You've pressed send on an email containing confidential information, what might happen next?

4 min read

An employee in the financial services sector has just emailed a client with their latest accounting info. They’ve CC’d a few colleagues, attached a couple of documents and just pressed send and the email is on its way to the recipient. But there’s been a mistake made and the wrong document is attached, containing highly sensitive information relating to another client.

As with the above scenario, recently we covered the potentially damaging outcomes that can occur every time a financial services employee sends an email. Now, let’s look at another question: what steps can be taken to recall emails after they are sent, protecting personal information and preventing data leaks?

Modern communication apps such as Whatsapp have built an expectation that we should be able to simply delete or recall messages sent to a single person/group at will. Sadly, email wasn’t built with this capability in mind, and email recall functions are either non-existent (iCloud or Yahoo) or don’t always work effectively (Outlook and Gmail).

Let’s examine the recall tools for two of the biggest email clients and ask why they aren’t sufficient to protect financial services companies from data theft or leaks.

Outlook: recalling emails comes with a few catches

It may be coming up to 25 years old, but Outlook’s email recall feature still doesn’t provide a strong function for actually recalling emails sent in error. Here is what seems to be an incredibly simple method for recalling emails in Outlook.

Step 1: Go to your Sent Items folder and double click on the email you want to recall

Step 2: Click on the ‘Message’ tab,

Step 3: Select ‘Actions’ and then choose ‘Recall this Message’

Step 4: Choose between Delete Unread Copies of This Message (in which case, you’ll delete the email) or Delete Unread Copies and Replace With a New Message (in which case you’ll be taken to another screen to edit your original email).

This all sounds very straightforward, but email recall won’t always work for several reasons. Firstly, if the recipient has already opened the original message, they’ll receive a recall message, but the original email will remain in their inbox. This means that not only has the sender failed to recall the message, but they’ve also highlighted to the recipient that they sent it in error, encouraging the recipient to take a look and achieving the exact opposite of what was intended. The recall also won’t work if the email was filtered by Outlook into a specific folder other than the inbox, or if it was sent to a public folder.

Also, Outlook’s recall only works with emails sent to another person using the Outlook Exchange Client or Outlook 365, and only if they (and their recipient) are using the desktop app, not the online version of Outlook. If the recipient is using Gmail or another email client, they’ll still be able to read the original message and all of its contents, which can lead to a data leak.

With Gmail being the most popular email platform with over 1.8 billion users worldwide, this diminishes the actual potential of Outlook’s recall function to prevent misdirected emails, stop leaks and prevent the unwanted spread of confidential information. When it comes to financial services companies sending account details, personal information, investment plans and stocks/shares info, the recall feature on Outlook is far from sufficient as a way of preventing mistakes over email. Then again, Gmail isn’t all that better, as it doesn’t technically have an email recall feature. Instead, a pop-up appears giving the sender a specified amount of time to ‘unsend’ their email, and if they have not done so before that time elapses there’s no way to bring it back.

It’s possible to adjust the amount of time you have to ‘unsend’ an email from 5 to 30 seconds – but it’s quite clear that in all cases the burden is on the sender to act fast to spot their error and retrieve it, rather than Gmail. Miss out on this timeframe, or navigate away from the screen showing the ‘Undo’ option and the email could be sent, and if it lands with an unintended recipient this could lead to a damaging data leak.

Zivver: rapid email recall to mitigate mistakes

Financial services companies with employees sending thousands of emails every day must think seriously about their email security, not just before they are sent but afterwards. No matter how well their staff have been briefed on best cybersecurity practices, just one slip-up over email could lead to major financial repercussions, and so there must be an easy way for staff to retract emails easily and safely.

As part of its comprehensive email data protection service, Zivver gives users the ability to quickly restrict access to emails after they are sent using the recall email feature. If messages are withdrawn before recipients can access them, Zivver can help ensure the leak has been contained and authorities don’t need to be called. The platform also tells you who has already opened an email as well as if they have downloaded any attachments, giving you a clear understanding of the potential impact and allowing you to react and report data leaks if necessary.

What’s more, Zivver can correct everyday mistakes before the user hits send, whether it's emailing the wrong person or attaching the incorrect file. Because it can be easily integrated with Outlook and Gmail, you’ll be boosting these platforms with a stronger recall function without having to switch onto an entirely new system.

With our platform, security leaders at financial services companies have a birds-eye view of their email security, giving them the confidence that their users can recall emails, prevent data leaks and comply fully with data protection regulations. Find out more by downloading Zivver’s guide to email security in the financial services industry, contact Zivver’s UK office on +44 20 3285 6300, or email contact@zivver.com.

 

Written by

Kate O'Neill

Originally published on May 28, 2021

Last update on July 27, 2021