Email – our biggest security threat

Misdirected emails continue to be the top cause of reported incidents to the Information Commissioner’s Office (ICO).  With this in mind, and in view of the volume of email usage at MVDC, we thought it would be helpful to remind all staff of the need to be vigilant.  Here are some things you can do to protect against a breach of data protection (some of these measures can be applied to all forms of data processing – not just emails!):

  • Set a 1 or 2 minute delay for sending emails. Allowing an email to sit in your outbox for a few minutes gives you a chance to recall it if necessary. Here’s how: Delay or schedule sending email messages
  • Remember to BCC group recipients with private e mail addresses.
  • Always confirm the “Safesend” email address is the correct one for the person you are intending to send external emails to. It is vital this does not become an automatic process and you recognise that it is your responsibility to avert potential disasters. Do not let Safesend become an automatic click! Think, look and hover before you click!!!
  • As above, Safesend is for external email recipients, but there have been serious internal breaches too. Think, look and hover before you click!!!
  • Always confirm email attachments are correct – have strong naming conventions in place, and if in doubt open the attachment before sending to check it is the correct one and does not inadvertently contain personal data that should not be being sent.
  • Implement password protection on email attachments. This will reduce the risk of unauthorised individuals being able to gain access in the event it is sent to the incorrect recipient.
  • Don’t forget the importance of keeping the personal data on your systems accurate. This will ensure communications are sent to the intended destination and help to prevent the potential disclosure of information to an unauthorised party. See link for more information on data accuracy.
  • Ensure you have appropriate checking and verification measures in place with regards to sending personal data outside MVDC. Where necessary, and for communications that contain particularly sensitive personal data, there should be a robust double-checking measure to ensure information is sent correctly.

Leave a Reply

Your email address will not be published. Required fields are marked *