Corporate email presents one of the biggest risks of accidental data loss. In fact, given the sheer number of emails an organization sends every day, breach incidents are inevitable. Common mistakes include auto-filling the wrong email address, attaching a different file than the one intended, or sending out sensitive data that really shouldn’t be emailed.
Anyone within an organization could potentially cause a data breach, at any time and in a matter of seconds. Employees may not realize what they’ve done until after the email has been sent. Unfortunately, just one such incident can damage a businesses’ reputation and lose customers.
A CSO from a large organization recently confessed to me that most of his time is spent trying to protect users from their own mistakes. When it comes to securing a key business tool such as email, companies should think about educating employees even before deploying any technological safety net.
No malice intended
Our research found that about 90% of data loss incidents are innocent errors. Most of the time, losses result from very simple actions, such as an employee sending a file to their personal web mail account, so they can work on the document from home. Although the employee has good intentions, such practice is often against corporate policy and can run the risk of turning into a data breach.
So how can businesses efficiently prevent data incidents from happening? Involving individual employees in the corporate security process is the only viable approach to avoid data loss incidents. It is also the only way to turn a DLP solution into a truly preventative tool – as opposed to a reactive tool.
For businesses, proactively educating users about the potential security issues that can arise from seemingly innocuous actions – like sending an email – and reinforcing their overall DLP awareness, will provide the first key defense against data breaches. Let’s take a closer look at this user-focused approach to DLP and how it could work.
First, in order to increase the user awareness, an effective DLP solution will alert the user before they can send a suspicious email that may cause a loss incident.
Let’s take the scenario of an employee who has composed an email, addressed it and clicked on the ‘send’ button. A useful DLP solution should analyse the body of the email with its attachments compared with a set of pre-defined characteristics to identify potentially sensitive data. This could include for example, certain key words in the email body text such as ‘financial’, ‘report’, ‘specifications’, ‘confidential’ and so on.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.