Blog | G5 Cyber Security

Email Forwarding & Confidential Data

G5 Cyber Security

TL;DR

Forwarding emails or copying information from confidential sources carries risk. Always consider if you *need* to share the data, redact sensitive details before sharing, and be aware of your organisation’s policies.

Best Practices for Email Forwarding & Confidential Data

  1. Think Before You Share: The first step is always asking yourself if forwarding or copying is necessary. Is there another way to communicate the information? Can you summarise instead of sharing the full email/document?
    • If possible, avoid sharing confidential data altogether.
    • Consider a phone call or meeting instead.
  2. Understand Your Organisation’s Policies: Most organisations have clear rules about handling sensitive information. Familiarise yourself with these policies before forwarding anything.
    • Check your company intranet, HR documentation, or IT security guidelines.
    • If unsure, ask your manager or the cyber security team for clarification.
  3. Redact Sensitive Information: If you *must* share an email or copy information, remove any confidential details before doing so.
    • This includes personal data (names, addresses, dates of birth), financial information (account numbers, credit card details), and proprietary business data.
    • Be thorough – even seemingly insignificant details can be valuable to malicious actors.
  4. Forwarding Emails: When forwarding an email:
    1. Edit the Forwarded Email: Remove any unnecessary confidential information from the body of the forwarded email itself.
    2. Add a Warning: Include a clear warning at the top of the forwarded email stating that it contains sensitive information and should be treated accordingly. For example: “Please treat this email as confidential.
    3. Consider BCC: If forwarding to multiple recipients who don’t need to see each other’s addresses, use the Blind Carbon Copy (BCC) field.
  5. Copying and Pasting Information: When copying and pasting information:
    1. Review Carefully: Before pasting into another document or email, carefully review the copied text to ensure no sensitive data is included that shouldn’t be shared.
    2. Use Plain Text if Possible: Pasting as plain text can remove formatting that might inadvertently include hidden metadata. Most applications have an option like “Paste Special” -> “Unformatted Text”.
    3. Be Aware of Screenshots: Avoid taking screenshots of confidential information whenever possible, as they are easily shared and difficult to control.
  6. Secure Your Email Account: A compromised email account can lead to the accidental or malicious sharing of sensitive data.
    • Use a strong, unique password.
    • Enable two-factor authentication (2FA).
    • Be wary of phishing emails.
  7. Report Security Incidents: If you suspect that confidential information has been accidentally shared, report it to your organisation’s cyber security team immediately.
    • Don’t delay – the sooner an incident is reported, the better chance of mitigating any damage.
Exit mobile version