We’ve all been there: cursor hovering over the “send” button as we carefully proofread an email for silly errors, before dispatching the message to dozens or more people. But five minutes after sending, you get an email back from someone you’ve never heard of, saying: “Are you sure I was meant to be copied into this email?”
The “misaddressed email” problem can be blamed on any number of factors, including human laziness and email autocomplete gone awry, but it’s a problem nonetheless. And the severity of the issue is only compounded when the email in question contains highly sensitive information.
And this is why London-based CheckRecipient is setting out to target businesses with an email security platform that uses machine learning to ensure sensitive data doesn’t end up in the wrong hands due to a wrongly addressed email.
Founded in 2013 by a triumvirate of engineering graduates from London’s Imperial College, CheckRecipient has today announced a $2.7 million round of funding from Accel and LocalGlobe, with participation from Winton Ventures, Amadeus Capital Partners, and Crane, in addition to the $1 million it had previously received in various seed and angel rounds. The company says it will use its fresh cash influx to double the size of its current team to 24, with a specific focus on hiring engineers.
To prevent misaddressed emails, CheckRecipient scans a company’s historical email data to establish patterns and then applies machine learning to identify any anomalies in the recipient list, thereby allowing users to fix any errors before sending.
The warning system is similar in concept to existing features in certain email clients that detect the word “attached” or “attachment” in an email body text, then asks you if you really want to send an email before attaching a document. Except in CheckRecipient’s case, the platform scans a recipient list and email content to determine whether someone has been copied erroneously.
But aren’t companies concerned about opening their confidential email information to a third party such as CheckRecipient? According to CEO Tim Sadler, the CheckRecipient software only analyzes metadata associated with the emails. “CheckRecipient requires minimal information transfer from organizations,” he told VentureBeat. “In fact, it’s this data minimization technique that is one of the core pieces of IP which allows our platform to classify and remediate email data in near-real time.”
The company says that it’s already being used by “blue-chip names” across the finance and legal industries, including hedge fund giant Man Group, and is eyeing a U.S. launch “shortly.” Moreover, the company said that it’s working on expanding CheckRecipient’s technology to address “additional security concerns that organizations have identified with email and documents.”
Cybersecurity has emerged as one of the biggest areas for VC investment in recent times, and as with other industries, machine learning and artificial intelligence is increasingly being used to automate the process of detecting malware and cyber attacks. For example, a company called Cylance raised $100 million last year for its algorithm-based security protocols that inspect networks for weaknesses and shuts them down if detected.
But while companies are on the lookout for external threats, often simple human error is to blame for security breaches. We’ve seen a marked rise in phishing attacks that target company employees with legitimate-seeming emails from someone pretending to be a senior executive at the firm — last year, a Snapchat employee was targeted by a scammer impersonating CEO Evan Spiegel, with the perpetrator obtaining some payroll data off the back of it. This is known as spear phishing, or “business email compromise,” and is one area that CheckRecipient could expand into.
“The techniques we use to identify misaddressed emails can also be used to spot highly targeted spear phishing emails,” added Sadler. “This is something that we’re currently working on bringing to the CheckRecipient platform.”
For the time being, however, CheckRecipient is targeting an often-overlooked facet of online security by helping companies eliminate basic human error from sending emails.
“It’s human nature to fear the shark when we go swimming, but it’s crossing the road, an activity we do daily almost without thinking, that is more likely to kill you,” said Sadler. “There’s currently an obsession with the detection of malicious insider and external attackers, but the most common data security incidents reported to the ICO (the U.K.’s Information Commissioner’s Office) are all linked to human error. CheckRecipient allows organizations to demonstrate diligence to both clients and regulators by managing the risk of misaddressed emails. It also helps firms to protect staff from mistakes, which could cost them their career, in highly regulated, reputation-driven sectors such as law and finance.”