Forwarding an email is quick and easy.
But before you click “Forward,” ask yourself:
Does everyone receiving this information actually need it?
Many workplace information leaks do not happen because of hackers or malware.
They happen because information is shared with the wrong people, forwarded too broadly, or sent without considering who truly needs access.
Why This Matters
Not all information is intended for everyone.
Some emails may contain:
• confidential business information
• customer or client details
• employee information
• financial data
• internal discussions and decisions
• sensitive documents and attachments
Once information is forwarded, you may lose control over where it goes next.
A single unnecessary forward can expose information to individuals who were never intended to receive it.
Common Mistakes
Employees sometimes:
• forward entire email chains without reviewing the content
• include recipients who do not need the information
• share sensitive attachments unnecessarily
• forward emails to personal accounts for convenience
• assume that because information is internal, it is safe to share widely
These actions can increase the risk of accidental disclosure and data leakage.
Before You Forward, Ask Yourself
• Does the recipient need this information to perform their job?
• Am I authorized to share this information?
• Does the email contain sensitive or confidential content?
• Am I forwarding more information than necessary?
• Could this information be misused if sent to the wrong person?
If the answer is uncertain, take a moment to verify before forwarding.
What You Should Do
• follow the principle of “need-to-know”
• share information only with authorized recipients
• review attachments and email history before forwarding
• remove unnecessary recipients from email chains
• confirm recipient addresses before sending sensitive information
Final Reminder
Information security is not only about protecting systems.
It is also about protecting information.
Before forwarding any email, pause and consider whether everyone receiving it truly needs access.
The safest information is information shared only with the right people.
🔐 CyberDesk – Protecting Our Digital Workplace
