Meet the Bloggers Twitter BTSecureThinking YouTube Channel Blogroll About BT Looking for more?
BTSecureThinking Resources center

SecureThinking > SecureStrategies

Monday, September 12, 2011

Preventing Email Data Losses – Don’t Boil the Ocean

By Terry Greer-King, UK Managing Director for Check Point

The Information Commissioner’s Office (ICO) recently issued its first fine for data breaches by email to a Council that sent sensitive personal information to the wrong recipients.  The Council in question was fined £120,000 for failing to implement measures to avoid further data breaches, despite two previous warnings.

Corporate email poses one of the greatest risks for accidental data loss, and, due to the sheer volume of email sent by organizations on a daily basis, accidental data losses are almost inevitable.  Common mistakes include inserting the wrong email address, attaching the wrong file, and sending emails that contain sensitive and restricted data to the wrong recipient.

But how do you prevent these losses from happening?  Traditional Data Loss Prevention (DLP) solutions have attempted to address the email issue, but with limited success.  They usually take a long time to start working with any real effect, as intensive tailoring and ‘training’ is needed to help the solution classify data and files that are unique to each organization. 

Also, emails which the system identifies as potential data breach risks are usually flagged to the IT department, which then has to check with the email sender before either allowing or blocking the email.  When combined with the volume of outgoing email generated in any organization of more than 20 – 30 employees, the traditional approach to DLP quickly becomes unworkable, particularly if you are trying to identify the one or two rogue emails.  It’s the equivalent of trying to boil the ocean to find enemy submarines.

Prevention is the cure

Involving individual employees in the corporate security process is the only viable approach to avoid data loss incidents. It is also the only way to turn a DLP solution into a truly preventative tool, as opposed to a reactive tool. 

First, in order to increase user awareness, an effective DLP solution will alert the user before they can send an email that may cause a loss incident.  Let’s take the scenario of an employee who has composed an email, addressed it, and clicked on the ‘send’ button. 

The DLP solution should analyze the body of the email, as well as its attachments and the intended recipient’s address, against a set of pre-defined characteristics to identify potentially sensitive data.  This could include, for example, certain key words in the email body text such as ‘financial,’ ‘report,’ ‘specifications,’ ‘confidential,’ and so on. 

If the DLP solution detects a potential breach based on this analysis, it will override the ‘send’ instruction and present the user with a pop-up alert to inform of the potential data loss and ask how the user wishes to proceed.

The user will have to review the email and choose to:  a) to send the email and its attachments as it stands;  or b) correct the body text or remove suspicious attachments.   There should also be the option for the user to leave a brief explanation as to why he/she overrode the DLP solution’s alert. 

With data watchdogs becoming increasingly vigilant and forceful, it may be time for all businesses – especially those holding customer data – to consider the value of a DLP solution within their organization.  After all, with data losses, prevention is always better than a cure, and also helps to avoid hefty punishments, too.

  1. Guest Post: Power To The People: Empowering users and increase security
  2. First, Get Rid of Humans
  3. Guest Post: Malware in the Wild: Trojan Caught on Camera Shows CAPTCHA is Still a Security Issue

Posted at 11:42 AM
Tags: , , , , ,

Bookmark and Share

Leave a Reply