Recent research from Egress Software Technologies has revealed how work emails are often misused by UK employees. Of the 2,000 workers surveyed, 24% admitted that they had “purposefully shared confidential business information outside their organisation”. More significant is that 50% said that they either had or would delete sent emails if they’d sent information somewhere they shouldn’t.
Other key findings:
- 46% had received a “panicked email recall request”.
- 37% admitted to not checking emails before sending them.
- 68% blamed “rushing” as the reason for incorrectly sent emails.
- 9% inadvertently leaked sensitive information in the form of bank details and customer information, which could have jeopardised their organisation and customers.
- 42% blamed autofill technology for inputting the incorrect recipient.
- 40% of emails sent to the incorrect recipient contained insults, “rude jokes, swear words and even risqué messages”.
Tony Pepper, CEO and co-founder of Egress, said:
Email is frequently misused by the UK workforce. While offending an accidental recipient may cause red faces, leaking confidential information can amount to a data breach. As we move towards the EU General Data Protection Regulation, it has never been more important to get a grip on any possible risk points within the organisation and, as this research shows, email needs serious attention.
When dealing with confidential and sensitive information, employees need to be aware of internal security policies and procedures, as well as information security best practice. Human error and lack of employee awareness are growing concerns and these findings reiterate that staff need to be aware of the risks that they could unintentionally inflict on their employer. After all, preventable data breaches could incur fines and could also result in reputational damage among customers and stakeholders.
Reduce your security risk exposure with staff awareness training
Rolling out a comprehensive staff awareness programme will give employees a clear understanding of their compliance requirements, your organisation’s security policies and procedures, and basic knowledge of information security best practice to reduce preventable mistakes. Even basic training has the potential to prevent security incidents.