Published On: November 8, 2021

Security incident: Sending sensitive data to the wrong recipient

An incident that happens more often than we realize

90% of employee communication takes place via email making it the main channel for a data leaks

When we talk about cybersecurity, we often think only in terms of defense. We believe that we have something in the digital world that belongs to us and we need to protect it from outside threats. That’s is absolutely true, but it doesn’t cover all our responsibilities in terms of cybersecurity. The core of this responsibility is data and securing it in every aspect. Of course, the majority of threats comes from outside, and it is absolutely essential that we take adequate measures to counter them. However, we should not underestimate the possibility that this information can be misused by insiders.

What causes accidental sending to wrong recipient

It is clear, that insider threats are mostly caused by employee negligence and mistakes. And given the fact that over 90% of employee communication takes place via email, it is not surprising that email is considered the main channel for a data leaks.

Sending important emails with sensitive information to the wrong recipient is an incident that happens more often than we realize. Most of the time, people don’t even notice it happened or just try to conceal it. As a result, it is difficult to produce reliable statistics and determine the damage that such incidents cause. But looking at our own experience, each of us has been in this situation, probably even more than once.
Sensitive data to wrong recipient

The main cause for this type of incidents lies in the extreme amount of emails we send and receive every day. We tend to focus on the content of the emails and often rely on auto-completion to handle the recipients list. If we have the time to be thorough and detailed, we read the email once, maybe even twice and check the attachment to make sure it is the right file and opens properly. Then we click “send”. The sudden realization rarely comes in the first few seconds, if it comes at all. Then we try to fix it – recall the email, call the recipient and rely on their integrity and honesty, or… we simply do nothing.

What can be done

Ultimately, none of the above actions really work. Recalling emails is only possible in few, very limited scenarios. Relying on people’s integrity can work if you have the right person on the other side and if they haven’t already opened your email. In general, you are toast!

And the consequences can be really disastrous! Both for the company and for the employee. The amount of harm really depends on the data we have mistakenly sent, but a few examples can be:

  • Reputation loss – You will almost certainly lose some of the trust you have worked hard to build with the other party. Such an incident indicates that you are not handling sensitive data with the required care and attention. This applies to the employee, but also affects the company in general, as it is responsible for its employees and the data they work with.
  • Financial loss – If this falsely sent information relates to a certain business transaction, this may not only lead to cancellation of this transaction, but also jeopardize future business with this partner.
  • Penalties – Data leaks can be extremely costly, especially if they contain personal data and the affected people decide to exercise their rights and take the problem to court.

Preventing such incidents is extremely difficult and DLP solutions do not prove to be very efficient in this regard either. The main reason is that typically the users DO in fact have the right to work with such data and share it with others.

Sensitive data to wrong recipient
The innovative technology developed by GBS helps customers define the right approach for their requirements and business needs. With a combination of a strong content-recognition engine, DLP capabilities, an optional 4-eye principle and encryption mechanisms, companies can ensure, that sensitive data is reviewed and verified every time before it is sent. This puts the right level of control in the hands of users and allows them to take corrective actions if such an incident occurs.

Join our webinar: The invisible threats to your email communications – 3 recent examples in German to find out which security mechanisms you can use to protect your e-mail communication from cyber threats.

Author: Pavel Yosifov