When you’ve invested in security tools like firewalls, antivirus software, and a phishing training program, you probably think that you’ve safeguarded your business from cyberattacks. Unfortunately, there’s another sneaky email threat hiding in plain sight, and it doesn’t need malware or a hoodie-wearing hacker to hit your company. It just waits for you to make a mistake in an email address.
That’s right. A misaddressed email can lead to a significant security incident. Typing in one wrong letter, like turning “john.doe@company.com” into “john.doe@compnay.com”, can inadvertently send sensitive information to a stranger’s inbox, and the consequences of that seemingly minor mistake can be far-reaching.
98% of Security Leaders Are Losing Sleep Over This Threat
A new report from Abnormal AI, an email security provider, claims that 98% of security leaders now rank misdirected emails as a “significant risk.” Many believe that they pose a bigger problem than insider threats and are on par with full-blown malware campaigns.
Part of the problem is that misdirected emails aren’t rare. They occur frequently. In fact, healthcare, finance, and legal firms report hundreds of such incidents annually, and each one is technically a data breach. A single misdirected email can trigger HIPAA, GDPR, or CCPA security compliance violations, which may result in fines that start at five figures.
Why Misaddressed Emails Can Hurt Worse Than Phishing Attacks
While phishing attacks can occur without anyone noticing immediately, it doesn’t usually take long to realize there’s an issue. Thanks to increased awareness and training, many people can now identify a problematic message quickly and take action to prevent a full-blown attack.
However, misaddressed emails are harder to spot right away. Some recipients might not even notice (or care about) the treasure that just fell in their lap. However, if the email ends up in the wrong inbox, there’s a good chance that the recipient will use its contents for nefarious purposes.
Three Simple Ways To Shut This Email Threat Down
You don’t need a PhD in email security to address these cyber threats. You can reduce the risk of misdirected emails by:
- Turning on “recipient rate-limiting” or “delay send” for emails. Most setups let you undo a message within a few seconds so that you can catch a typo like “jon” instead of “john.”
- Use double-entry for external emails. Make your team type (or select) the address twice when sending sensitive information. This extra step can save your company from a data breach.
- Add an external email alert. Include a banner that notifies your team about incoming messages from senders outside your company and requires them to confirm they are sending to external addresses when emailing anyone outside the company.
Your Biggest Email Threat Might Be Human
Cybercriminals often get the headlines, but quiet typos also rack up breaches. When it comes to data breaches, the smallest mistakes create the biggest headlines, and one misaddressed email can unravel years of good security compliance work in seconds. Take extra care when sending emails, so a missing or mixed-up letter doesn’t result in a costly breach.
