, ,

Could a simple email error cause a serious data breach?


With human error the leading cause of data breaches, the Information Commissioner’s Office (ICO) has produced a handy toolkit to help businesses communicate the importance of information security to staff.

At Hayes Connor, we’re sharing some of the tips included in this toolkit to raise awareness of the importance of this issue, and to help organisations across the UK improve their data protection processes.

Tip: Most security breaches happen because of distractions or mistakes. Always check email addresses, content and attachments before you click ‘Send’

The problem with email

Most of us hand over our email addresses in return for services. And we do so willingly. But our email addresses provide a way into our digital life so organisations must keep them safe.

Common mistakes when sending emails include:

  • Misspelling an email address and sending it to the wrong person
  • Not using the bcc functionality when sending to multiple recipients
  • Attaching the wrong information to an email.

For example, an independent inquiry into child sexual abuse was fined £200,000 by the ICO after sending a bulk email that identified possible abuse victims. In this case, an officer sent an email to 90 people involved in a review without using the blind carbon copy (bcc) functionality. This allowed the recipients to see each other’s email addresses and identified them as possible victims of child sexual abuse.

Furthermore, in many cases, the wrong email addresses are being supplied in the first place. So individuals should also do more to protect their data.

For example, in another case, a person signed up to a credit service, but when doing so, entered a slightly incorrect email address. This email address then doubled as the account username. When an email was sent from the credit service to confirm the account, it was, therefore, sent to the wrong person. Because this stranger had full access to the account, they could get into the account and even change the password. So, one small mistake let the wrong person see a huge range of personal information including the date of birth and previous addresses of the actual account holder, as well as information about their applications for credit.

Quick tips

  • Make sure you enter your email address correctly when signing up online
  • Employers must understand the importance of data protection and make sure that strict policies and procedures are put place to ensure the safe processing of information
  • In many cases, data breaches can be avoided by staff abiding by the data protection principles of their businesses. But it is up to employers to make sure that all staff receive regular data protection training to make sure they understand the potential consequences of breaching data protection laws
  • Companies are also being urged to find other ways to check their customers are who they say they are (e.g. two-factor authentication and ensuring people signing up for a service enter their email address twice – with no cut and paste option).

Not just hackers

Data breaches are not just caused by cybercriminals. For more advice on how to keep your data safe, follow our #notjusthackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.