Protecting patient data is always paramount in health care, be it either private or public sector. Email is one of the easiest ways to breach security quite by accident. This article reviews the common sources of leaking confidential date through email and steps to reduce the risks at both the personal and organisational level.
The five most common ways to breach security and confidentiality through email are:
- Sending an email to the wrong addressee – so easily done when most email software automatically insert what it think is the correct address.
- Attachments in which you think you have cleaned up all the track changes and comments etc. Unfortunately, Word often leaves meta data which shows if the document was a template used for another patient and does not always fully remove all the revisions etc.
- If you manage your Consultant’s/boss’s inbox you may find yourself seeing emails which you wish you had not seen, for instance redundancy discussions, take over bid data etc.
- Out of Office messages which contain too much information are another weak link.
- Email is also an easy door for the cyber criminal for both identity theft and to attack social media sites. A few months ago the Associated Press (AP) Twitter account was hijacked through a bogus email containing a link to a fake website designed to steal log-in details.
Last but by no means least, is the challenge of the technology itself and especially smartphones. Many no doubt work on either your smartphone, tablet or laptop on your commute to and from the office. However, the Metropolitan Police recently reported that about 7,000 smartphones are stolen every month in London.
So what steps can you take to reduce the risk of a breach of security? You can tackle the challenge at two levels, individually and corporately. At the individual level you should:
- Check the email address of the person to whom you are sending the email – make sure it is the right John Smith.
- Never click on links in unusual emails.
- Set a simple Out of Office message which discloses the minimum of information about you and the company.
- Clean all attachments and wherever possible send them as PDFs.
- Be vigilant when using your smartphone etc in a public place and especially if you get up to take a break.
At the corporate level check your acceptable usage policy for:
- Protocol for using Out of Office messages – for example, only for internal senders, not at all, selected clients etc and what to say in it.
- Technology to password protect devices when stolen or lost.
- Encrypting emails with confidential information.
- Accessing public wi-fi networks.
- Educating the workforce about email and social media security.
It crucial to keep your IT Acceptable Usage Policy up-to-date. To check how vulnerable you are, use our free Acceptable Usage Policy Benchmarking tool.
Cyber crime now costs organisations over £27bn per year which is more than physical crime. Taking action before there is a breach of security is far cheaper than once it has occurred. If it is a serious breach you will need to run a damage limitation media campaign and may well still lose customers/patients. Mesmo Consultancy runs public and in-company workshops and webinars on how to improve email and social media security. For more information on how we can help you and your business please contact us on 01202 434340, by email to email@example.com.
Author profile: Monica Seeley
Dr Monica Seeley, founder of Mesmo Consultancy, is a leading international expert on how to reduce email overload and use email etiquette to improve personal and business performance.
Monica is a Senior Visiting Fellow at Sir John Cass Business School, City University and Bournemouth University Business School. She is Chairman of the Dorset Chamber of Commerce’s Council.
Monica is a respected commentator on the effective strategic use of electronic communications and often appears on the BBC and in the Financial Times. She has written several books, the latest being ‘Brilliant Email’. As the ‘Emaildoctor’ on Twitter - Monica posts daily tips on smart email management.