A recent data breach provided an example of how it is sometimes possible to catch a breach as it is happening and avert potential harm.
An email was sent to the wrong person in the sender’s address list. We have probably all done this at least once. If you are quick, you can sometimes recall the email, deleting it from the recipient’s system before they have opened it. In this case, the recipient had already opened the email.
The incident was resolved by a staff member making the effort to visit the recipient who happily showed them how the email had been deleted and gave assurance that it had not been copied or forwarded. Knowing the recipient through their relationship with the company gave confidence they could be trusted. The data had not got away. This was a good catch.
This degree of co-operation does happen sometimes, so with a friendly recipient it may be worth making the effort to arrange a visit. A visit gives that extra bit of confidence about how the email has been dealt with, and gives an opportunity to thank the person directly for their cooperation.
Here are three steps you can take to help keep emails from getting loose:
Set a delay rule
A good step to take is to set a delay on outgoing emails. This means you will have a little time (you can decide how long) between finishing the email, and it actually leaving your system. [For Microsoft Outlook users, go to: “File”, then “Info”, and” Manage Rules and Alerts”]
Practise recalling an email
Your email system probably has a function to delete emails from the recipient’s system if they have not already been read. This might work within your organisation, but will not help with emails going out of your organisation. Practise using that function once or twice with test emails so that it is easy to do without panic when you suddenly realise you want to recall an email that was just sent. [For Microsoft Outlook, open the message, open the “File” tab, under “Info” is “Resend or Recall”.]
Be nice to people
The story also indicates the value of treating people with respect in your organisation’s dealing with them. If the recipient of the email had had bad experiences with the organisation, they would have been much more reluctant to co-operate.
Further tips for managing emails were described in this earlier blog post.
We regularly get data breach notifications and this year we will be sharing the lessons learned from these more regularly. If you want to know more about data breaches, please check out our data safety toolkit.
Image credit: Stop sign by ndemello (via Creative Commons)