Data breach, another wake-up call

“Hi, I thought you should know we opened that attachment you emailed yesterday, and it’s not quite what we were expecting.”

That sick to the stomach, gut wrenching, “what have I done?” moment as you go back through your sent items and realise you attached the wrong document. The panicked call to your boss to ‘fess up to your mistake. Next thing you know, an investigation is launched, the ICO is informed and your data breach is front page on BBC News.  

For someone in Leicester City Council last week, that imagined scenario was reality as data for hundreds, if not thousands, of vulnerable people was emailed to 27 taxi firms in error.

Leicester City Council’s mistake is not the first of its’ kind and I’m confident it won’t be the last. Humans make errors, and as data gets bigger, so the risks associated with it grow.

Companies need to implement both organisational and technological change to avoid these problems in future. The dangerous “just attach it to an email and send it” culture that prevails in so many organisations today is simply not good enough.

Stop sending, start sharing

One of the simplest solutions to such a data breach is to share information. Consider using a secure document sharing system rather than sending it by email.

Had Leicester City Council followed that approach, they would have been able to remove the incorrect file as soon as the error was spotted. They could also see who had opened the file and whether it had been downloaded and saved elsewhere.

While human error can’t be eliminated entirely, it can be contained in a much more secure environment.

If that isn’t enough to make you switch from sending to sharing, here are some other reasons to consider it…

  • Email is not secure, it should be assumed that whatever you write in or attach to an email could become public.
  • Attachments end up saved and stored in multiple places, leading to issues over ownership and version control.
  • Email is often stored on systems in plain, readable text. If someone gains access to that system, everything is available to be read.
  • More than 100 billion business emails are sent and received every day around the world. Email inboxes can become big black holes and that important attachment you sent may never be seen!
  • GDPR is coming soon and data breaches will be treated much more seriously in future.

Don’t wait until you and your organisation become the next data breach news story. Once the genie is out of the bottle it can’t be put back in, so stop sending and start sharing now!