Data breaches caused by email misuse are becoming increasingly common. A OnePoll report on behalf of Egress Software Technologies investigated the most common email mishaps, and the findings are surprising.
- More than 1 in 3 employees admitted to sending an email to the wrong recipient.
- 46% said that they had received information that was clearly intended for someone else.
- 50% confessed that they would delete an incorrectly sent email from their sent folder to conceal their error.
- Rushing and autofill were blamed as the biggest causes of email send mistakes.
- 25% admitted to maliciously leaking business data.
What this means
Errors and malicious actions such as these pose a significant threat to data security within your organisation. If an employee does make a mistake, it is vital that they inform the necessary department immediately so that it can be dealt with. Concealing an error could prove more problematic and result in harsher consequences for the organisation. Therefore, ensuring your employees are familiar with internal policies is crucial.
- The IICSA (Independent Inquiry into Child Sexual Abuse) was fined £200,000 for revealing the identities of abuse victims in a mass email. A key reason for the fine was the lack of knowledge and training of staff relating to sending bulk emails.
- Gloucestershire Police was fined £80,000 for revealing the identities of abuse victims in a bulk email.
Under the EU GDPR (General Data Protection Regulation), the unauthorised disclosure of personal data is a breach, which can incur significant fines (€20 million or 4% of annual global turnover – whichever is greater) and result in reputational damage.
It is important for staff to be aware of the consequences that their careless actions carry. To combat and prevent employee negligence, we recommend the Misuse of Email Cc and Bcc Human Patch E-Learning Course. It aims to ensure that employees are aware of the risks and consequences that come with misusing email and know how to handle and communicate personal data via email securely and legally.