Email security is more important than ever as the human error risk grows. More and more, firms like Winckworth Sherwood are looking to technology to manage risk and prevent data breaches.

Winckworth Sherwood is a UK top 100 firm with a history that goes as far back as 1777. The firm was already using DocsCorp productivity software for PDF creation and editing, and document comparison.

When our email security solution, cleanDocs, was updated to include email recipient checking, the firm decided to run a pilot program. It wanted to see if the software’s metadata management and recipient checking features in Outlook would help protect staff and prevent data breaches.
 

Why did Winckworth Sherwood need cleanDocs?

Human error has been one of the leading sources of data breaches in every quarterly report issued by the Information Commissioner’s Office (ICO) since the GDPR.

Christel Aguila, Head of IT at Winckworth Sherwood, agreed that “it is probably one of the most dangerous, if not the most common cause of data leaks,”.

The wrong email in the wrong hands has the potential to cost the firm thousands in fines and reputational damage.

Winckworth Sherwood wanted to keep sensitive client information safe and prevent data breaches – particularly when dealing with highly sensitive cases.

The firm’s IT department needed something more than the ‘delay-on-send’ approach in Outlook since it wasn’t practical. “Even if you do remember you made a mistake, it might be too late, and there’s nothing you or IT staff can do,” she said.

The firm also identified document metadata as an email security risk. “A big challenge is often having to explain metadata and why it’s necessary to have a metadata cleaning tool,” Christel said. “Key to overcoming this was showing users the data contained within their documents before and after cleanDocs, and how easy it was to leak sensitive information.”

How did the firm trial cleanDocs as part of its email security strategy?

Christel knew that for cleanDocs to meet the above requirements, an appreciation of its value was critical.

The firm embarked on a pilot program to trial the email security features: recipient checking and management.

Christel described the pilot process:

"cleanDocs was first tested by the IT Trainers to see how it worked and to make sure it didn’t slow down Microsoft Outlook. IT needed to know the add-in wouldn’t cause more issues than it solved. The IT Trainers also tested the various settings and configured it in a way that was least intrusive to users but provided them with the right flexibility when it came to acting on attachments or email recipients at the point of sending. The tool was then given to a pilot group of partners and lawyers. These were volunteers who wanted to use the product because they are genuinely concerned about the type of emails they send – most of which could cause huge embarrassment or damage should they end up with the wrong recipient.”

With cleanDocs, the pilot group could check the recipient list for external or blacklisted email domains, Reply All, and Forward actions, and confirm that they were all as intended. At the same time, users actioned metadata cleaning to remove hidden information.

Christel found that “no one from the pilot group complained about the prompts. In fact, users have said to me that ‘these prompts have saved my bacon.”

Ultimately, cleanDocs turned out to be a valuable email security asset for the firm. “It has definitely reduced the number of emails ending up in the wrong hands. It’s just one of those tools in our suite of tools to protect client data and protecting client data is a must for law firms regardless of GDPR.”

The cleanDocs trial was just one part of Winckworth Sherwood’s plan to prevent data breaches and bring data workflows in line with the GDPR. Read the case study to discover all the ways the firm strengthened data protection.

Related