The revelation this week that the Australian Immigration Department accidentally leaked the personal data of 31 world leaders has once again highlighted the reputational damage resulting from data loss by email. The data included passport numbers and dates of birth and was leaked thanks to Outlook email auto-complete.
The department’s response has been to disable auto-complete. It’s a darned useful feature, so disabling is rather like throwing the baby out with the bathwater (as well as shutting the stable door after the horse has bolted).
There’s no doubt that employees are a big risk for organisations, the ICO believe that human error is responsible for 50% of data breaches. One opposition politician said “You can’t protect against human error!” but the good news is, you can!
Classification add-ins to Outlook can ‘link’ classifications applied to the email to the email domains that the message is allowed to be sent to. ‘Unclassified’ emails are allowed out to all internet addresses, while ‘Protected’ and above are only allowed to pre-defined email domains such as partner agencies. This relies on the email originator correctly classifying the email, and a good classification tool can help in this regard by checking that an email classification matches or exceeds that of any attachments, and by content checking the email and attachments.
Moreover, use of a data classification tool has been proven to quickly get users into a mind-set where they consider the sensitivity of every piece of data they create or handle. Boldon James Classifier is one such tool.
Through the implementation of information governance strategies, such as data classification, which identify sensitive data wherever it travels, organisations can reduce the level of risk employees pose to the organisation and eliminate any need to lock down systems, functionality or devices.