Check recipients before sending emails in Outlook

Don’t Regret Clicking the Send Button

Have you ever written an email, where you’ve discussed some private details about company profits, or an employee that has been having problems, or that contained an attachment with sensitive company data, or even intellectual property? You prepare it, add in the names of the recipients and click send, only to, at that point, feel the cold shivers of disaster run through your body as you realize you’ve included someone in the email list you really shouldn’t have. I’ve done it, I’m sure most people have. It is a horrible feeling once you know what you’ve done and realize there is literally nothing you can do about it…until now that is.

You’ve no doubt heard a lot recently about security breaches. In the past two years, particularly, attacks on various government and commercial organizations have made the headlines because of the sheer size and sophistication of the hack. But one type of threat that is much less discussed is the threat to businesses because of simple employee mistakes. These mistakes come under the heading of ‘Insider Threats’ and include the accidental sending of data to someone it really shouldn’t go to…more on this later.

Some Email Send Button Blunders

It’s interesting to look at some recent high profile email blunders to get a sense of what can happen when you haven’t checked your email ‘to and cc’ list before clicking the send button. At the 2014 G20 summit held in Brisbane Australia, the Australian immigration department accidentally emailed the personal details of the G20 participants, including the visa and passport details of Vladimir Putin, Angela Merkel and David Cameron, to someone outside of the organization; the details being accidentally sent to the organizing committee of the Asian Cup. This was down to human error; someone had not checked that the Outlook auto complete feature had put the correct email address in, easily done.

In another similar incident, the Bank of England accidentally sent details of the banks plans to handle events if Britain left the EU to, of all organizations, a newspaper, who promptly wrote an article about it.

Sometimes these email blunders are just funny or embarrassing. Like the one where an employee accidently sent emails containing intimate discussions with her fiancée, to various co-workers, the emails ended up going viral much to her and her fiancées embarrassment. But sometimes these emails can be potentially dangerous, like the email where a mistyped name ended up releasing information about military deals between the U.S. and Israeli armies to the website Gawker.

Insider Threats and Accidental Disclosure

Accidental loss of sensitive information via email is incredibly commonplace. A report by IDCthat looked at Insider Threats, has found that 52% of organizations see these sorts of threats as being mainly accidental and only 19% deliberate. CERT, on behalf of Homeland Security concurs with the finding that Insider Threats are often accidental. In their report on Unintentional Insider Threats: A Foundational Study, they identified email as being one of the main threat vectors in an organization for unintentional loss of sensitive data by disclosure to the wrong party. And to add weight to these figures, Verizon, in their 2014 Data Breach Investigations Report found that the mis-delivery of emails accounted for 44% of data disclosure errors.

All of this is compounded by the fact that often, employees have access to data that they shouldn’t have, some estimates placing this at up to 35% of employees being able to access sensitive company data. Sending emails out with sensitive data in to the wrong party is much more than an embarrassment. You can seriously impact your ability to meet data and privacy compliance standards in this way.

The Health Insurance Portability and Accountability Act or HIPAA regulations for example, do not preclude the use of email to send out patient data, but they don’t stipulate, either how best to do it, other than that the email needs to be used within a secure messaging environment. Similarly PCI-DSS financial compliance standards need to ensure that credit and debit card details are sent within a secure messaging framework.

SafeSend a Protective Layer for Your Company Email System

Many security analysts advise on user training, but no amount of training can mange the situation where a person is tired or busy and simply mistypes a name and Outlook auto complete takes over. The problem is that once you click the send button and the email leaves your server, it is out of your control. What you need is a way of stopping this happening at the point of error, when the user enters the email address of an incorrect recipient. What you don’t want to do however is to interrupt your email work processes. If something causes your users irritation, it either won’t be used, or worse still, they’ll find a way to circumvent it.

It was these design goals that we had in mind when we designed SafeSend. Because this is an enterprise wide problem, one of the most important features of this type of product is to be able to configure settings on a per user basis, using group policies applied across the network. This includes settings such as ensuring users utilize the warning features of SafeSend before they click send and accidentally disclose information. SafeSend lets you check recipients before sending emails in Outlook Our product will allow users to perform that double check before clicking send; SafeSend adds a protection layer, preventing any mishap. It avoids the need to have complicated and difficult to use encryption, just to send out emails, as becomes a seamless part of your employees normal working practices, becoming part of the normal emailing process, a second pair of eyes, so even employees who have taken their eye of the ball, won’t send out your company sensitive data to anyone except the people who need to see it.