Cybersecurity has quickly become the world’s fastest growing form of criminal activity, and is showing no sign of slowing down with the number of attacks on businesses continuing to increase. COVID-19 has acted as a catalyst for this, with hackers taking advantage of remote workers during challenging times.
Despite innovations and sophistication in hacking methods, one of the main means of data loss is insiders, including employees making mistakes. Humans make errors – stressed, distracted employees will make even more mistakes. And with sensitive information on the line, such as regulatory compliance to safeguarding Intellectual Property (IP), companies are increasingly concerned about the risk of inadvertent data loss. But how can this threat be mitigated? Andrea Babbs, UK General Manager, VIPRE SafeSend, emphasises the importance of implementing a crucial double check to improve email security culture.
Human Error
Business reliance on email is creating a very significant cyber security risk – and not simply due to the increasing volume and sophistication of phishing and ransomware attacks. Given the sheer volume of emails sent and received a day (over 300 billion every day in 2020), mistakes are inevitable. Employees are trusted with company-sensitive information and assets, and many are permitted to make financial transactions – often without requiring additional approval. Furthermore, with strict data protection requirements in place, not only GDPR, but also industry specific regulations, organisations clearly require robust processes to mitigate the risk of inadvertent data loss.
According to reports, 34% of all breaches are caused by insider fault, yet many employees are unaware of their responsibility when it comes to data protection. Should confidential corporate information fall into the wrong hands, the consequences could be devastating, including financial penalties, loss of trust and competitors gaining an advantage. BitMEX, one of the world’s largest cryptocurrency trading platforms accidentally leaked thousands of private customer email addresses when they sent out a mass mailshot without using the BCC function. But how could this mistake be stopped? What employees need is a way to better manage their email functions, with an opportunity for potential mistakes to be flagged before an individual hits send, for example showing who is in the to, cc and bcc fields.
Additional Layers
Few organisations have a clear strategy for helping their employees understand how a simple error can put the company at significant risk; even fewer have a strategy for mitigating that risk and protecting their staff from becoming an insider threat. But more importantly, what they may not be aware of is that there is a solution available that can add a layer of employee security awareness.
Businesses can help employees avoid simple mistakes, such as misaddressed emails, by providing a simple safety check, which alerts users to confirm both the identity of the addressee(s) and, if relevant, any attachments. The solution can be configured to work on a department or user basis, for example, a business may not want HR to be able to mistakenly send sensitive personal information to anyone internally and therefore require a confirmation for all emails.
In addition to confirming email addresses and attachment(s), the technology can also check for keywords within the email content using Data Loss Prevention rules, and each business can set its own requirements and parameters determined by corporate security protocols. Any emails, including attachments containing these keywords, will be flagged, requiring an extra process of validity before they are sent without impeding working practices, and providing users with a chance to double check whether the data should be shared with the recipient(s).
The Essential ‘Pause’ Moment
Deploying an essential tool that prompts for a second check and warns when a mistake is about to be made helps organisations mitigate the risk of accidental error, and the potentially devastating consequences that might have on the business. Accidentally CCing a customer, rather than the similarly named colleague, will be avoided because the customer’s domain will not be on the allow list and therefore automatically highlighted. This is more crucial than ever before with employees dispersed across a range of locations as part of hybrid working. Such tools can support mixed operating system environments and DLP add-ons can be given to certain departments and groups who handle very sensitive information such as employee or legal data.
This type of tool is key for companies and reinforces a security culture, building on education and training, with a valuable solution that helps users avoid the common email mistakes that are inevitable when people are distracted, tired or stressed. It provides an essential ‘pause’ moment, enabling individuals to feel confident that emails have been sent to the right people and with the right attachments.
In addition to checking the validity of outbound and inbound email addresses and attachments, it can also support in minimising the risk of staff falling foul of a phishing attack. For example, an email that purports to come from inside the company, but actually has a cleverly disguised similar domain name, such as receiving an email from V1PRE, as opposed to VIPRE. The technology will automatically flag that email when the user replies showing that it is not from an allowed domain, enabling the user to cancel send and avoid falling for the phishing attack.
Conclusion
Email is arguably the key productivity tool in most working environments today, placing much of the responsibility for secure use of that tool on employees. But supporting staff with an extra prompt for them to double check they aren’t mistakenly sharing confidential data helps to raise awareness, understanding and provides that essential security lock-step – before it’s too late. The premise is not to add time or delay in the day to day management of email; it is about fostering an attitude of awareness and care in an area where a mistake is easily made
No organisation is immune to human error, but by having a clear strategy in place to address the issue of misaddressed emails and data loss through emails, as well as mitigating the associated risks helps businesses to remain compliant and secure. It’s all about increasing awareness and improving email culture where mistakes can so easily be made, while reinforcing compliance credentials.
27 comments
Hello, you used to write great, but the last several posts have been kinda boringK I miss your tremendous writings. Past few posts are just a bit out of track! come on!
certainly like your web site but you need to check the spelling on quite a few of your posts. Many of them are rife with spelling problems and I find it very bothersome to tell the truth nevertheless I’ll definitely come back again.
I’m so happy to read this. This is the kind of manual that needs to be given and not the accidental misinformation that is at the other blogs. Appreciate your sharing this best doc.
Hello. Great job. I did not anticipate this. This is a impressive story. Thanks!
Everything is very open and very clear explanation of issues. was truly information. Your website is very useful. Thanks for sharing.
great points altogether, you just gained a brand new reader. What would you suggest in regards to your post that you made a few days ago? Any positive?
We’re a group of volunteers and opening a new scheme in our community. Your website offered us with valuable information to work on. You have done an impressive job and our whole community will be thankful to you.
Regards for helping out, great information.
Dead indited written content, Really enjoyed reading through.
I found your weblog site on google and test a couple of of your early posts. Proceed to maintain up the very good operate. I simply extra up your RSS feed to my MSN News Reader. Looking for forward to studying extra from you later on!…
I reckon something truly special in this web site.
excellent issues altogether, you simply won a emblem new reader. What may you suggest about your put up that you made a few days ago? Any positive?
I have recently started a web site, the information you provide on this site has helped me tremendously. Thanks for all of your time & work.
It’s really a nice and helpful piece of information. I’m glad that you shared this helpful information with us. Please keep us up to date like this. Thanks for sharing.
Thanks for all of the work on this website. Kate take interest in setting aside time for internet research and it is easy to understand why. Almost all learn all of the lively ways you present very helpful tricks through the web blog and as well invigorate contribution from visitors on that point plus our daughter is truly studying so much. Have fun with the remaining portion of the year. You have been conducting a first class job.
I dugg some of you post as I cogitated they were very useful extremely helpful
Only a smiling visitant here to share the love (:, btw great style.
Some really fantastic info , Sword lily I observed this.
Its fantastic as your other blog posts : D, thankyou for posting. “Reason is the substance of the universe. The design of the world is absolutely rational.” by Georg Wilhelm Friedrich Hegel.
Very good written article. It will be valuable to anybody who utilizes it, including yours truly :). Keep doing what you are doing – for sure i will check out more posts.
I am extremely impressed with your writing skills as well as with the layout on your weblog. Is this a paid theme or did you modify it yourself? Either way keep up the excellent quality writing, it is rare to see a great blog like this one nowadays..
Well I really liked studying it. This post procured by you is very useful for good planning.
Real informative and fantastic anatomical structure of written content, now that’s user pleasant (:.
It¦s truly a great and helpful piece of info. I¦m glad that you shared this helpful info with us. Please keep us informed like this. Thanks for sharing.
Hi, I think your website might be having browser compatibility issues. When I look at your blog site in Safari, it looks fine but when opening in Internet Explorer, it has some overlapping. I just wanted to give you a quick heads up! Other then that, terrific blog!
F*ckin’ amazing things here. I am very glad to see your post. Thanks a lot and i’m looking forward to contact you. Will you please drop me a e-mail?
Howdy! Someone in my Myspace group shared this website with us so I came to take a look. I’m definitely enjoying the information. I’m book-marking and will be tweeting this to my followers! Terrific blog and excellent design.