Simple Email Mistakes That Can Cause Serious Data Security Breaches
Careless human error is one of the main causes of IT problems.
Email mistakes in particular stand out as significant causes of data breaches. While these mistakes are understandable in many cases, they are still very costly.
Examples of Email Mistakes
One notable example of an email mistake that caused a data breach involved the Goldman Sachs investment management firm. In June 2014, a Goldman Sachs contractor accidentally sent a message to a gmail.com email address instead of the corresponding gs.com email address. The latter email address is connected to the company’s in-house email network.
The email contained a confidential document, and the mistake sent Goldman Sachs scrambling for a solution. To prevent the gmail.com recipient from opening the message, Goldman Sachs took Google to the New York State Supreme Court. In its petition, the investment management firm said that the message contained "highly confidential brokerage account information" and asked Google to help it prevent a "needless and massive" data breach.
The case was unprecedented, in that Goldman Sachs argued that email senders should have the right to "unsend" an email if it was sent by mistake. In the end, however, the court did not have to rule on the case, since Google voluntarily blocked the recipient’s access to the email.
Another noteworthy email mistake occurred in April 2014. An employee at the risk advisor and insurance brokerage firm Willis North America accidentally sent a spreadsheet to a group of employees enrolled in the company medical plan’s Healthy Rewards Program. The spreadsheet contained confidential information, including employees’ names, email addresses, birthdates, Social Security numbers, employee ID numbers, office locations, and the details of their medical insurance plans.
Willis North America agreed to pay for 2 years of identity theft protection for the 4,830 people affected by the breach. Although the leaked information did not include details about the victims’ health conditions or the health information of their dependents, Willis North America was still cited for violating the US Health Insurance Portability and Accountability Act (HIPAA).
A similar incident occurred in September 2013, when an employee of a multinational computer company accidentally sent an email to a "sept_training1" mailing list. The list included thousands of other employees. A large number of these workers replied to the email by asking to be removed from the list, and many of them clicked "Reply All" when responding to the message. This resulted in millions of unwanted email messages taking up space on the network. The mistake severely damaged the employees’ productivity, and cost the company hundreds of thousands of dollars.
The Costs of Email Mistakes
As demonstrated in the previous examples, losses in productivity can cost a company a significant amount of time and money. Another cost stems from paying for identity theft protection for the victims. Additionally, if the email mistake led to a data breach, then the company could find itself facing lawsuits or punitive fines. Data breaches like these could also reveal sensitive company information to the general public.
Email mistakes, especially those that cause data breaches, can tarnish a company’s reputation, which can lead to lost business opportunities and shareholder confidence.
Avoiding Careless Mistakes
To prevent any mistakes, create clear-cut policies and procedures about sending emails, especially those with sensitive information. You’ll also need to educate your staff members about the problems caused by carelessly sending emails. Employees are more likely to think twice about sending a message when they know just how costly a mistake can be.
By the same token, you should develop a workplace environment in which employees feel comfortable talking about their IT concerns. By making your staff members feel comfortable about discussing these issues, you can improve the odds that one of them will ask a question that could avert a mistake.
Data loss prevention (DLP) software can also help in this regard. This software can stop employees from sending confidential information by accident. Look to your IT staff or service provider for help when searching for a DLP solution that matches your individual needs.
PC Corp can help with your business’ email security. Contact your PC Corp Account Manager or talk to us here:
Email: info@pccorp.com Phone: 780 428 3000 option 3 (sales)