While often understandable, user error is most commonly the root reason for the majority of IT problems. While not necessarily not only creating technical issues, users making mistakes can cause problems for IT to secure other systems.
Something as simple as sending an email to the wrong email address, or replying to all on an email containing confidential information can cause catastrophic problems that cause IT to react quickly to attempt to reverse mistakes.
These types of mistakes are often very costly if not caught in time as it allows secured information to quickly become public information that can be used for malicious intent. These issues can also cause compliance issues for some organizations.
Examples of Email Mistakes
College Accidentally Sends Thousands of Student Records to the Wrong Email Address
In 2014 a California community college employee accidentally sent thousands of student records to the wrong email address.
What happened is that an employee of the community college was to send these records out to an external address. Because of how large the data was, the mail was rejected and sent back to the employee saying that it couldn’t be sent.
This employee then tried to send using a personal email address, but accidentally typed in the incorrect address of the intended recipient and sent the email.
At the time the email was sent it appeared that the mistyped email address was an invalid account and the records were never compromised, however the school still had to lock down its systems and provide credit monitoring for all those that would have been potentially affected.
Bank Sends Confidential Information to the Wrong Gmail Address
In 2009 a bank employee in Wyoming sent the records of 1325 of its customers to the incorrect Gmail address.
What happened in this case is that a customer of the bank asked a bank employee to send some documentation involving a loan to another 3rd party. The bank employee then went to send this information, but used the incorrect Gmail address and sent to a different Gmail address.
Additionally in this case, the bank employee attached a file to this email that contained the records and information of 1325 bank customers that never even should have been attached for this customer.
To try and retrieve the information, the bank ended up suing Google in attempts to block the email. According to Googles policies, they wouldn’t block the email as it violated their privacy policies.
The Costs of Email Mistakes
According to the Ponemon Institute, May 2015 Cost of Data Breach Study: United States, $217 is the average cost of each stolen record.
In the case of the community college, the database of records that was accidentally sent consisted of 35,212 records. That is a potential cost of $7,641,004.
In the case of the bank that sent out an attachment that never should have even been attached, there were 1325 records that potentially cost $ 287,525.
These costs are figured by calculating the potential turnover of customers and the associated costs of legal fees and other technology costs.
Avoiding Email Mistakes
The good news is that some of this can be avoided. For instance, Microsoft Outlook has a Delay Delivery option that allows email to be sent at a later time and date. With a little configuring, policies can be created to allow this to happen for all email.
Another way email can be stopped is by the use of specific email servers. In this case if an attachment is forgotten or the wrong email was sent, an attempt can be made to stop the delivery to make more changes.
The biggest way to avoid email mistakes is through education. Educating employees on what types of information should be sent and educating them on how costly these mistakes can be can help avoid email mistakes.
Additionally educating staff that it’s realized that mistakes can be made but that it’s okay to bring them to the attention of someone that can help remediate the mistakes rather than hiding them until it’s too late is also a good way to help avoid the results of an email mistake.