Email is the chief communication channel for nonprofits, no matter how many additional interoffice communication platforms we get. But email is also a channel where employees make mistakes. Despite its incredible efficiencies and economies of scale, email as a communication tool is reliant on human interaction and judgement. This places the risk of human error incredibly high.
Just one example of a mistake due to human error is an email being directed to the wrong person. A misdirected email might happen for any number of reasons, just a few of which include stress, alertness, being in a hurry, or simply bad luck. For example, staff members at a major Australian bank mistakenly sent emails that contained data from over 10,000 customers to the wrong recipient due to an error that changed the email’s domain name.
The last few months have accelerated the work-from-home trend, meaning that more data is now being communicated electronically. Many employees manage their inbox from multiple mediums, like replying to an urgent email after work on their phone instead of their laptop. While this flexibility is advantageous for employees and businesses, different diligence levels outside working hours and on mobile devices raise the chance of a misdirected email being sent.
For example, even for a small development office where each fundraiser sends a moderate number of emails per day, the likelihood of a misdirected email leaving the organization in a given month is high. That risk increases dramatically with the size of an organization. No matter how many Secure Email Gateways and firewalls you employ, failing to address this risk could mean your organization’s donor data being compromised.
Mistakes due to human error are not limited to outbound email. Over the past few years, inbound attacks such as spear-phishing have become more frequent and more sophisticated. For example, someone may receive an email from an attacker impersonating their manager urgently asking for the fundraiser to send sensitive donor data for a seemingly legitimate reason. The degree of urgency included in the email and the fact that the attacker utilizes a legitimate relationship makes the likelihood of the recipient falling for the attack more likely.
In order to stay vigilant in this changing environment, nonprofit leaders should focus on two simple questions: what is the most likely cause of data loss for our organization, and what is the maximum damage that a human error could cause? Ultimately, this awareness could help mitigate the likelihood of donor data loss and associated consequences like financial penalties or reputational damage.
Mistakes due to human error are inevitable, but the negative consequences are not. By focusing on what is known as human layer security, Gravyty Guard protects against the vulnerabilities that will define the next decade in the nonprofit sector by alerting employees of potential data breaches before they happen.
Gain insight into your organization's human-layer security posture by taking our FREE 15-minute data security health assessment. You’ll receive insight into potential threats to your donor data’s security and steps you can take to prevent a data breach that places your donor’s data, and trust, at risk.