2017: The Year of Email Data Breaches

With emails forming the main artillery of communication in most organizations, it is perhaps not surprising that email data breaches were the main cause of critical data loss in financial, legal and professional firms in the UK in 2017.

Emails ending up in the wrong hands can have devastating effects on a company. Such a mistake can have huge ramifications ranging from client data being compromised, to major reputational damage or direct financial loss. With mainstream media coverage of these data breaches becoming a regular occurrence, and drastic changes in regulation just around the corner, email security is now more important than ever.

Specifically, misaddressed emails are the prime example of such enterprise communication security breaches. The threat around misaddressed emails is particularly alarming (it was the biggest form of data loss as reported by the ICO in 2017) and it’s only becoming more problematic (there was a further 27% increase in data sent by email to the wrong person in 2017). 

It’s human nature to fear the shark when we go swimming, but it’s crossing the road - an activity we do daily almost without thinking - that is much more likely to kill you. There is currently an obsession with the detection of attacks caused by malicious external parties, but the most common data security incidents reported to the ICO this year are all linked to human error from within a business.

The problem with data breaches that result from human error is that they’re unintentional, and therefore harder to prevent, yet the consequences can be just as catastrophic as an external hack.

As of May next year, UK businesses will be faced with the reality of serious financial penalties for such breaches in data privacy when GDPR legislation comes into effect. With this in mind, companies now need to have an enterprise communication security strategy in place to prevent their number one risk of data loss: misaddressed emails.

A strong enterprise communication security strategy will prevent data loss before it occurs via email or any other communication platform, and not simply report a loss after it has already happened. Cyber security solutions that use machine learning to analyze employee behavior and intervene to stop a breach are the most effective tech solutions. For enterprise businesses that operate on a large scale with huge numbers of employees, it is also imperative to implement firm-wide staff training on email security best practice and security tips to create a unified defense against data loss.

As we observed in 2017, data breaches are an ever-evolving threat. Keeping your employees aware of these threats by consistent training and efforts to raise awareness is also a key aspect of an enterprise communication strategy. 

There is a preconceived notion within information security that to keep data secure you must make it impossible for outsiders to get in, however, most organizations are significantly unprepared to deal with the huge problem of data loss through human error.

According to research by IBM, 95% of all security incidents involved human error. Email is the main artery of communication for any firm be it Financial, legal as it provides many benefits like speed, clarity and ubiquity, but these benefits are also attributes that make it such a big threat to a company, its employees and its data.

It is important to look at security processes from an internal point of view and look to improve them by investing in people with security awareness training sessions and tools utilizing cutting-edge technology which will automatically detect and prevent human errors being made. Companies will then be in a position to use this technology to their advantage and safeguard for the future.

UK companies are realizing the importance of investing in cyber security technology not just to prevent, but also to detect and report, any emails that could have been sent to the wrong person. Given the current climate and impending changes to UK data law, having control and peace of mind that confidential client data will remain confidential is a critical priority for all businesses in 2018.

What’s Hot on Infosecurity Magazine?