Misdirected email: How can this human error be a key risk factor for organizations?

  • The inadvertent sharing of data through CC and BCC functions can expose an organization’s entire contact database which is a potential opportunity for its rivals.
  • An organization can face dire consequences if confidential corporate information falls into wrong hands.

Human error remains the main cause of data breaches. While falling for phishing emails continues to prevail in organizations, misdelivery of emails has become the latest major factor for data leaks.

Verizon, in its 2018 Data Breach Report, had ranked misdirected emails - sending information to the wrong addresses - as the fourth most frequent action that results in data breaches. So what are the consequence of such errors in an organization? Here’s a look at it.

Reputational and financial damage

The inadvertent sharing of data through CC and BCC functions can expose an organization’s entire contact database which is a potential opportunity for its rivals. The competitors can leverage the data from such errors to lure both customers and employees - even worse exposing customer emails to potential hackers.

Besides the reputational damage, an organization also incurs financial damage, which can be in the form or a hefty fine or cost due to the loss of personal data. For instance, An American health services provider, Sentara Hospitals was imposed with a fine of $2.175 million for a data breach that involved misdirected email. Sentara was blamed for inadvertently sharing the information of 577 patients to wrong addresses.

Intellectual Property loss

An organization can face dire consequences if confidential corporate information falls into wrong hands. This confidential information can include trade secrets or blueprints of an unpatented new product.

In 2018, Commonwealth Bank had mistakenly sent 651 emails to an overseas company as they forgot to include ‘.au’ at the end of the domain. The data leak went unnoticed for over a long period, which could have potentially exposed sensitive company data or private customer information to competitors, putting the company at risk.

Data loss

With over 269 billion emails sent around the world each day, misaddressed emails are the largest source of data loss of organizations, ICO reported. Cybercriminals can capitalize on this complacent email culture to conduct Business Email Compromise or spear-phishing attacks.

Conclusion

Given the wide proliferation of misaddressed emails, organizations from across the globe need a clear strategy to prevent loss and exposure of confidential data. The threat that comes from accidental data leakage can be just as damaging as the external threat of cybercrime.