Email is among the most used communication tools in the world. Research suggests that in 2019, the amount of emails sent and received per day is almost 300 billion. For all the benefits email can provide for both in-office communication, as well as donor outreach, it has given organizations significant security headaches too. Today, nonprofit leaders recognize that people pose a real threat to organizations’ security: 85% of data breaches are caused by employees. Although eye-catching and sophisticated scams like spear-phishing attacks regularly make headlines, one of the most common threats to data security is email misdirection.
So what does “misdirected email” mean? A misdirected email, or misaddressed email, happens when an email is mistakenly sent to the wrong person due to employee error. These are security vulnerabilities that end-point security software cannot prevent. In fact, while writing this blog, I received a misdirected email from an acquaintance! For a number of fundraisers, messaging the wrong email address is an all-too-common occurrence.
Sending an email to the wrong person can take many forms. One of the most common causes of a misdirected email is a user incorrectly spelling the email address of the correct recipient. An email intended for firstname.lastname@example.org might be sent to “email@example.com” or even “firstname.lastname@example.org”. Accidentally sending an email message to the wrong address might happen due to employees rushing, or switching focus too quickly when multitasking.
Fundraisers spend much of their working week on email communicating with donors. To save time, it’s not surprising that people often rely on the autocomplete feature which is available on most email clients, including on Outlook or Gmail accounts. Employees find themselves relying on autocomplete for speed and convenience. However, while autocomplete can boost productivity, it raises the risk of mistakes being made. Offering a suggested recipient to a sender who has only typed the first initial of the correct person’s email address makes it much easier to accidentally add a wrong recipient with a similar name as the recipient.
In nonprofit environments, the content of the email - as well as attachments and links - may include highly sensitive information that fundraisers have an obligation to protect. The primary consequence for a breach of this nature concerns trust and reputation. Unlike dialing the wrong phone number, which might be slightly embarrassing, sending a misdirected email and experiencing a data breach as a result can significantly undermine the confidence that donors have in an organization. Having to send a message to all donors in your database that their personal info has been compromised can negatively affect future giving.
So if end-point security cannot prevent this type of data breach, what can? By focusing on what is known as human layer security, Gravyty Guard protects against the vulnerabilities that will define the next decade in the nonprofit sector.
Gain insight into your organization's human-layer security posture by taking our FREE 15-minute vulnerability assessment. You’ll receive insight into potential threats to your donor data’s security and steps you can take to prevent a data breach that places your donor’s data, and trust, at risk.