You've got accidental mail
More and more leaks are happening because of human error. Ben Mitchell, vice president at DocsCorp Europe, sets out how firms can minimise email risk.
In early 2017, human error accounted for more than half of the data breaches reported to the Information Commissioner’s Office (ICO). The mistakes were ones we’ve all made before, such as sending an email to the wrong person. But those errors will have serious consequences once data regulations are tightened under the EU’s General Data Protection Regulation (GDPR).
But there’s no way firms are going to stop using email to communicate both internally and with clients. So, the challenge for firms in 2018 is how they protect themselves from inadvertent data breaches without complicating the way they use email.
In the past, email product add-ins were unattractive to firms. They slowed down email servers, causing them to crash, and left users feeling frustrated. We listened to our legal userbase when it came time to develop cleanDocs, our metadata cleaning tool for Microsoft Outlook. And we listened to them again when we developed its new robust email recipient checking function. Now, firms can protect themselves against accidental leaks through email in two ways – using only one solution.
We have all done it. Either we’ve clicked ‘reply all’ when we only meant to send the email to one person, or we’ve mistaken a person for someone else. Autocomplete can easily get it wrong if you have, for example, more than one Sarah at your office. When emails are sent to the wrong person it’s usually a little embarrassing – but it becomes damaging when the attachments or the email body itself contain someone’s personal information.
The GDPR means firms will need to protect against common email errors to avoid fines of 4% of their annual turnover or €20m – whichever is larger. With this in mind, we added a robust email recipient checking function to cleanDocs so that mistakes are fixed before they can cause a data leak. Now users can work quickly without risking accidental breaches.
As soon as the user clicks send, cleanDocs will assess the list of recipients for any domain names that are external, public or potentially risky. The sender must confirm that any addresses flagged by the technology are the intended recipients. Firms can also customise the solution to add more or less protection, such as flagging ‘reply all’ or ‘reply’ to an email with BCC behaviours.
And what about removing hidden information from email attachments? Any document created in Microsoft Office will have its own set of properties known as metadata. Metadata tells the reader more than what is typed on the page. It can tell them who created the document, how much time they spent editing it and even what comments were made in track changes. Exposing this type of information could not only be damaging to a firm’s reputation, it could also constitute a data breach if it contains sensitive information.
For law firms, attachments can contain especially damaging data. Think what would happen if a lawyer emailed a spreadsheet of billing information containing hidden cells. Hidden objects and cells can be recovered by the reader if they aren’t cleaned first. Releasing a file with both metadata and hidden data can result in leaked information if that attachment ends up in the wrong hands.
Removing this data from attachments means that the recipient will only be sent what they would see printed out on a piece of paper. The cleaning functionality in cleanDocs can wipe these hidden cells, and any other metadata attached to a file, before it leaves the user’s inbox. Sub-second cleaning speeds means the removal process won’t slow down email servers or cause user frustration.
The cleaning function works hand in hand with email recipient checking to give users complete control over what they are sending and who they are sending it to. What’s more, both measures are delivered through one product, one Outlook add-in, and are shown on one screen. Preventing accidental data disclosure should be every firm’s top security concern for 2018. The GDPR gives citizens more rights to how their data is captured and managed and places even more responsibility on data holders to keep it secure. Saying “I
made a mistake” won’t get firms off the hook.
With the right solution, preventing inadvertent email data breaches can be done simply. Let staff continue to work quickly but safely by partnering with a technology provider that can provide all the necessary tools in one easy-touse product. Send the right information to the right person every time and remove the risk of
This article featured in LPM March supplement 2018: Facing the storm