The volume of documents shared through email has exploded because of it’s simplicity. How often have you said, “Email that document to me.” It’s our default document distribution tool. It works well for small documents, but not for large files, because many organizations have limits on sending and receiving.
Because it’s so easy to do, there is also a high probability you may send the wrong document to the wrong person. Sometimes this is no big deal. Maybe you are working on a project and send someone an older presentation. Big deal. Just send them the current one and ask them to delete the old one.
Unfortunately there is also a risk of sending confidential and sensitive information to the wrong people. Most email programs have a type-ahead feature that helps you fill in email addresses as you type. This is great since most of us frequently send email to the same people. The downside is that we are too reliant on the technology and may not carefully look before hitting the Send button.
As pointed out in the Verizon 2010 Data Breach Report and shown by the recent leaks of US government documents to WikiLeaks, the loss of data from insiders is increasing dramatically. Sometimes it’s intentional, sometimes its accidental.
It’s easy to email a sensitive document to a Gmail or Yahoo Mail address and retrieve it later. People do this all the time so they have a copy at home or on the road. It’s easy to retrieve documents from a web-based email system when you are out of the office. Just go to any computer and access your online email account.
This behavior is more prevalent when companies don’t give their employees easy access to secure communications using a browser. A lot of companies use VPNs on their portable computers, but the user has to use that computer to get their email. Sometimes this is difficult if you are in a place without open WiFi or you have to talk to an IT person to allow you to VPN to your corporate network. Obviously this is more secure, but less convenient. Unfortunately convenience sometimes rules when people are on the go.
Protecting your confidential documents with persistent security is one way to make sure that an oops on the keyboard doesn’t turn into a catastrophe. If you accidentally send something to the wrong person, if they don’t have access rights to it, then you have no problem. If they try to read the document, they won’t be able to do it.
Another way to reduce the risk of leaks is to stop using email to send documents around. Many organizations have a document management system of some type and can just send links to documents through email. This way your document management system’s security can manage the document access. If you accidentally send a link to someone outside your company, they probably can’t access the file, so you’re safe.
Get in the habit of using email to send messages, not sensitive documents. One inadvertent click could ruin your whole day.
Photo credit Davichi