This morning, I received an urgent request to help a school retrieve an email sent in error to a group with an attachment of confidential data. We’ve all been there – sending an email to the wrong recipient or with the wrong attachment. But it can be especially concerning when the email contains sensitive information
This is far from an ideal situation but can, unfortunately, happen to any of us, there are steps to mitigate the risk that we will look at later, but in the immediacy, we need to do what we can to limit our exposure.
There are two scenarios; email sent internally and email sent to an external address.
If the email was sent internally (as in this organisation’s case), then there are a few options that we can take depending on the version of Google Workspace you are using:
- Access User’s inboxes directly by changing their password and deleting the received emails (not recommended for privacy, only to be done under very limited circumstances)
- Use Google Vault to create a retention period for the specific email content, entering the search term and sender. The minimum period is 1 day. Therefore the email will not be immediately deleted from a user’s inbox until 24 hours after the retention period is applied.
- BEST: Security Investigation Tool (Education Plus and Standard licensed organisations only). This is by far the best way to delete an erroneous email and also applies to spam and phishing emails:
- Navigate the Security Investigation Tool (again this is only for Education Plus and Standard licensed organisations)
- Choose either Gmail log events or Gmail messages in Data Source
- Enter appropriate attributes to search for the email, this could include subject, sender and content and then Search
- Once the emails have been identified as an admin you have the ability to delete the email from a user’s inbox. Note that any actions taken are recorded on the Admin log, and a business reason must be given before deletion.
The Security Center and Investigation Tools are very powerful and essential tools for Google Admins.
It’s important to have a plan in place for when an email is sent in error. By using the methods outlined above, you can take steps to delete the email and limit any potential damage caused.
If you would like to learn more about the premium Google Workspace Education Plus licenses drop myself an email firstname.lastname@example.org and we can set your organisation up with a free trial of these advanced security tools for 60 days.
Other tips to avoid this happening:
- Avoid adding attachments of files in Gmail, instead upload files to Google Drive and attach a Drive file – should anything be sent in error you still have the option to unshare the file from within Google Drive
- Admins can create DLP and/or email filter policies within the Admin Console to prevent the sharing of critical data. Drive Labels will also help identify and restrict sharing of confidential information.
- Utilise Undo Send from Gmail with a maximum time limit of 30 seconds!
Do you have any more tips?