The latest ICO security trends report shows that misdirected emails continue to be the top cause of reported incidents, and led to 44% more incidents than phishing attacks in Q1 of 2020 https://ico.org.uk/action-weve-taken/data-security-incident-trends. With this in mind, and in view of the volume of email usage at MVDC, we thought it would be helpful to remind all staff of the need to be vigilant. Here are some things you can do to protect against a breach of data protection:
- Set a 1 or 2 minute delay for sending emails. Allowing an email to sit in your outbox for a few minutes gives you a chance to recall it if necessary. Here’s how: Delay or schedule sending email messages
- Remember to BCC group recipients with private e mail addresses.
- Always confirm the “Safesend” email address is the correct one for the person you are intending to send external emails to. It is vital this does not become an automatic process and you recognise that it is your responsibility to avert potential disasters. Do not let Safesend become an automatic click! Think, look and hover before you click!!!
- As above, Safesend is for external email recipients, but there have been serious internal breaches too. Think, look and hover before you click!!!
- Always confirm email attachments are correct – have strong naming conventions in place, and if in doubt open the attachment before sending to check it is the correct one and does not inadvertently contain personal data that should not be being sent.
And while we’re here….
We have also had a spike in Subject Access Requests over the last few weeks. This highlights the importance of understanding what constitutes personal data and where it is stored. All recorded information counts including Teams Chats and anything held on work mobile phones. Please be careful what information you record about people, stick to facts rather than opinion and remember anything you write about someone could be seen by them.