Stemming the tide of accidental email data leaks

Stemming the tide of accidental email data leaks

Rick Goud of Zivver explains how organisations can support staff to be safer when using email.

Email is by far the most widely-used method for businesses to communicate, with employees spending, on average, roughly 2.6 hours dealing with 120 business emails per day. ‘Traditional’ email was not built to mitigate the associated security and privacy risks, however.

It is perhaps unsurprising then that email is now the biggest source of data leaks by organisations worldwide. The most frequent cause? Human error. Employees inadvertently emailing sensitive information to the wrong person, for example.

A simple mistake (one that we’ve all been witness to, or guilty of), but – accidental or not – the potential consequences for the organisation can be disastrous. Loss of revenue due to customer churn; damaged brand reputation and broken trust, as well as the threat of a financial penalty due to non-compliance with data protection laws such as the UK DPA and GDPR.

The Covid-prompted shift to remote working has accelerated digital communication still further, with email volume growing significantly (we’ve seen a 67% increase in the use of secure email among customers, since the outbreak started). Other consequences of the pandemic include heightened stress levels for many people, and increased tiredness due to longer screen time – both of which inevitably impact performance at work.

Add to this the pre-existing problem of staff already drowning in a sea of emails - many of which are sent unnecessarily; colleagues being copied in as a back covering exercise, for example, or simply thoughtlessly – and the expanding threat surface becomes clear; the more emails that are sent, the greater the likelihood of accidental data leaks by employees.

So is it all doom and gloom for organisations and their error-prone staff? Thankfully not. There are steps that can be taken and technologies available, the best of which put employees’ email working practices and pain-points at the heart of the solution.

Help staff to make better decisions when emailing

The most effective way to tackle the burgeoning outbound email data leaks problem, is to approach it from a usability and security perspective, in tandem. Questions to be asked within the organisation include, “how can we reduce the number of accidental data leaks stemming from those emails that have to be sent, to ensure the smooth running and success of the business?” and “how can we reduce the huge volumes of emails that employees are having to wade through day in and day out?”. 

When looking for a technology solution to address such questions and enhance outbound email security, organisations must prioritise ease of use for employees. Providing staff with technology that works seamlessly with their existing email system – such as Outlook or Gmail – will ensure the deployment is not adding to their workload, or hindering their productivity levels.

Technology must always put people first, by enabling them to achieve a particular goal without disrupting, or irritating them. Especially when it is added to a communication tool used as frequently as email, which workers have come to rely on, largely due to its simplicity.

Real-life deployments that exemplify the need for, and value of, this user-centric focus include international healthcare organisation, Buurtzorg. Having recently installed Zivver for Gmail, they subsequently said that employees hardly needed to change their way of working, but now they communicate securely. So minimal changes to make a significant difference.

In a similar vein, Douglas Macmillan Hospice in Stoke-on-Trent needed an outbound email security solution that made the “user experience incredibly simple", effectively ‘hiding’ the complexity of the technology, while bringing all the desired secure communication benefits. Such simplicity is a priority for organisations, especially during these Covid-times when staff are already stressed and tired, and susceptible to making mistakes. 

Raise security awareness among employees

Raising security awareness among staff, and fostering a data privacy-focused culture, is another important step in the prevention of outbound email data leaks. To enable this, organisations need to draw up concise guidelines for employees so that – before sending an email – they always ask themselves, “Do I really need to send this email?” and “Does this person really need to be cc’d?”.

Such advice works synergistically with the non-intrusive alerts provided by best practice outbound email security solutions: Alerts which will, for example, ask, “Are you sure you want to send this?” before an employee emails sensitive financial information to an unknown recipient. This combined approach will equip staff to make better and safer decisions when communicating via email.

By striking a balance between security and usability and becoming an ‘enabler’ of secure outbound email, digital organisations will minimise costly data leaks while optimising productivity levels. From a user perspective, some of their email pain-points will be alleviated and so the number of mistakes they make will be reduced, to the benefit of all concerned.


Rick Goud is CIO & Founder of secure communications company Zivver.  Before co-founding Zivver, Rick spent six years as a healthcare consultant for Gupta Strategists. While there, he noticed a wide range of sensitive data – such as patient information, company performance, and legal documents - being frequently handled by employees. He realised there was a strong need for a secure communication solution to safeguard and manage such data (including for GDPR compliance) - and shortly afterwards, Zivver was born.

Copyright Lyonsdown Limited 2021

Top Articles

Clubhouse data leak: Data of 1.3m users dumped on a hacker forum

An SQL database containing records of 1.3 million Clubhouse users has been leaked for free on a popular hacker forum.

Iran terms Israeli cyber attack on nuke facility as "nuclear terrorism"

A rumoured cyber attack carried out by Mossad, Israel's official spy agency, destroyed legacy IR-1 centrifuges at Iran's underground nuclear facility located in Natanz.

The Hunt for Red Insider

The analogy to The Hunt For Red October is not far removed from the common reality of cybersecurity.

Related Articles