Recent research has revealed how work emails are often misused by UK employees. Of the 2,000 workers surveyed, 24% admitted that they had “purposefully shared confidential business information outside their organisation”. More significant is the fact that 50% said that they either had or would delete sent emails if they’d sent information somewhere they shouldn’t.
Other key findings:
46% had received a “panicked email recall request”. 37% admitted to not checking emails before sending them. 68% blamed “rushing” as the reason for incorrectly sent emails. 9% inadvertently leaked sensitive information in the form of bank details and customer information, which could have jeopardised their organisation and customers. 42% blamed autofill technology for inputting the incorrect recipient. 40% of emails sent to the incorrect recipient contained insults, “rude jokes, swear words and even risqué messages”.
While offending an accidental recipient may cause red faces, leaking confidential information can amount to a data breach. As we move towards GDPR, it has never been more important to get a grip on any possible risk points within the organisation and it is clear the subject of emails needs serious attention. When dealing with confidential and sensitive information, employees need to be aware of internal security policies and procedures, as well as information security best practice. Human error and lack of employee awareness are growing concerns and these findings reiterate that staff need to be aware of the risks that they could unintentionally inflict on their employer. After all, preventable data breaches could incur fines and could also result in reputational damage among customers and stakeholders.
I recommend that all staff are given regularly reminders about the potential consequences of such breaches and, when incidents do happen, take them seriously. Human error does happen, but repeated carelessness is not human error - it is bad practice!