So, you've sent an email to the wrong person. Don't worry; you're not alone. Recent surveys have pointed to over half of employees say they've sent an email to the wrong person.
We call this a misdirected email, and it's easy to do. It could be a simple spelling mistake, it could be the fault of Autocomplete, or it could be an accidental "Reply All." But, what are the consequences of firing off an email to the wrong person, and what can you do to prevent it from happening?
We'll get to that shortly. But first, let's answer one of the internet's most popular (and pressing) questions: Can I stop or "un-send" an email?
The short (and probably disappointing) answer is no. Once you send an email, it can't be "unsent." But, with some email clients, you can recall unread messages sent to people within your organization.
Join 30,000+ fundraising professionals that receive our weekly Sunday newsletter with industry trends, tips, and analysis delivered right to your inbox
Recalling messages in Outlook & Office 365
Before reading any further, please note: these instructions will only work on the desktop client, not the web-based version. They also only apply if both you (the sender) and the recipient use a Microsoft Exchange account in the same organization or if you both use Microsoft 365.
In layman's terms: You'll only be able to recall unread emails to people you work with, not customers or clients. But, here's how to do it.
Step 1: Open your "Sent Items" folder
Step 2: Double-click on the email you want to recall
Step 3: Click the "Message" tab in the upper left-hand corner of the navigation bar (next to "File") → click "Move" → click "More Move Actions" → Click "Recall This Message" in the dropdown menu
Step 4: A pop-up will appear, asking if you'd like to "Delete unread copies of the message" or "Delete unread copies and replace with a new message"
Step 5: If you opt to draft a new message, a second window will open, and you'll be able to edit your original message
While this is easy enough to do, it's not foolproof. The recipient may still receive the message. They may also receive a notification that a message has been deleted from their inbox. That means that, even if they can't view the messed-up message, they'll still know it was sent to them.
You can find more information about recalling emails in Outlook here.
Recalling messages in Gmail
Again, we must caveat our step-by-step instructions with an important disclaimer: this option to recall messages in Gmail only works if you've enabled the "Delay" function before fat-fingering an email. The "Delay" function gives you a maximum of 30 seconds to "change your mind" and claw back the email.
Here's how to enable the "Delay" function.
Step 1: Navigate to the "Settings" icon → click "See All Settings"
Step 2: In the "General" tab, find "Undo Send" and choose between 5, 10, 20, and 30 seconds.
Step 3: Now, whenever you send a message, you'll see "Undo" or "View Message" in the bottom left corner of your screen. You'll have 5, 10, 20, or 30 seconds to click "Undo" to prevent it from being sent.
Note: If you haven't set up the "Delay" function, you will not be able to "Undo" or "Recall" the message.
More information about delaying and recalling emails in Gmail is here.
So, what happens if you can't recall the email? We've outlined the top six consequences of sending an email to the wrong person below.
What are the consequences of sending a misdirected email?
According to Verizon's 2021 DBIR, misdelivery is the most common type of error to cause a breach. But is a breach the most significant consequence?
The consequences of sending a misdirected email depend on who sent the email and what information the email contains.
For example, if you accidentally sent a snarky email about your boss to your boss, you'll have to suffer red-faced embarrassment (which 36% of employees were worried about).
On the other hand, if the email contained sensitive donor or organizational information and were sent to someone outside of the relevant team or outside of the organization entirely, the incident would be considered a data loss incident or data breach. That means your organization could be in violation of data privacy and compliance standards and may be fined. But, incidents or breaches don't just impact an organization's bottom line. It could result in lost donor trust, a damaged reputation, and more.
Let's take a closer look at each of these consequences.
Fines under compliance standards
Regional and industry-specific data protection laws outline fines and penalties for failing to implement effective security controls that prevent data loss incidents. Yep, that includes sending misdirected emails.
And these incidents are happening more often than you might think. Misdirected emails are the number one security incident reported to the Information Commissioner's Office (ICO). They're reported 20% more often than phishing attacks.
Lost donor trust and increased attrition
Today, data privacy is taken seriously…and not just by regulatory bodies.
A data breach can (and does) undermine the confidence that donors, stakeholders, and partners have in an organization. Whether it's via a formal report, word-of-mouth, negative press coverage, or social media, news of lost – or even misplaced – data can drive even your most loyal supports to jump ship.
Naturally, donor attrition + hefty fines = revenue loss. But, organizations will also have to pay out for investigation and remediation and future security costs.
How much? According to IBM's latest Cost of a Data Breach Report, today's average cost of a data breach is $3.86 million.
As an offshoot of lost donor trust, organizations will – in the long-term – also suffer from a damaged reputation. But, as we've said: people take data privacy seriously.
That's why, today, strong cybersecurity enables nonprofits and has become a unique selling point in and of itself. It's a competitive differentiator. But, of course, that means that a cybersecurity strategy that's proven ineffective will detract from your ability to reassure donors.
But, individuals may also suffer from a damaged reputation or, at the very least, will be embarrassed. For example, the person who sent the misdirected email may be labeled careless, and supporters might criticize leaders for their lack of visibility into employees' security habits. This could lead to….
Unfortunately, data breaches – even those caused by a simple mistake – often lead to job losses. It could be the Executive Director or even the gift officer who sent the misdirected email.
It goes to show that security is about people. That's why, at Gravyty, we take a human-centric approach to cybersecurity for nonprofits and prevent human error on email without getting in the way of the work fundraisers are doing every day to connect with donors.
See a Gravyty demo today and learn how you can protect your donor data and your employees without getting in the way of the work that needs to get done: