There’s a lot of confusion in the air currently for small businesses surrounding GDPR!
So let us set the record straight when it comes to sending emails.
If you are sending emails with personally identifiable information (PII) (here’s the ICO’s guide on what actually counts as personal data.) you need to take adequate lengths to protect it like using an easy protection service for small businesses like My Protected Mail!
The Format is Subject Message&cc=e-mail address;&bcc=e-mail address;&body=Text of the message, please change it for your own needs. And then click the OK button. See screenshot: 4. Now the mailto hyperlink is created. Click on this hyperlink, an Outlook email message will auto create with all specified information included.
It’s that simple.
So let’s look at some of the ways your emails could be putting your business at risk when the GDPR regulations come into effect on the 25th May 2018:
1. Failing to use BCC (Blind Carbon Copy)
When sending to multiple recipients, unless emailing internally, you’ll need to use the BCC function.
This means that any given recipient will only see their own email address, the sender’s, and any recipients in the carbon copy (CC) section. All other recipients are anonymised.
Failure to do this means that the name and email address (both PII information) are shared with other recipients without their prior consent! This is a breach of GDPR regulations.
2. Sending Sensitive Data to the Wrong Recipient
So many people are getting in hot water for this one! Not only is the distribution of sensitive data to an unintended recipient contravening the consent element of the GDPR. It is also likely to have a detrimental effect on the trust held between two parties, which can devastate a working relationship.
And, the ICO aren’t allowing the human error defence!
With the likes of UK law firm WilmerHale unintentionally sending details of whistleblowing investigations at PepsiCo to a Wall Street Journal reporter. The information came from the US Securities and Exchange Commission, as well as internal investigators. This mishandled data had the potential to cause significant damage to PepsiCo’s reputation, and its leak certainly did no favours for Wilmer et al.
Be careful, therefore, to double-check both the data being sent and the email addresses of recipients, to ensure that sensitive information does not fall into the wrong hands, or you could be in a world of trouble.
3. Un-Protected/Encrypted Attachments
It’s essential to encrypt critical information when sending it by email. This prevents interception, either by malicious or accidental means, and ensures that sensitive data is delivered securely.
This also includes making sure that you retain control over how the personal information is used once you have sent it too, by making sure the recipient can’t just copy, forward or blast out the sensitive information after you’ve sent it. You do this by encrypting the file rather than your computer or email system itself (we’ve written a handy guide on disk vs file encryption for small businesses here.)
My Protected Mail, for example, encrypts the file to make sure that it can’t be sent on to someone other than the intended recipient (you can’t even screen share the file via Skype, you just get a blank page!)
4. Preventing Opt-Outs/Automatic Opt-Ins
Under GDPR, people have the right to erasure, otherwise known as the right to be forgotten. If any recipient asks for their email address to be removed from a mailing list, you need to do it immediately. Also, if an individual requests that any data stored about them is deleted, you are legally bound to do so.
It’s also important to confirm active consent from the outset, you can no longer ask people to “opt-out” with an automatic opt-in box checked. As well as requesting manual entry of an individual’s email address, provide information about how their data will be stored, and ask them to check a box to confirm they understand and acknowledge this.
![How To Crack Bcc Email Function How To Crack Bcc Email Function](/uploads/1/2/5/7/125734771/171312199.jpg)
5. Including PII Without Taking Precautions
This isn’t just related to encrypting your one email, be careful with chains, “reply all” and forwarding emails that may contain the original PII on to those without permission. If you add additional recipients to a discussion, perform a check of the email content beforehand, and remove PII if it is present.
Taking the proper precautions beforehand ensures that your business is safe from fines but also that you are taking the responsibility of your clients or customer’s data.
For more information on using an easy system that doesn’t require you to install anything, check out My Protected Mail.
or,
if you need automatic email and file encryption, check out our AIP course on Udemy HERE.
Where you’ll learn:
- How to install and implement Microsoft’s Azure Information Protection to get automatic email and file encryption.
- How to make the most of the AIP features
- Exclusive walkthroughs
- Free support
- Understanding on what happens if you’re email is hacked!
If you’re still unsure about GDPR and email protection, take our Free Training on Understanding GDPR Email Protection HERE
Where you’ll get:
- Free support to ask questions about solutions etc.
- GDPR Terminology
- Industries prone to a GDPR breach
- Methods of Protecting emails (free and otherwise) to protect against a breach
I am bachelor level student and have been given an assignment in my Network Security course. Is it possible to find out the recipients added in the BCC field? If yes, then how?
Very interesting assignment indeed! Network security forum: https://security.stackexchange.com/ How to post a minimal, complete, and verifiable question in SL's term. ' Here are some tips to make sure your question qualifies: - Post only programming-related QUESTIONS and ANSWERS; - SEARCH for similar QUESTIONS or ANSWERS before posting; - Include relevant TAGS; - Follow community RULES: https://www.sololearn.com/Content-Creation-Guidelines/ DO NOT - Post spam/advertisement; - Use inappropriate language. * Post general discussions and open-ended questions in your feed. ** In case of an assignment, providing a code snippet is mandatory.'
Haider Javed Assuming the email client, the mail server, and network traffic haven't been compromised and everything is functioning as expected, then you won't be able to extract emails from the BCC.BCC email addresses are removed from the message envelope by the mail server and shouldn't be included in the message headers by the email client.Therefore, there would be no way of extracting addresses from the delivered emails.
BCC means to be hidden, cracking it is unethical act.
David is right. There is no information for anyone to do cracking here. Why should the mail server send and carry this hidden BCC information in the email, if it does not want to recipient to see it in the first place?I really wondering this is a course assignment from your study.. ?
Haider Javed I surely believe you now.. ?
Haider Javed If by application layer you mean the mail server, then sure, you can extract the BCC from the message envelope. However, this assumes you have access to the mail server as an admin and the mail service application code and configuration.
David Carroll so I cannot extract the addresses at the application layer?
Calviղ I assure you sir this is just a course assignment.