Wednesday, October 19, 2011

Blame the humble “CC” for data leaks

Many of us have either been a victim off or perpetuator of the “CC” gaffe. Instead of using the “BCC” function we inadvertently send mails using a “CC” which results in recipients being aware of the other members of the group. Whether it is a party invite or a large bank disclosing the name of its high rollers, the simple “CC” is one of the big sources of inadvertent data leaks.
Many times we deliberately “CC” a wider audience to make sure we cover anyone remotely concerned with the mail contents irrespective of information confidentiality and adherence to the simple principle of need to know. These fringe recipients may not value the information, forwarding or disclosing it to others. In extreme cases copies of these mails find their way to media or social networks. If you are surprised at how quickly your organization’s grapevine got hold of the news, the humble “CC” may be to blame!

1 comment:

  1. Actually Websense DLP research team added a policy about 4 years ago which can prevent such cases , the policy have different rules which can be applied only on the TO and CC fields and can alert/block emails with more than X email addresses and/or more than X different domains

    Lior Arbel Websense