It is so easy to send the wrong attachment with an email, especially if the documents you are selecting to attach are not clearly and distinctly named. We see this type of breach fairly regularly so we thought we’d highlight it in this post.
Of the 33 data breach notifications we received in 2015-16 that resulted from errors when using email, one third involved attachments being sent to the wrong people. It is not easy to be sure how this happens in each instance, but it is easy to understand that it is more likely to happen if documents are not well named.
Certainly this was found to be true in one case when an organisation investigated one of its breaches. It found a significant factor in sending the wrong attachment was that the file attached had a very similar name to the file that should have been sent.
Clear files names might have helped to avoid some of the other data breaches that were reported. The issue is not unique to New Zealand data breaches. Examples can also be found in the database of breaches collated by the Privacy Rights Clearinghouse.
Giving your documents clear, meaningful and distinct names will help you spot inconsistencies and gives you a chance to catch and correct.
This post is the first in our Breach Cases series. We’ll have more to follow.
Image credit: Japanese speed sign via Wikimedia Commons.