Are you considering your outbound email data breach risk in your security plan?
We tend to think of cybersecurity threats as something that comes into a business – phishing, hacking, credential stuffing, ransomware. But there’s also cybersecurity risk in things that go out of your business, like email. Insider threats include employee errors, even if it’s non-malicious. Mitigating outbound email data breach risk has got to be on your cybersecurity radar, especially if you’re supporting a remote workforce.
To Err Is Human
The number one cause of a data breach never changes – it’s humans. We misclick, we hurry to finish something, we’re distracted and boom, we’ve sent the wrong client’s file with that email. When that happens internally, it’s not much of a problem. But it becomes a whole different ball game when you accidentally send the wrong client’s file to an outside vendor or another client. That becomes a data breach.
While an external email data breach isn’t usually as big of a headache as a cybercrime-related data breach, it can be. Just ask Swedish insurance giant Folksam. Personally identifying information (PII) and sensitive data including medical data for approximately 1 million customers was accidentally shared with Google, Facebook, LinkedIn and other companies when an employee mishandled an internal marketing analysis.
What drives staffers to become accidental insider threats by making mistakes like sending data to the wrong person? In a recent study, British email security experts analyzed why staffers make mistakes when sending outbound email. Their findings included some enlightening facts about the potential for staffers to make outgoing email mistakes:
- 93% of IT leaders surveyed said that their organization had suffered data breaches through outbound email in the last 12 months.
- On average, an outbound email data breach occurs every 12 working hours.
- Companies are currently sending 94% more email because of COVID-19
- 80% of outbound email data breaches were caused by the wrong file attached to an email or the wrong recipient added to an email
- Sensitive data has been put at risk by an outbound data breach at more than 90% of companies.
Remote Workers Increase the Risk
Suddenly, everyone was remote working this year – and not many companies were ready for it. While many businesses had at least some remote work capability set up for staffers who were sick or traveling, they often didn’t have the security measures in place to support the entire staff working remotely full-time. Which left them vulnerable to a myriad of threats that they hadn’t had to make a priority in the pre-pandemic era.
That led to a rise in all sorts of cybercrime as bad actors took advantage of the chaos. Phishing, ransomware, skimming, hacking, and all sorts of cyberattacks ramped up in danger and frequency, leading to a record year for cybercrime. It also led to an increase in outbound email data breach risk, because workers that are off their game for one reason or another (like dealing with massive societal upheaval during a pandemic) are workers that make cybersecurity mistakes.
- 37% of employees are more likely to make mistakes when they’re tired or stressed
- 35% of the survey respondents said that they make more mistakes when they’re working remotely
- 29% said that they’ve made an external email error by failing to use BCC
- 27% admitted that they’d screwed up by relying on autocomplete
- 29% of the respondents also said that they’d failed to redact sensitive information in an outgoing email.
Secure Your Business From Outgoing Email Data Breach
One simple solution that really packs a punch against outgoing email data breach risk is a secure identity and access management solution. Not only is secure identity and access management an essential component of keeping sensitive information out of hackers who break in but it’s also an essential for keeping people out of data that they’re not supposed to see. CISOs around the world also agree that this AS WELL AS Security Awareness Training for your team HAS to be a top priority for 2021 because of its versatility in protecting data and your business from multiple risks at once.
For more information on our security solutions for your business contact us at ask@optistartech.com. Until December 31st, 2020, we are offering a 45-Day FREE trial of our Security Awareness Training and Dark Web Monitoring! Visit www.optistartech.com/sat/ for details.
ID Agent