Everyone is by now aware of the dangers of sending email to the wrong recipient or disclosing email addresses by using the “cc” function instead of “bcc”. You might not be aware though of the scale of the problem or that people are increasingly reporting this type of incident to the Information Commissioner’s Office. The ICO reports huge increases (46% in the third quarter alone) in reported breaches involving email in 2017. And that follows a significant increase in email problems reported in 2016 when a 29% increase was noted.
There is also an issue if hackers gain unauthorised access to the email server or online account storing emails which have been read or waiting to be read. Even in encrypted emails the “To”, “From”, “Date” and “Subject” fields are not usually encrypted.
So what can be done to avoid email issues? These are our top tips:
1. Email should not be used to share documents internally. Best practice is to upload documents or sensitive information to a shared space and then email to invite colleagues to log in and access the space. Any wrongly addressed email will not compromise the material as only legitimate recipients will be able to log-in and access it. There is an added advantage that the document needs to be held only once in the shared space and is not left to languish in multiple inboxes.
2. Disable predictive text on email addresses. Typing in an email address is more secure than clicking to accept a proffered one, you might select the wrong address or the mouse might slip as you make your selection and you still end up with the wrong address.
3. Even blind copies can be reverse engineered to reveal the hidden email address. Use a proprietary mailing function to email securely and separately to each recipient ensuing that other recipient details are not disclosed.
4. Use colour on spreadsheets to distinguish similar spreadsheets, particularly where one spreadsheet is used to populate another, similar one. The use of red for the headings for those spreadsheets that include personal data would be a good visual sign for the increased risk when emailing the document.
5. Always check the “tail” of an email to ensure that there is nothing in the email chain that should not be shared further.
6. If you are working in a sensitive area disable predictive text as its use makes it more likely that you will send email to the wrong recipient.
7. Again, if you are working in a sensitive area disable the “reply” function so that you start a new email for responses. In that way email “tails” will never be shared by you.
8. Check that your email signature contains all the company status disclosure information, full company name, details of company registration if a company.
9. Never include material that can be considered defamatory in an email. Libel laws apply to electronic mail.
10. Don’t use your email inbox or folders as filing cabinets. Some IT systems will automatically file email into the correct client folder. If your IT system does not do this automatically then you will have to save a copy in Word or Onenote and manually delete the email. Remember that a copy of the incoming email will be retained in your “sent” email provided that you have not disabled the “reply” function.