Bulletproof’s range of cyber security, data protection and compliance services are your best defence against threats to your business. With nearly a decade of providing trusted security services, we’re continuing our mission of solving the greatest cyber security & compliance challenges through innovation and simplicity. Explore our range of services and find out how Bulletproof can help your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you.
Discover CREST penetration testing & continuous security
Internal & external infrastructure, network & system testing
Manage multiple tests & get external security assurance
Thoroughly assess your web apps & APIs for security flaws
Test your response to a simulated real-world cyber attack
All cloud platforms & services tested, including Azure & AWS
Test your human cyber defences with social engineering
Android, iOS & custom mobile application security testing
Find out more about penetration testing – what it is, when you need it, and why it’s a core component of any business. Discover how pen test helps with compliance, powers best practices, and helps your organisation win new business.
Gap analysis, implementation, audits & more from GDPR experts
On-going support to easily manage your data protection obligations
Consultant-led support to meet all levels of DSPT submission
Flexible & engaging data protection training from certified experts
Get peace of mind that your data protection is being managed by trusted, certified consultants. All Bulletproof data protection services are delivered by our highly trained, experienced and qualified staff.
Gap analysis, implementation, audits & more from dedicated ISO consultants
Find the next step in your strategy with this consultant-led assessment
Get quick & easy CE certification with a range of feature-packed packages
Flexible access to top-tier information security strategy & management
Experienced SOC 2 consultants, AICA audits & compliance automation platform
On-site, remote and video-based security training to boost your resilience
Affordable expertise & support to help you meet & maintain PCI DSS compliance
Go beyond compliance with information security services that are designed to give real operational benefits to your business. All delivered by seasoned, certified Bulletproof security consultants.
24/7 defence against cyber attacks with proactive threat detection
Get help responding & recovering from cyber incidents
Detect, analyse and stop cyber attacks with real-time prevention
Forensic support & data recovery following cyber attacks
Stay on top of new vulnerabilities with powerful, flexible scanning
Evaluate your wireless network for security weaknesses
Discover how your business can identify & manage cyber threats
Comply with regulations, meet certification standards & best practices
Train and test your staff for security resilience, data protection & compliance
No matter what your cyber or compliance challenges, Bulletproof is here to help. We like to work with you as a trusted partner to solve problems, not sell services. No pressure tactics and no false promises.
Learn about our mission to make cyber & compliance accessible to all
Grow your business with high-margin, high-value & partner-ready services
Become part of the Bulletproof team & supercharge your career
Bulletproof’s in-house SOC powers our Managed SIEM & MDR services
We love to talk. Tell us about your cyber & compliance challenges
At Bulletproof we love to solve problems with simplicity & innovation. It’s our mission to make compliance & cyber security services accessible to all. We take pride in building and nurturing teams of exceptional talent, so we’re confident that our cyber security & compliance services are the best way to stay one step ahead of the hackers and protect your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you, no matter what you have to say.
Get the latest news, views & expert insight in the world of cyber security, data protection & compliance
A helpful index of cyber security terms, compliance acronyms and industry terminology to make life easy
Discover what we have to say about the threat landscape & what businesses need to know to get ahead
Find out how we can make companies like yours Bulletproof. Don’t take our word for it, hear direct from our clients
Detailed insights & helpful tips for understanding penetration testing, data protection & more
Interesting data & top tips at a glance, with insightful infographics covering all areas of cyber security & compliance
Watch our experts talk through their thoughts & opinions on a variety of security & compliance topics
See when & where we’re going to be bringing Bulletproof insight to an event near you
Ayisha Bari
Find out what ransomware is, how attacks work & types of attack to help you get started with keeping ransomware out of your business.
Read More
Electronic mail (or email) is an integral part of how businesses function and has been a fundamental communication tool across all industries. Email communication has been used to interact instantly with employees and customers, as well as to share important information to the wider public. Emails are also effective as they can be used to connect two or more people by allowing businesses to send messages en masse to a targeted list of contacts quickly and efficiently.
Sending bulk emails allows individuals to send copies of an email to multiple people to keep them in the loop on a project and give them visibility over a subject or an event. However, there are also pitfalls that can occur when sending emails to more than one person, such as revealing sensitive business-related information to unintended recipients.
Your conventional email client has three core sections for adding contacts when composing an email – To, Cc, and Bcc. Each affects who receives and has visibility of an email. In this blog, we discuss the differences between Cc and Bcc, how to avoid using the Bcc function incorrectly, and who to contact in case sensitive data is sent to the wrong person and the confidentiality of email recipient is breached.
Bcc (Blind Carbon Copy) is a way of sending copies of emails to someone other than those listed as primary recipients. Bcc recipients are 'blind' to the rest of the parties in the email chain. The reasons for adding someone as a Bcc is to maintain their privacy when sending an email. Bcc keeps recipients invisible from the rest of the contacts in the email and for this reason, can also be useful when sending an email to large groups of people to protect their identities from each other.
Recipients listed as Cc (Carbon Copy) are visible to those both Cc'd and Bcc'd. Meaning when someone is Cc'd into an email, the Cc list is visible to all other recipients, unlike when individuals are Bcc'd into an email.
It's understandable to go into a blind panic when you realise you've just sent an email to 50 people, when you should've used Bcc. To mitigate risk when sending emails using Bcc, there are a few steps that can be taken to ensure the correct recipients receive correspondence and reduce the risk of employees misusing Bcc.
If things have gone wrong when sending an email, the first thing you'll need to do is to try to contain and mitigate the issue. You should consider the following if an incident occurs where an email puts contacts and personal information at risk of exposure:
You can also recall an email. If you and the recipient are both using Microsoft Exchange or Microsoft 365, and are both on the same domain (e.g., @outlook.com, @Bulletproof.co.uk, etc.), and they have yet to open the email, it can be recalled or replaced. A few qualifiers there, but it could save you a headache!
If it is likely that there is a risk to the rights of these recipients due to the incorrect use of Bcc and sensitive data has been shared with the wrong people, you will need to consider informing the Information Commissioner's Office (ICO) about the incident. By completing a self-assessment, you can establish if a specific breach needs to be reported to the ICO. You have 72 hours to report a personal data breach, such as sending an email to the wrong person, either through spotting it yourself or being told by a recipient. Reporting such an incident to the ICO and showing that you're taking actions to mitigate a similar breach from happening again, reduces the risk of the ICO investigating after a data subject files a complaint that could lead to your organisation receiving a fine.
In 2021, HIV Scotland, a charity known for the successful advocacy for people living with and at risk of HIV, accidentally used the Cc feature when sending an email instead of Bcc, which revealed the email addresses of all the intended recipients to all that received the email. HIV Scotland was fined £10,000 for failing to Bcc the 105 recipients of the email. 65 of those email addresses identified people by name.
It was found upon investigation that the charity had a lack of policies and staff training, and even though it had procured a bulk mailing tool, employees were continuing to use the much less secure methods of Bcc'ing on large emails 7 months later. This case demonstrates a lack of care taken by HIV Scotland in addressing the risks that they ironically said they recognised. It also proves that with effective staff training, errors such as this can be avoided, and personal data can be protected with the correct technical and organisational measures in place.
Richard is a seasoned senior GDPR and data protecton consultant who uses his experience in GDPR compliance to write with passion and insight on GDPR and data protection. Heading up Bulletproof's GDPR team, he makes sure that our services and individual data protection consultants are all at the top of their game.
Our GDPR consultants are certified and experienced data protection experts. Find out more about how we support organisations across a range of industry sectors, successfully guiding them through the complex responsibilities of GDPR and data protection.
If you are interested in our services, get a free, no obligation quote today by filling out the form below.
I'd like to receive Bulletproof communications about relevant services and events
For more information about how we collect, process and retain your personal data, please see our privacy policy.