using Egress encryption, TLS or other third-party solutions).
For further information on how Egress can help your business to proactively mitigate Outlook autocomplete and other mistakes, please click here.