I have always believed the best way to get a point across is by telling an anecdotal story about something I have experienced. In the past several weeks there have been numerous examples of confidential files being exposed due to human error when using email.
A recent instance occurred in the UK at the Ministry of Justice. An employee sent a comprehensive spreadsheet that included names, addresses, sentence lengths, release dates, and some information about offences, on all of the prison’s 1,182 inmates. The Ministry was fined £140,000.
A similar incident occurred at Kaiser Permanente in the United States when a misfired email exposed a large number of patient records.
Why do we continue to hear of these types of events? I think it’s a lack of knowledge on the part of Senior Management as to what is available to stop these types of mistakes.
I was at dinner the other evening when I needed to send a confidential spreadsheet to a group of individuals. After finishing my first glass of wine I asked the others at the table if they minded if I sent an email… probably one of the rudest things you can do these days! While addressing the email on my iPhone I mistakenly included a group of people that should have not received the file. Fortunately for me the file I was sending was in a DigitalQuick folder in Dropbox. Since I never invited any of the people in this “group” to the DigitalQuick folder, they couldn’t open the file. There was no need for me to leave dinner and do damage control! Standard passwords would not have provided adequate protection because all the people in the “group” know how to break passwords!
These incidents expose human errors as a major cause of data breaches. Updated legislation in the US and elsewhere is causing many organizations to review their security practices to try to prevent these incidents before they occur. As an example, recent updates in HIPAA regulations make all companies within a healthcare provider’s supply chain liable for any breach. That means the inadvertent sending of an email could cause damage to a hospital, insurance company and their providers.
The regular use of email to send important information is a common cause of data breaches. Protecting sensitive files upon creation will help stop this problem, because it is not considered a data breach if you lose an encrypted file.
Photo credit jcordj66