Request a Demo of Tessian Today.
Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

See a sneak peek of Tessian in action featuring admin and end user experiences. Watch the Product Tour →

Email DLP

Read our latest articles, tips and industry-specific news around Data Loss Prevention (DLP). Learn about the implications of data loss on email.

Email DLP
Introducing Tessian Architect: The Industry’s Only Intelligent Data Loss Prevention Policy Engine
By Ed Bishop
11 October 2021
Legacy Data Loss Prevention is quickly becoming an antiquated technology that isn’t evolving to meet the needs of enterprise organizations. Most of these solutions rely heavily on rules, create massive overhead for admin teams, and typically require constant manual fine-tuning to manage the myriad of false alerts.  And even with legacy DLP in place, data breaches continue to happen.  Perhaps the most important aspect to consider with legacy data loss prevention, is that static policies are often not as effective as we need them to be. They tend to be severely limited, and often restrict employees far more than what is necessary. These cumbersome solutions are based on known signatures, which don’t account for unknown anomalies, or consider the friction and latency they produce when implemented.  Here at Tessian, we believe that the next generation of Data Loss Prevention is fundamentally about shifting away from a static, rules-based approach, to a dynamic, behavioral approach that can address the specific context of each potential incident.  We have seen first hand how Data Loss Prevention has become too reliant on static rules and places far too much burden on admin to identify, investigate and remediate sensitive data loss. That’s why we built Guardian and Enforcer, to automatically prevent both accidental data loss and sensitive data exfiltration to unauthorized accounts.  However, we have also seen that custom policies, when combined with dynamic behavioral analysis, plays an important role for an organization’s DLP strategy. When policies are used, they should be intelligent where applicable, be easy to configure and manage, and leverage end-user remediation to reduce administrative burden. Now with Tessian Architect, enterprises can now deploy powerful intelligent DLP policies. Architect completes Tessian Guardian and Enforcer and provides the market’s best-in-class Email DLP platform.
Here Are Some of the Top Use Cases Architect Can Address Detect hidden content in Excel spreadsheets to prevent accidental disclosure of sensitive data Use regular expressions to detect specific data types and identify high severity breaches by defining unique match thresholds (e.g. more than 5 unique records) Warn on sensitive attachments without Microsoft Information Protection labels, and detect when attachments labelled as ‘Confidential’ are sent to unauthorized accounts Educate and remind users when a sensitive attachment has been labelled as ‘Public’ or ‘General’  Set up intelligent information barriers to prevent sensitive data sharing between teams Detect PII/PHI shared externally in bulk Detect financial data such as credit card numbers and bank account numbers Detect unencrypted personal health information shared externally Block attachments containing high volumes of PII from being sent to unauthorized accounts Use Architect to migrate and simplify DLP policies from legacy tools and consolidate related policies using powerful logic blocks. Use Architect to enhance rule-based legacy DLP policies with machine learning such as Tessian’s sensitivity algorithm and minimise the number of false positives
How Does Tessian Architect Work? Let’s take a deeper look at the product.  Create Custom Policies or Deploy Pre-built Tessian DLP Policies These new DLP capabilities allow administrators to quickly and easily build DLP policies to meet basic and advanced data loss requirements, including establishing and maintaining regulatory compliance.  Choose from pre-built policies that solve for your specific use cases or industry requirements, or build your own policies to meet your unique organization’s needs. Use community policies to adopt best practices sources from industry leaders in the Tessian Network. Policies may contain any number of DLP conditions and can be simple or complex, rely entirely on machine learning, basic rules, or both. Testing, tuning and rolling out policies can be done within hours, not days, weeks, or months. Test a policy change in production in as little as one minute. 
Analyze Email DLP Policy Performance Across Your Security Environment Quickly view real-time policy performance and determine what types of data loss are most prevalent in your organization. Insights are provided such as the number of data loss events detected, as well as information about those data loss incidents within specified time periods.
Policy Editor Provides Maximum Protection for Sensitive Data Build advanced, nested-logic policies and consolidate multiple policies that are related to similar topics. This is needed for advanced use cases to allow companies to consolidate and simplify policies as they’re migrating legacy DLP policies.
Integrate with Any Data Classification System, including Microsoft Information Protection (MIP)  Combine the machine learning and behavioral approach of Tessian with Microsoft Information Protection and data classification to further protect against sensitive data loss. Tessian detects sensitive attachments without Microsoft Information Protection labels. In addition, Tessian will also detect when data labeled “confidential” is about to be sent to unauthorized parties.
In-the-Moment Educational Warnings to Stop Accidental Data Loss and Sensitive Data Exfiltration in Real-Time Tessian warnings act as in-the-moment training for employees, continuously educating them about exfiltration, reinforcing your policies, and nudging them toward safe email behavior. Automatically build individualized policies at scale to reduce high-risk email use and track trends in unsafe activity over time.
Benefits of Tessian Architect 1. Automatically Stop Sensitive Data Exfiltration to Unauthorized Parties: Whether it’s an employee negligently sending emails to unauthorized or personal accounts, or individuals maliciously stealing company intellectual property, Tessian automatically stops sensitive data from being sent to any unauthorized recipients. 2. Automated and Pre-built DLP Policies: Take the guesswork out of building DLP policies with Tessian’s policy library, with the flexibility to build your own to adhere to your organization’s unique data protection requirements. 3. Reduce Admin Burden by Order of Magnitude: Reduce admin overhead with end-user remediation and powerful policy logic that simplifies DLP configurations. Cut through noisy DLP alerts and gain new visibility of high severity incidents and anomalous activity. 4. Ensure Regulatory Compliance: Protect against non-compliant activity and prevent users from sharing confidential data with non-business, personal addresses /unauthorized recipients; track and block compliance breaches in real-time. 5. Clear ROI: Many solutions simply report on data loss events; they don’t actually reduce sensitive data exfiltration and risk to the organization. Tessian is different. Security leaders can easily build and deploy DLP policies and show how those policies are proactively helping to improve the organization’s security posture. The benefit? You’ll become a trusted partner across your organization.
Learn more about Data Loss Prevention for the Human Layer  Tessian uses behavioral analysis to address the problem of accidental or intentional data loss by applying human understanding to data exfiltration incidents. Guardian: Automatically prevents accidental data loss via misdirected emails and misattached files. No rules required. Enforcer: Automatically prevents data exfiltration and other non-compliant activities on email  Human Layer Security Intelligence: Comprehensive visibility into employee risks, threat insights, and tools that enable rapid threat investigation and proactive risk mitigation Human Layer Risk Hub: Enables security and risk management teams to deeply understand their organization’s email security posture, including individual user risk levels and drivers Learn more about Tessian Interested in learning more about Tessian Architect? Current Tessian customers can get in touch with their Customer Success Manager. Not yet a Tessian customer? Learn more about Tessian Architect, or book a demo now.
Data Exfiltration Email DLP Integrated Cloud Email Security Compliance
You Sent an Email to the Wrong Person. Now What?
By Maddie Rosenthal
04 October 2021
So, you’ve accidentally sent an email to the wrong person. Don’t worry, you’re not alone. According to Tessian research, over half (58%) of employees say they’ve sent an email to the wrong person.   We call this a misdirected email and it’s really, really easy to do. It could be a simple spelling mistake, it could be the fault of Autocomplete, or it could be an accidental “Reply All”. But, what are the consequences of firing off an email to the wrong person and what can you do to prevent it from happening?   We’ll get to that shortly. But first, let’s answer one of the internet’s most popular (and pressing) questions: Can I stop or “un-send” an email?
Can I un-send an email?   The short (and probably disappointing) answer is no. Once an email has been sent, it can’t be “un-sent”. But, with some email clients, you can recall unread messages that are sent to people within your organization.    Below, we’ll cover Outlook/Office 365 and Gmail. Recalling messages in Outlook & Office 365   Before reading any further, please note: these instructions will only work on the desktop client, not the web-based version. They also only apply if both you (the sender) and the recipient use a Microsoft Exchange account in the same organization or if you both use Microsoft 365.    In simple terms: You’ll only be able to recall unread emails to people you work with, not customers or clients. But, here’s how to do it.   Step 1: Open your “Sent Items” folder Step 2: Double-click on the email you want to recall Step 3: Click the “Message” tab in the upper left-hand corner of the navigation bar (next to “File”) → click “Move” → click “More Move Actions” → Click “Recall This Message” in the dropdown menu Step 4: A pop-up will appear, asking if you’d like to “Delete unread copies of the message” or “Delete unread copies and replace with a new message” Step 5: If you opt to draft a new message, a second window will open and you’ll be able to edit your original message   While this is easy enough to do, it’s not foolproof. The recipient may still receive the message. They may also receive a notification that a message has been deleted from their inbox. That means that, even if they aren’t able to view the botched message, they’ll still know it was sent. There’s more information about recalling emails in Outlook here.  
Recalling messages in Gmail   Again, we have to caveat our step-by-step instructions with an important disclaimer: this option to recall messages in Gmail only works if you’ve enabled the “Delay” function prior to fat fingering an email. The “Delay” function gives you a maximum of 30 seconds to “change your mind” and claw back the email.    Here’s how to enable the “Delay” function.   Step 1: Navigate to the “Settings” icon → click “See All Settings” Step 2: In the “General” tab, find “Undo Send” and choose between 5, 10, 20, and 30 seconds.  Step 3: Now, whenever you send a message, you’ll see “Undo” or “View Message” in the bottom left corner of your screen. You’ll have 5, 10, 20, or 30 seconds to click “Undo” to prevent it from being sent.    Note: If you haven’t set-up the “Delay” function, you will not be able to “Undo” or “Recall” the message. There’s more information about delaying and recalling emails in Gmail here.   So, what happens if you can’t recall the email? We’ve outlined the top six consequences of sending an email to the wrong person below. 
What are the consequences of sending a misdirected email?   According to Verizon’s 2021 DBIR, misdelivery is the most common type of error to cause a breach. But is a breach the biggest consequence?   We asked employees in the US and UK what they considered the biggest consequences of sending a misdirected email. Here’s what they had to say. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js");   Importantly, though, the consequences of sending a misdirected email depend on who the email was sent to and what information was contained within the email.   For example, if you accidentally sent a snarky email about your boss to your boss, you’ll have to suffer red-faced embarrassment (which 36% of employees were worried about).   If, on the other hand, the email contained sensitive customer, client, or company information and was sent to someone outside of the relevant team or outside of the organization entirely, the incident would be considered a data loss incident or data breach.   That means your organization could be in violation of data privacy and compliance standards and may be fined. But, incidents or breaches don’t just impact an organization’s bottom line. It could result in lost customer trust, a damaged reputation, and more.
Let’s take a closer look at each of these consequences.   Fines under compliance standards Both regional and industry-specific data protection laws outline fines and penalties for the failure to implement effective security controls that prevent data loss incidents. Yep, that includes sending misdirected emails.   Under GDPR, for example, organizations could face fines of up to 4% of annual global turnover, or €20 million, whichever is greater.    And these incidents are happening more often than you might think. Misdirected emails are the number one security incident reported to the Information Commissioner’s Office (ICO). They’re reported 20% more often than phishing attacks.  Lost customer trust and increased churn Today, data privacy is taken seriously, and not just by regulatory bodies.    Research shows that organizations see a 2-7% customer churn after a data breach and 20% of employees say that their company lost a customer after they sent a misdirected email.   A data breach can (and does) undermine the confidence that clients, shareholders, and partners have in an organization. Whether it’s via a formal report, word-of-mouth, negative press coverage, or social media, news of lost – or even misplaced – data can drive customers to jump ship. Revenue loss Naturally, customer churn + hefty fines = revenue loss. But, organizations will also have to pay out for investigation and remediation and for future security costs.   How much? According to IBM’s latest Cost of a Data Breach report, the average cost of a data breach today is $3.86 million. Reputation damage As an offshoot of lost customer trust and increased customer churn, organizations will – in the long-term – also suffer from a damaged reputation. Like we’ve said: people take data privacy seriously.   That’s why, today, strong cybersecurity actually enables businesses and has become a unique selling point in and of itself. It’s a competitive differentiator. Of course, that means that a cybersecurity strategy that’s proven ineffective will detract from your business.   But, individuals may also suffer from a damaged reputation or, at the very least, will be embarrassed. For example, the person who sent the misdirected email may be labeled careless and security leaders might be criticized for their lack of controls. This could lead to…. Job loss Unfortunately, data breaches – even those caused by a simple mistake – often lead to job losses. It could be the Chief Information Security Officer, a line manager, or even the person who sent the misdirected email. Our Psychology of Human report found 1 in 4 people who made email mistakes at work subsequently lost their jobs.   It goes to show that security really is about people. That’s why, at Tessian, we take a human-centric approach and, across three solutions, we prevent human error on email, including accidental data loss via misdirected emails.
How does Tessian prevent misdirected emails?   Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises. It turns an organization’s email data into its best defense against human error on email.   Importantly, Tessian’s technology automatically updates its understanding of human behavior and evolving relationships through continuous analysis and learning of the organization’s email network.    That means that if, for example, you frequently worked with “Jim Morris” on one project but then stopped interacting with him over email, Tessian would understand that he probably isn’t the person you meant to send your most recent (highly confidential) project proposal to. Crisis averted.    Interested in learning more about how Tessian can help prevent accidental data loss and data exfiltration in your organization? You can read some of our customer stories here or book a demo.
Remote Working ATO/BEC Data Exfiltration
Cybersecurity Awareness Month 2021: 12+ Free Resources
By Maddie Rosenthal
30 September 2021
October is Cyber Awareness Month, and this year’s theme is “Do your part. #BeCyberSmart.”   Fun fact: Cyber Awareness Month started back in 2004, the same year a former AOL software engineer stole 92 million screen names and email addresses and sold them to spammers. Sadly, that’s peanuts compared to more recent breaches. Incidents involving insider threats are at an all-time high, phishing incidents are doubling and even tripling in frequency year-on-year, and the cost of a breach is now over $4 million. This is all to say that cybersecurity is more important than ever. And at Tessian, we live by the motto that cybersecurity is a team sport. So, to help you educate and empower your employees, we’ve put together a toolkit with over a dozen resources, including:
You can download them all for free, no email address or other information required. But, that’s far from the only content we have to share… CEO’s Guide to Data Protection and Compliance By 2024, CEOs will be personally responsible for data breaches. So it’s essential they (and other execs) understand the importance of privacy, data protection and cybersecurity best practices. To help you out, we’ve published an eBook which breaks down: How different regulations have changed how businesses operate  How cybersecurity and compliance can be leveraged as a business enabler The financial and operational costs of data breaches OOO Templates OOO emails can contain everything a hacker needs to know to craft a targeted spear phishing attack… Where you are How long you’ll be gone Who to get in touch with while you’re away Your personal phone number Use these templates as a guide to make sure you don’t give too much away👇🏼
Human Layer Security Knowledge Hub Cyber Awareness Month is all about raising awareness and sharing best practices, and we know the #1 source of trusted information and advice for CISOs are…other CISOs….  That’s why we’ve created a hub filled with dozens of fireside chats and panel discussions about enterprise security, spear phishing, data loss prevention, leadership, and the human element. Sign-up for free and hear from some of the biggest names in the industry.   You Sent an Email to the Wrong Person. Now What? Did you know at least 800 emails are sent to the wrong person in organizations with 1,000 employees every year. While it’s easy to shrug something like this off as a simple mistake, the consequences can be far-reaching and long-term. Learn more, including how to prevent mistakes like this.   6 Best Cybersecurity Podcasts While we’re partial to our own podcast – RE: Human Layer Security – we’ve learned from the best in the business.  To get our fix of cybersecurity breaking news, threat intel, and inspiring interviews, we regularly tune into these podcasts: The CyberWire Daily The Many Hats Club WIRED Security Get the full breakdown here.   How to Get Buy-In For Security Solutions As a security or IT leader, researching and vetting security solutions is step one. Step two involves convincing key stakeholders like the CEO, CFO, and the board that the product needs to be implemented, that it needs to be implemented now, and that it’s worth the cost.  This is easier said than done… So, how do you communicate risk and make a compelling case to (eventually) get buy-in from executives? We talked to security leaders from some of the world’s most trusted and innovative organizations to find out what they do to get buy-in from CxOs.  Here’s a summary of their tips.    Ultimate Guide to Staying Secure While Working Remotely While most of us have been working remotely or in a hybrid environment for well over a year, we know that more than half of IT leaders believe employees have picked up bad cybersecurity behaviors since working remotely. This eBook offers plenty of helpful reminders, including: The risk involved in sending work emails “home” Why using public Wi-Fi and/or your personal device as a hotspot aren’t good ideas Best practice around using cloud storage to share documents How to physically protect your devices Top tips for businesses setting up remote-working policies What Does a Spear Phishing Email Look Like? We know you’re working hard to train employees to spot advanced impersonation attacks…but every email looks different. A hacker could be impersonating your CEO or a client. They could be asking for a wire transfer or a spreadsheet. And malware can be distributed via a link or an attachment. But it’s not all bad news. While – yes – each email is different, there are four commonalities in virtually all spear phishing emails.  Download the infographic now to help your employees spot the phish.   The Risks of Sending Data to Your Personal Email Accounts  Whether it’s done to work from home (or outside of the office), to print something, or to get a second opinion from a friend or partner, most of us have sent “work stuff” to our personal email accounts.  And, while we might think it’s harmless…it’s not. In this article, we explore the reasons why employees might send emails to personal accounts, why sending these emails can be problematic, and how security leaders can solve the problem.  Looking for more helpful content? Sign-up to our weekly newsletter, or follow us on LinkedIn and Twitter (or do all three!).
Customer Stories Email DLP
Customer Story: How Tessian Helped a Private Equity Firm Achieve Threat Visibility Through A Platform Approach
By Maddie Rosenthal
28 September 2021
With over 35 years of investment history, this private equity firm headquartered in Boston, MA, currently has more than 130 investments and nearly 200 employees. Having been a customer since 2018, the firm’s Senior Security Administrator shared how Tessian Guardian and Tessian Enforcer have helped him and his team prevent outbound threats while reducing admin overhead.  Tessian Solutions Enforcer:  Automatically prevents data exfiltration and other non-compliant activities on email. Enforcer can be easily configured to silently track, warn, or block sensitive emails. Guardian: Automatically prevents accidental data loss via misdirected emails and misattached files. No rules required.
Security Environment After Deploying Tessian The benefits of the platform approach The less tools security teams have to manage, the better. Especially since it can be difficult to get a single view of risk when having to pull insights from multiple sources. That’s why the firm bought into Tessian; it solves multiple use cases across one platform, including data exfiltration, accidental data loss, and advanced impersonation attacks.  And, with Human Layer Risk Hub, their security team gets granular visibility into employee risk and insights into individual risk levels and drivers. Today, they can differentiate between employees at different levels of risk, and evolve to support each group in unique, personalized ways through training, policies, and in-platform tools.  Find answers faster with Tessian integrations Integrations with other tools are key. And, while Tessian integrates with well over a dozen products, including SIEM/SOARs, SSO tools, and directory management tools,  these are the two Tessian integrations that stand out for the firm’s Senior Security Administrator: Azure Directory: While Azure Directory (AD) groups are a source of truth, building and maintaining them takes a lot of time and effort. Worse still, many security solutions don’t connect with AD groups, which makes zeroing in on an incident or potential risk that applies to a wider group of users is impossible. This forces security teams to look at each individual mailbox or user and aggregate them, which can take days. But, because Tessian syncs with AD, all you need to do is select the group. That means you can find what you’re looking for and take action right away. SIEM Integrations:  Tessian seamlessly integrates with SIEMs like Splunk and Rapid7. In  future, this will allow the firm’s security team to import valuable Tessian data for a more complete picture of their security posture.  According to their security team, the key to effectively garnering insights from data platforms is to decide what data is the most meaningful. That way, SOC teams can reduce the noise, focus on what’s truly valuable, and make informed security decisions.
Empower users without getting in the way Because Tessian is powered by machine learning instead of rules, it’s able to detect data exfiltration attempts and misdirected emails with incredible accuracy. In fact, on average, employees receive just two warning messages per month. That means when an email is flagged, they pay attention. Better still, Tessian gets smarter over time, and evolves in tandem with changing relationships. As data becomes more accurate, false positives decrease. And with a decrease in false positives, comes an increase in trust.
hbspt.cta.load(1670277, 'fddca6cf-a773-4cc6-9e0a-70ff134bc49d', {"useNewLoader":"true","region":"na1"});   Want to learn more about how Tessian can help you prevent data loss on email? Book a demo now.
ATO/BEC Email DLP
New ESG Report Highlights Gaps in M365 Native Security Tools
By Jessica Cooper
28 September 2021
Millions of companies around the world depend daily on Microsoft 365, including yours. So to better understand its native security tools, and any gaps within them, we’ve partnered with Enterprise Strategy Group (ESG Global) to produce a new report exploring Microsoft 365’s security environments.  The report covers several topics of Microsoft 365, both E3 and E5, including capabilities and gaps for protecting against ransomware, phishing, accidental data loss and sensitive data exfiltration, as well as architectural challenges to consider. The full report, ESG Whitepaper: Closing Critical Gaps in Microsoft 365 Native Security Tools can be found here. Report highlights Phishing was involved in 43% of breaches in the past year Over two-thirds (69%) of respondents to the ESG research survey report that email security has become one of their top 5 cybersecurity priorities 18% cite email security as their most important cybersecurity priority 62% of organizations are reevaluating all security controls currently available natively Ransomware ranks as a top-3 risk concern, with 77% of organizations classifying ransomware as high or medium risk. 45% or organizations report that more than 40% of their sensitive data flows through their email application. Cloud-delivered email solutions aren’t a panacea. Moving on-prem email solutions to the cloud replaces the operational infrastructure but doesn’t necessarily fully replace security controls. Successful credential phishing attacks can lead to email account takeover (ATO), enabling hackers to appear as legitimate insiders, facilitating BEC, data exfiltration, and ransomware.
As the report states, email continues to be the backbone of enterprise communications and is considered the most critical infrastructure to daily operations for most. Cloud-delivered email infrastructure has rapidly become the preferred approach to enable email communications, with over 2.3m companies depending on Microsoft 365. For many, handing over email infrastructure to a cloud service provider means transferring and trusting email security and resilience to the provider. Yet as phishing, which was involved in 43% of breaches in the past year, continues at epidemic levels, over two-thirds (69%) of respondents to an ESG research survey report say that email security has become one of their top 5 cybersecurity priorities, with 18% citing email security as their most important cybersecurity priority. While cloud-delivered email providers promise security and resilience, most fall short of what many security and IT teams would consider adequate. Further, adversaries are capitalizing on these homogenous security systems to bypass controls. As a result, ESG research found that 62% of organizations are re-evaluating all security controls currently available natively, with many turning to third-party email security and resilience solutions to supplement native controls. Organizations that are planning to move or have recently moved to cloud-based email should strongly consider the use of third-party email security solutions to ensure that critical email infrastructure and data are adequately secured against the expanding email threat landscape.    Unpacking Microsoft 365 native security controls in E3 and E5 While Microsoft has invested significantly in strengthening security controls for Microsoft 365 (M365), organizations report continuing gaps in the controls included in both E3 and E5 licensing bundles.    Email security While EOP provides many valuable security features, it is limited in its ability to protect against more sophisticated email attacks, such as social engineering (or “spear-phishing”), business email compromise, account takeover, and many types of ransomware. Detecting these types of more sophisticated attacks requires both behavioral analytics and a contextual understanding of individual communication activities, which don’t exist in EOP. So, while native controls are effective at detecting mass/generic phishing campaigns, they are less effective at detecting highly targeted attacks. For example, EOP uses block lists to detect spam and known malware. Safe Links (available in E5) rewrites URLs and checks them against known lists of malicious URLs before allowing the user to visit the link. Microsoft 365 E5 bundle includes additional security features by adding the Microsoft 365 Defender endpoint security solution. Additional protection against phishing and ransomware is provided through more advanced malicious URL and attachment protection, including link re-writing and attachment sandboxing. Both approaches, however, can still be vulnerable to new URLs and attacks without “payloads.” Microsoft Defender depends on multiple scan engines to detect malware attachments and malicious URL links, leveraging both signature matching and machine learning to perform behavioral analysis. Because BEC and ATO impersonations often contain no malicious links or attachments, these threats can commonly escape this approach.    Data loss prevention Minimal data loss protection capabilities are included in the E3 bundle, relying on end-users to manually label documents as sensitive to protect them. Relying on end-users to accurately and consistently classify content puts organizations at risk. On the other hand, applying blanket policies and blocking sensitive information is highly disruptive to users’ productivity and can be an immense burden on security teams. Further, companies that opt for applying a default classification to all documents and emails end up with the same label being applied to everything, while lacking any new visibility into sensitive data. As a result, organizations most often resort to tracking and post remediation instead of proactive detection and real-time response. Additionally, E3 lacks capabilities natively to detect and manage insider risk (for example, preventing data theft by departing employees). Native controls also often lack the ability to properly classify non-Microsoft data and files, requiring admins to use workarounds to achieve consistent protection.  Data loss prevention is included in the E5 bundle for emails, Teams, and files. Advanced email encryption functionality is also provided, as well as email retention policies. Customer keys for Office 365 are also supported, and some level of insider risk management capabilities is also included.    Context matters in data loss prevention M365 Email DLP capabilities are, however, not context-aware (meaning that they lack context between parties exchanging email), resulting in an inability to proactively identify wrong recipients or unintended inclusion of attachments. M365 detection instead utilizes a rules-based approach to define DLP policies and classify data (regex pattern matches, proximity of certain keywords to the matching patterns, exact data matching, and fingerprinting). These techniques alone are often unable to detect when email recipients are misaddressed or when wrong attachments are involved.  Additionally, because these capabilities rely on rule-based techniques or trainable classifiers to align specific data types with DLP policies and to label data (using Azure Information Protection), effectively detecting sensitive information in unstructured data can be problematic (legal, mergers and acquisitions, work orders, bidding documents, and other non-Microsoft formatted files), resulting in users exfiltrating sensitive data and additional false positives. While encryption is often mistakenly perceived as a solution to solve for misdirected emails, recipients included by mistake can still often decrypt emails to gain access to sensitive data. User experience/friction when encrypting emails can also be a barrier to use. 
Email security has long been focused on inbound filtering and the monitoring of user activities looking for well-known patterns of misuse. Yet email usage patterns are more often unique to individual users, those that they communicate with, what they communicate, and how they communicate. This individual usage context is required to detect and stop many of today’s more sophisticated attacks such as spear phishing, BEC, and ATO.  Much of this personal context can be derived through behavioral analytics of historical email, including the analysis of who, what, and when emails were sent in the past. When individual historical patterns, along with context, can be matched against future activity, modern email threats can be detected and stopped, often with little to no user or administrator involvement.  Microsoft 365, the dominant cloud-delivered email solution adopted today, may lack critical security controls needed for certain organizations, therefore motivating many to add supplemental security solutions to close gaps. Whether in the planning stage, implementation stage, or post-implementation, third-party email security controls should be considered with all cloud-delivered email solutions.  To learn more, download the full report.
Customer Stories Email DLP
Customer Story: How Tessian Combines Data Loss Prevention With Education in Financial Services
20 September 2021
Having deployed Tessian at the end of 2020, Israel Bryski, Head of Information Security at an investment management firm headquartered in NYC, shared how Tessian has helped him and his team improve their security posture while changing employee behavior long-term.  The firm, which was formed in the early 1980s, has offices across Spain, Germany, the UK, and Singapore, and currently has 200 employees managing retirement plans and investments for roughly 30,000 current and former Mckinsey employees. Their journey to Tessian Before working with Tessian, the firm had their developers build a custom Outlook add-in to prevent accidental data loss via misdirected emails  Every time someone would send an outbound email to an external domain, they would get a pop-up asking them, “Are you sure to send to this domain?” But, because there was no context in the pop-up, it wasn’t as effective as it could have been immediately following roll-out. Employees were still blindly ignoring the warning, and accidentally sending emails to the wrong person.  At the same time, the security team was also struggling to make security awareness training engaging and relevant to employees Solution Guardian: Automatically prevents accidental data loss via misdirected emails and misattached files. No rules required. Human Layer Risk Hub: Enables security and risk management teams to deeply understand their organization’s email security posture, including individual user risk levels and drivers
Security Environment After Deploying Tessian Explaining the “why” behind policies to change behavior For Israel and his team, education is key.  Having learned from their custom-built Outlook Add-In which warned employees when an email was being sent to the wrong email address, but didn’t offer insight into the “why”, the team wanted to find a solution that offered context and that would bolster their security awareness training programs. They found that in Tessian and, since deployment, they’ve actually seen a change in behavior and a reduction in data loss incidents. 
Learn more about why in-the-moment warnings are so effective. Because Tessian is powered by machine learning instead of rules, it’s able to detect data exfiltration attempts and misdirected emails with incredible accuracy. In fact, on average, employees receive just two warning messages per month. That means when an email is flagged, they pay attention. Better still, Tessian gets smarter over time and evolves in tandem with changing relationships. As data becomes more accurate, false positives decrease. And with a decrease in false positives, comes an increase in trust.
Preventing accidental data loss without impeding productivity  Since deploying Tessian, over 100 data loss incidents have been prevented.  Israel shared an example:  Someone at the firm created a goodbye video for a senior exec who was retiring; they meant to send it to a colleague for them to play the video in the goodbye meeting. When the sender put the address in the To field, they typed in the first letters, and another external vendor’s email popped up that was cached. They didn’t pay attention, added that address to the email, and tried to send it.  When he went to send the email, he got the Guardian pop-up asking him if that vendor’s address was really meant to be part of the group of recipients. He read the contextualized warning, removed that particular vendor, and added the correct recipient.  It goes to show: Tessian does more than prevent breaches. It also saves employees from red-faced embarrassment. Israel and his team have gotten kudos from quite a few people in the firm. One exec in particular was always casting a shadow over the different security tools that had been deployed. He explained, saying “When we got kudos from him, that was a big win in my book! He actually sees the value of Tessian, why we’re purchasing new technology, and why we’re constantly evaluating new solutions on the market that can augment and complement our security program.” 
Interested in learning more about how Tessian can help prevent accidental data loss in your organization? You can read some of our customer stories here or book a demo.
Email DLP
How to Close Critical Data Loss Prevention (DLP) Gaps in Microsoft 365
By Jessica Cooper
15 September 2021
Over a million businesses worldwide use Microsoft 365, with 731,000 companies in the United States alone. That represents a big juicy audience for hackers, bad actors and others.   And although Microsoft 365 provides foundational rule-based data loss prevention (DLP) and data classification to address compliance requirements, it falls short when protecting against data loss caused by people. That’s why many of our customers choose Tessian to layer on top of 365, to stop complex, targeted attacks most SEGs just can’t stop. Tessian complements Microsoft 365 with a behavioral analytics layer and offers enhanced data protection by closing critical DLP use case gaps such as inadvertent or accidental data loss, sensitive data exfiltration to unauthorized or personal accounts, and insider risks. Tessian also has more robust investigation, reporting, and remediation tools.   In this article, we’ll explore three DLP challenges, identify where Microsoft 365 falls short, and describe how Tessian helps security teams overcome them Want to explore this topic in greater detail? Download the Solution Brief: How Tessian Closes Critical DLP Gaps in Microsoft 365.   Microsoft 365 can’t stop accidental data loss   Misdirected emails are the number one data security incident reported to data protection regulators across the world. Every day, inadvertent human error on email leads to organizations putting their customer’s data at risk, breaching mandatory industry and data protection regulations and losing highly sensitive intellectual property. In fact, according to Tessian research, 800 misdirected emails are sent every year in organizations with 1,000 employees.   You can check out 11 data breaches caused by misdirected emails here.   Microsoft’s capabilities here are limited to files on Sharepoint and OneDrive sites, where you can allow or block specific domains. It cannot detect if you shared an email or files (including files in Sharepoint) to a wrong party. In addition, Microsoft 365 Email DLP capabilities are not context-aware. What that means in practice is that it lacks context between parties exchanging email and hence cannot proactively identify wrong recipients or wrong attachments.   Microsoft 365 detection is purely based on DLP policies and data classification – Regex pattern matches, proximity of certain keywords to the matching patterns, exact data matching and Fingerprinting. These techniques cannot be applied to detect wrong recipients or wrong attachments.
How does Tessian prevent accidental data loss?   Stop Misdirected Emails Tessian’s behavioral approach ensures that emails reach the right recipients, preventing accidental data breaches over email. Leveraging historical data to map email relationships with context, deep content inspection, and behavioral analysis, Tessian identifies first-time contacts, flags recipient anomalies, and stops misdirected emails in real-time.   Prevent Wrong Attachments Tessian uses a combination of attachment scanning, natural language processing (NLP), and deep content inspection to map email content to users, entities, and projects. This helps detect a variety of anomalies and warns when employees are about to send a wrong attachment.   Easy and Accurate Reporting Insights and analytics makes compliance and reporting easy. Admins can readily filter, view, and track accidental data loss events prevented by type, as either misdirected emails or miss-attached files using the HLS intelligence portal to mitigate events. Learn more about Tessian Guardian.
Microsoft 365 can’t prevent exfiltration of sensitive data to unauthorized or personal accounts Whether it’s an employee negligently sending emails to unauthorized or personal accounts, or individuals maliciously stealing company intellectual property for personal gain while exiting the company, sensitive data exfiltration is a major problem in today’s organizations.   Don’t believe us? 27,500 unauthorized emails are sent every year in organizations with 1,000 employees.   Unfortunately, Microsoft 365 DLP capabilities do not effectively detect when unstructured data leaves the organization. This is because it’s not able to identify the unique context of each employee at a granular level. Traditional approaches to prevent data exfiltration on email rely on a litany of pre-defined rules and denylists, and retrospective incident response.   Tackling the problem of data exfiltration by manually maintaining denylists in a world of innumerable new freemail and personal domains is a losing game. Relying on users to manually classify documents puts organizations at risk, while relying on machine based RegEx classification for sensitive content detection or human-in-the-loop quarantine leads to false positives, false negatives and significant administrative burden.
How does Tessian prevent data exfiltration?   Automatically Detect Non-business Email Accounts with Historical Email Data Tessian analyzes historical email data to understand normal content, context and communication patterns, enabling a comprehensive mapping of every employee’s business and non-business email contacts. Relationship graphs are continuously updated as email behavior changes over time after Tessian is deployed.   Perform Real-time Analysis of Emails Before They’re Sent to Detect Data Exfiltration Tessian’s Human Layer Security Engine analyzes all outbound emails in real-time and uses machine intelligence to automatically predict data exfiltration based on insights from the relationship graph, deep inspection of the email content, and previous user behavior.   Automatically Detect and Prevent Data Exfiltration Over Email With Tessian, you can automatically detect anomalous patterns of exfiltration. Real-time warnings are shown to employees when data exfiltration threats are detected and guides them towards secure behavior. Warning triggers can be tailored to suit your company’s security policies and workflow requirements; employees can be warned, emails can be blocked, or activity can be silently tracked. Employee interactions are also logged for inspection in the Tessian dashboard.   Learn more about Tessian Enforcer.   Microsoft 365 can’t measure and report the impact of insider risks   Insider threats are often perceived to only include those who may have malicious intent, such as disgruntled employees or employees who hack into the organization to gain access to credentials. However, employees exfiltrating data via email are often simply careless or negligent as well.   Microsoft 365 monitoring and reporting capabilities, including insider risk capabilities, are content detection and triage focused and does not provide any type of holistic visibility into employee risk profiles, high risk users in order for security and risk management leaders to take specific actions to improve their employee’s data handling practices and strengthen their security posture.
How does Tessian approach insider risk management? Tessian’s approach is human-centric and behavioral, and is able to detect intent and the unique context of the particular employee’s situation. The Human Layer Security Platform maps employee email activity and builds unique security identities for every individual. Dashboards and analytics surface these insights and give full visibility into threats you’ve never been able to detect before. With Tessian, you can predict and preempt security risks caused by human behavior.   Superior Risk Analytics Enriched individual risk profiles that are modeled with a broad range of signals from email usage patterns, relationship graphs, job role, security decisions in real time as well as from 12 months of historical emails and calculates individual risk scores. Because of this unique data modeling, Tessian provides a profile that is contextually rich with granular visibility into risk drivers.   Dynamic Risk Scoring Security risk scores are dynamically updated to represent an accurate individual risk profile in real time. The risk scores trend down when the user makes positive security decisions and trend up when poor security decisions are made, or if the user exhibits high-risk email security behavior. These scores and risk drivers are also aggregated at the user, department, and company level and are benchmarked against the Tessian network.   Defend Against Data Breaches with Defensible Audit Detailed reporting and audit logs provide defensible proof against data breaches. If risk is identified, Tessian’s Risk Hub enables you to formally document all associated events such as exposure, owner, mitigation decisions and actions.  
Email DLP Integrated Cloud Email Security
Legacy Data Loss Prevention vs. Human Layer Security
By Jessica Cooper
09 September 2021
Email is the threat vector security leaders are most worried about protecting.  It’s the most common channel for data exfiltration, fraud, and targeted attacks such as impersonation and phishing, and it’s the major point of egress for sensitive data. And, in most cases, the root cause of these incidents is human error.  Employees break the rules, make mistakes, and can easily be tricked or hacked. This begs the question: what’s the best solution? This blog evaluates legacy data loss prevention (DLP) solutions and is based on an extensive whitepaper available for download. The whitepaper provides greater depth and compares human layer security (HLS) with the legacy security solutions discussed here.   Why Aren’t Legacy Data Loss Prevention (DLP) Solutions Effective? While DLP provides value in certain cases, it does not solve the fundamental problem facing organizations – how to keep data secure in the real world where the information and attachments in emails move and are always accessible to anyone.  Once data leaves the point of control, whether at the endpoint or the network, DLP no longer has control over that content.  If your emails contain information and files that are forwarded and accidentally exposed to the wrong people, there is very little that DLP can do. In this blog, we’ll focus on the five biggest problems with legacy DLP solutions. Remember: you can download the whitepaper for a more detailed analysis. Does Not Protect Against Accidental Data Loss Rules-based approaches simply cannot detect accidental data loss – for example, when emails are sent to the wrong people or the wrong file is attached – because there are no regex or pattern matches that can be applied. This level of protection requires context that DLP just doesn’t have. But, it’s important, especially when research shows at least 800 emails are sent to the wrong person every year in organizations with 1,000+ employees. The HLS Difference: Tessian Guardian automatically detects and prevents misdirected emails and misattached files.  DLP Focuses on a Negative Control Model Legacy DLP is very strict with a binary approach to protecting data. It either allows it or blocks it. In a post-perimeter architecture, this is highly disruptive to business and unsustainable. The HLS Difference: Tessian is frictionless; it’s invisible until you need it, which has helped enterprise customers across industries prevent data loss, without impeding productivity. Read our customer stories to learn more.   Slow, Cumbersome and Non-adaptive 85% of security leaders say DLP is admin-intensive.  Legacy DLP must analyze all content and try to match it to block lists. This requires extensive analysis and the matching can be wrong as enterprise email content is constantly changing.  As content and locations get more complex, legacy DLP can develop problems very quickly.  The HLS Difference: Tessian uses contextual machine learning, and our ML models have been trained on more than two billion emails – rich in information on the kind of data people send and receive every day. Importantly, they continue to automatically adapt and learn as human relationships evolve over time. Learn more about our technology.  Difficult and Expensive to Implement While DLP may be regarded as a check-the-box solution for compliance, it is incredibly cumbersome, complex, and expensive to deploy, often requiring huge spend in professional services to implement and maintain.  Typical deployments are at least 12 months which makes it hard to justify the return on investment vs. the security it provides. The HLS Difference: With Tessian, there is no pre-configuration required, and the platform starts preventing threats within 24 hours of deployment.
Limited Threat Visibility Legacy DLP, including Email DLP, Endpoint DLP, and Network DLP offer little to no visibility into employee risk is one of the biggest challenges security and risk management leaders face.  Worse still, when insights around risk are available, it’s siloed and hard to interpret.  Insights around security awareness training exist in separate systems from insights related to threats that have been detected and prevented. There’s no integration which means security leaders can’t get a full view of their risk profile. Without integration and visibility, it’s impossible to take a tailored, proactive approach to preventing threats.  The HLS Difference: With Tessian Human Layer Risk Hub, our customers can now deeply understand their organization’s security posture with granular visibility into employee risk and insights into individual user risk levels and drivers. Learn more about Human Layer Security Tessian uses contextual machine learning to address the problem of accidental or deliberate data loss by applying human understanding to email behavior. Guardian: Automatically prevents accidental data loss via misdirected emails and misattached files. No rules required. Enforcer: Automatically prevents data exfiltration and other non-compliant activities on email  Human Layer Security Intelligence: Comprehensive visibility into employee risks, threat insights, and tools that enable rapid threat investigation and proactive risk mitigation Human Layer Risk Hub: Enables security and risk management teams to deeply understand their organization’s email security posture, including individual user risk levels and drivers
Email DLP
What is a Misdirected Email?
05 September 2021
Misdirected emails are common — sending an email to the wrong person is an easy mistake. Who hasn’t done it? But they can also be disastrous, potentially damaging a company’s reputation, revealing its confidential data, and breaching its customers’ privacy.   If you’re looking for a solution versus an explanation of the problem, we’ve got you covered. Learn more about how Tessian Guardian prevents misdirected emails.   How common are misdirected emails?   Many of us have been using email daily for our entire working lives. In fact, around 4 billion people use email regularly, sending around 306.4 billion emails every day.   That explains why misdirected emails are such a major problem. According to research, 58% of people have sent an email to the wrong person while at work, with 20% of recipients stating that this action has lost their company business — and 12% stating that it cost them their job.   And according to Tessian platform data, organizations with over 1,000 employees send around 800 misdirected emails every year. That’s more than two emails a day. It’s also the most common type of error to cause a breach, according to Verizon’s 2021 DBIR.   Indeed, year after year, the UK’s Information Commissioner’s Office reports misdirected emails as the number one cause of data breaches. And the latest breach data from California also shows that email “misdelivery” was the most common type of data breach caused by human error.   Looking for some examples? Check out this article: 7 Data Breaches Caused by Misdirected Emails.   Why do misdirected emails keep happening?   So — why do we keep making this mistake? Well, the problem is partly down to burnout. Around 52% of people say they were more likely to make mistakes while tired — and 93% said they were tired at some point during the working week.   But there are some technical issues that lead to misdirected emails, too.   Spelling mistakes   Email is “interoperable,” meaning that, for example, Gmail users can email Outlook users without issue. In fact, any two people can email each other, as long as they have internet access. So this communication method is highly flexible — but also open to sending errors.   Need to email your payroll data/passport photo/HR file to rob.bateman@companyA.com? Make sure you don’t accidentally type “rod.bateman@companyA.com”, or worse — “rob.bateman@companyB.com”.   The “To” field takes us back to a time before spellcheck began correcting our mistakes without us even noticing. One wrong letter can lead to a data breach.   Autocomplete   When you’re typing an email address into Gmail, Outlook, or any other popular email client, you may notice the “autocomplete” function trying to finish it off for you.   Autocomplete can be a very useful feature when you email the same person regularly. But autocomplete can also lead to misdirected emails. Autocomplete can lead to misdirected emails when:   You start typing in the “To” field. You see the autocomplete function completing the recipient’s name. You press “Tab” or “Enter” — without checking whether autocomplete has chosen the right recipient from your address book Productivity guru Cal Newport estimates that we send and receive around 126 email messages per day — so features like autocomplete save businesses significant amounts of time. But the impact of one misdirected email can undo these benefits.   Bcc error   Bcc (which stands for “blind carbon copy”) lets you hide recipients when sending an email.   There are a few benefits to using Bcc, but its most useful function is when emailing a large group of people. If you don’t want any of the recipients to know who else got the email, you can put them all in the Bcc field.   Mailing lists are covered by data protection laws, such as the EU General Data Protection Regulation (GDPR). In most cases, each recipient of an email has the right to keep their email address private from the other recipients.   That’s why accidentally using the “Cc” or “To” field instead of the “Bcc” field can constitute a data breach. Indeed, in January 2020, speaker company Sonos referred itself to the UK’s data regulator after an employee accidentally copied 450 recipients into the Cc field.   The dreaded “Reply All”   Here’s one almost all of us have done before — hitting “Reply All” on an email to multiple recipients when we only meant to email one person (e.g., the sender). In most cases, accidentally “replying to all” is little more than an embarrassment. But consider Maria Peterson, who, in 2018, accidentally replied to all of Utah’s 22,000 public sector employees.   Misattached files   Misattached files and misdirected emails aren’t the same things — but misattached files (attaching the wrong file to an email) deserve a dishonorable mention in this article.   Around one in five emails contains an attachment, and Tessian research reveals some troubling data about this type of human error-based data breach:   48% of employees have emailed the wrong attachment 42% of misattached files contained company data or research 39% contained authentication data like passwords Misattached files caused the offending company legal issues in 31% of cases Next steps We’ve looked at five types of misdirected email, and hopefully, you understand how serious a problem misdirected emails can be.To find out how to prevent — or recover from — misdirected emails, take a look at our article: You Sent an Email to the Wrong Person. Now What?
ATO/BEC Email DLP Compliance
5 Cyber Risks In Manufacturing Supply Chains
26 August 2021
When it comes to supply chain risks, cybersecurity and data loss are top of mind for security analysts and other professionals. The EU Agency for Cybersecurity (ENISA) notes that there has been a marked increase in such attacks since early 2020—and that most supply chain attacks target data (mainly personal information and intellectual property).   Manufacturers are typically involved in long and complex supply chains with many actors, making them particularly vulnerable to disruption and malicious activity in the supply chain. You must protect against these risks. Keep reading to learn more, including prevention tips.   Five manufacturing supply chain cyber risks   First, let’s look at five crucial supply chain cyber risks for manufacturers. We’ll then consider how manufacturers can improve their supply chain cybersecurity, referencing some real-life examples.   1. Intellectual property theft   One major concern for manufacturers is that third parties in their supply chain may abuse their access to intellectual property and other valuable or sensitive data. According to research by Kroll, guarding against supply chain IP theft is a priority for nearly three-quarters of companies.   Even if all your supply chain partners are legitimate, there is always the possibility that a rogue employee could steal your IP or trade secrets and pass them on to your competitors. Don’t believe us? Check out these 17 examples of real-world insider threats.     2. Supply chain attacks   Supply chain attacks leverage security vulnerabilities to steal data and spread malware such as ransomware. Some recent high-profile supply chain attacks include the attacks on software companies Solarwinds and Kaseya. These incidents involved software vendors pushing compromised updates to their customers, resulting in widespread malware infections.   There’s a reason that supply chains are particularly vulnerable to cyberattacks. The more organizations are involved in a manufacturing process, the greater the likelihood that one of the members will fall victim to a cyberattack and spread malware to their business partners. But that doesn’t mean that the chain is “only as strong as its weakest link.” A well-defended organization can stop a supply chain attack in its tracks.   Case study: supply chain attack   Here’s an example of a supply chain attack that leveraged email in an attempt to undermine a company’s security defenses. This type of threat is known as an “account take over” (ATO) attack. The cybercriminals targeted a medium-sized construction firm by first infiltrating one of the company’s trusted vendors.   The attackers managed to take over the email account of one of this vendor’s employees. By reading the employee’s emails, the criminals learned that the employee was in contact with several high-ranking staff members at the construction firm.   After observing the employee’s communication patterns and email style, the attackers then used the mailbox to send phishing emails to a targeted group of individuals at the construction firm.   The phishing emails encouraged the recipients to click a link to a cloud storage folder, claiming that the folder contained a request for a proposal. Clicking the link would have downloaded malware onto the recipient’s device.   Protecting against supply chain attacks   Protecting against supply chain attacks requires a comprehensive cybersecurity policy, including staff training, network defenses, and security software. Implementing email security software is a vital part of your defensive strategy in the case of email-based supply chain attacks, such as the one above.   The case study above is a real-life example of how Tessian, a comprehensive email security solution driven by machine learning, can help thwart supply chain attacks. Tessian Defender scans inbound emails for suspicious activity. The software also learns your employees’ communication patterns to understand what constitutes “normal” email activity.   In the attack described above, Tessian noted several subtle signs—including the sender’s location and choice of cloud storage platform—suggesting that the email could be part of a supply chain attack. Tessian alerted the employee to the potential danger, and the supply chain attack was averted.   It’s important to note that legacy email security software, which normally operates on a “rule-based” basis, can fall short when it comes to sophisticated account take-over attacks like this. Tessian was not the only security product this construction firm was running. But it was the only one to spot the attack.   3. Compromised hardware and software   Malicious actors can compromise hardware and software during the manufacturing process, creating vulnerabilities that are passed on down the supply chain or to equipment end-users. Hardware can be tampered with at any stage in the supply chain. As a manufacturer, you might obtain compromised hardware—or malicious actors could interrupt the manufacturing process downstream, tampering with products to install rootkits or other technologies.   But as a manufacturer, you must also protect against threats in your own portion of the supply chain—where internal or external actors could interfere with the products or components you create.   Case study: compromised software   In August 2020, reports emerged that Chinese phone manufacturer Transsion had shipped thousands of mobile devices containing pre-installed malware that signed users up to subscription services without their consent.   The pre-installed malware, known as Triada, automatically downloads and installs a trojan called “xHelper” that cannot be easily removed by users. The program covertly submits requests for subscription products at the user’s expense.Transsion blamed a malicious actor in its supply chain for installing Triada on its devices—but the culprit has yet to be discovered.   Defending against software compromise   One step towards to avoiding any type of malicious actor in your supply chain is conducting thorough due diligence. Identify and document all supply chain partners—as mentioned, you could be accountable for their malicious or negligent activity.   Integrating cybersecurity measures into your quality assurance regime may also be a way to prevent upstream malicious actors from tampering with firmware before your manufacturing process takes place.   And as we’ve seen, it’s crucial to protect your own systems from cyberattacks—which means ensuring the security of key communications channels like email.   4. Downstream software or hardware security vulnerabilities   It’s vital to protect data against access by other parties in your supply chain. But even if you could trust your supply chain partners not to steal your data, you must also ensure that they don’t make it accessible to unauthorized third parties.   No matter how much work you put into protecting your own systems from unauthorized access, your efforts could be rendered futile due to software or hardware vulnerabilities among other parties downstream.   5. Legal non-compliance   In addition to maintaining poor cybersecurity practices that directly impact your own organization’s security, third parties in the supply chain may follow poor information security practices for which you could be liable.   Case study: third-party legal non-compliance   In 2019 a U.K. pharmaceuticals company was fined after a third-party contractor left documents containing personal information publicly accessible in unsecured containers.   Under the GDPR, “data controllers” are responsible for many of the actions of their service providers. As such, the pharmaceuticals company was deemed liable for the error. The firm received a fine and engaged in a drawn-out legal battle with the U.K.’s data regulator.   Mitigating poor security practices among third parties   Research is crucial to ensure you’re working with reputable third parties that will undertake compliant and responsible data protection practices. Contracts stipulating particular security measures are also important. Such agreements can also contain contractual clauses that serve to indemnify your company against legal violations by the other party.   Under some data protection laws, including the GDPR and the upcoming Colorado Privacy Act, service providers processing personal information on another company’s behalf are required to submit to audits and inspections. Routinely inspecting the data security practices of your vendors and other service providers is an excellent way to ensure they are meeting their compliance obligations on your behalf.   How to prevent manufacturing supply chain risks In general, manufacturers can manage cyber risks in supply chains via a robust and comprehensive cybersecurity program. Here are some key cybersecurity principles for supply chain management from the National Institute for Standards and Technology (NIST): Assume your systems will be breached. This means considering not only how to defend against breaches, but determining how you will mitigate breaches once they have occurred. Think beyond technology. Cybersecurity is also about people, processes, and knowledge. Cybersecurity also means physical security. Threat actors can use physical security vulnerabilities to launch cyberattacks.   Implementing a cybersecurity framework is key to defending against supply chain threats. Manufacturers of any size can work towards cybersecurity framework compliance, implementing controls according to their resources and priorities.   The NIST Cybersecurity Framework Version Manufacturing Profile: NISTIR 8183 Revision 1 is an excellent starting point for manufacturers. For more information about the NIST framework, read our article on NIST and email security.   More specifically, manufacturers should be taking the following steps to protect their data and systems in supply chains: Identify and document all supply chain members Conduct careful due diligence on parties in the supply chain Require supply chain partners to contractually agree to maintain good cybersecurity and data protection practices Ensure inbound communications (particularly via email) are scanned for signs of phishing and other social engineering attacks Scan outbound communications to prevent data loss Ensure all employees are aware of the risks and their responsibilities Email is a key supply chain vulnerability   Of all the risks inherent to working in a supply chain, cyberattacks are perhaps the most critical in the current climate.   As ENISA notes, most supply chain attacks use malware to target company data. We also know that 96% of phishing attacks—which are the primary means of infecting business networks with malware—take place via email. The bottom line: email security is a crucial step for manufacturers to defend against supply chain cyber risks.  
Email DLP Integrated Cloud Email Security
What is Email DLP? Overview of DLP on Email
19 August 2021
Data loss prevention (DLP) and insider threat management are both top priorities for security leaders to protect data and meet compliance requirements.   And, while there are literally thousands of threat vectors – from devices to file sharing applications to physical security – email is the threat vector security leaders are most concerned about protecting.   It makes sense, especially with remote or hybrid working environments. According to Tessian platform data, employees send nearly 400 emails a month. When you think about the total for an organization with 1,000+ employees, that’s 400,000 emails, many of which contain sensitive data. That’s 400,000 opportunities for a data breach. The solution? Email data loss prevention.
This article will explain how email DLP works, consider the different types of email DLP, and help you decide whether you need to consider it as a part of your overall data protection strategy. 
What is email data loss prevention?   Essentially, email DLP tools monitor a company’s email communications to determine whether data is at risk of loss or theft. There are several methods of email DLP, which we’ll look at below. But they all attempt to: Monitor data sent and received via email Detect suspicious email activity Flag or block email activity that leads to data loss Do I need email data loss prevention?   Unless you’re working with a limitless security budget (lucky you!), it’s important to prioritize your company’s resources and target areas that represent key security vulnerabilities.   Implementing security controls is mandatory under data protection laws and cybersecurity frameworks, like the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Health Insurance Portability and Accountability Act (HIPAA).   And there’s a good reason to prioritize preventing data loss on email. As we’ve said, email is the threat vector security leaders are most concerned about. We’ll explain why.    Inbound email security threats   How can malicious external actors use email to steal data? There are many methods.   Phishing—social engineering attacks designed to trick your employees into handing over sensitive data. According to the FBI, phishing is the leading cause of internet crime, and the number of phishing incidents doubled in 2020. Spear phishing—like phishing, but targeted at a specific individual. Spear phishing attacks are more sophisticated than the “bulk” phishing attacks many employees are used to. Malware—phishing emails can contain a “malicious payload”, such as a trojan, that installs itself on a user’s device and exfiltrates or corrupts data.   Email DLP can help prevent criminals from exfiltrating your company’s data. Internal email security threats While it’s crucial to guard against external security threats, security teams are increasingly concerned with protecting company data from internal actors. There are two types of internal security threats: accidental and malicious.  Accidental data loss Accidents happen. Don’t believe us?  Human error is the leading cause of data breaches. Tessian platform data shows that in organizations with 1,000 or more employees, people send an average of 800 misdirected emails (emails sent to the wrong recipient) every year. That’s two every day.    How can a misdirected email cause data loss? Misspelling the recipient’s address, attaching the wrong file, accidental “reply-all”—any of these common issues can lead to sensitive company data being emailed to the wrong person.   And remember—if the email contains information about an individual (personal data), this might be a data breach. Misdirected emails are the top cause of information security incidents according to the UK’s data regulator.   We can’t forget that misattached files are also a big problem. In fact, nearly half (48%) of employees say they’ve attached the wrong file to an email. Worse will, according to survey data:   42% of documents sent in error contained company research and data 39% contained security information like passwords and passcodes 38% contained financial information and client information 36% contained employee data   But, not all data loss incidents are an accident.   Insider threats   Employees or contractors can steal company data from the inside. While less common than accidental data loss, employees that steal data—or simply overstep the mark—are more common than you might think.   Some employees steal company data to gain a competitive advantage in a new venture—or for the benefit of a third party. We covered some of these incidents in our article, 11 Real Insider Threats.   But more commonly, employees are breaking the rules for less nefarious reasons. For example, employees send company data to a personal email address for convenience. For example, to work on a project at home or on another device.   Sending unauthorized emails is a security risk, though. Tessian platform data shows that it occurs over 27,500 times per year in companies with 1,000 employees or more. And, while – yes – it’s often not done maliciously, the consequences are no less dire, especially in highly regulated industries. So, how do you prevent these things from happening?   Email DLP solutions to consider   Research shows that the majority of security leaders say that security awareness training and the implementation of policies and procedures are the best ways to prevent data loss. And both are very important.   !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js");   But – as well-intentioned as most employees are – mistakes still happen despite frequent training and despite stringent policies. That means a more holistic approach to email DLP – including technology – is your best bet. Broadly, there are two “types” of DLP technology: ruled-based DLP and machine learning DLP.   Rule-based email DLP   Using rule-based DLP, IT administrators can tag sensitive domains, activities, or types of data. When the DLP software detects blacklisted data or behavior, it can flag it or block it.   Like training and policies, rule-based DLP certainly has its place in security strategies. But there are limitations of ruled-based DLP. This “data-centric” model does not fully account for the range of behavior that is appropriate in different situations.   For example, say an IT administrator asks email DLP software to block all correspondence arriving from “freemail” domains (such as gmail.com), which are often used to launch cyberattacks. What happens when you need to communicate with a contractor or customer using a freemail address?   What’s more, rule-based DLP is very admin-intensive. Creating and managing rules and analyzing events takes a lot of time, which isn’t ideal for thinly-stretched security teams.   🤖 Machine learning email DLP   Machine learning email DLP is a “human-centric” approach. By learning how every member of your company communicates, machine learning DLP understands the context behind every human interaction with data.   How does machine learning email DLP work? This DLP model processes large amounts of data and learns your employees’ communications patterns.   The software understands when a communication is anomalous or suspicious by constantly reclassifying data according to the relationship between a business and customers, suppliers, and other third parties. No rules required.   This type of DLP solution enables employees to work unimpeded until something goes wrong, and makes preventing data loss effortless for security teams.
Learn more about how Tessian’s email DLP solutions   Tessian uses contextual machine learning to address the problem of accidental or deliberate data loss by applying human understanding to email behavior.   Our contextual machine learning models have been trained on more than two billion emails – rich in information on the kind of data people send and receive every day. And they continue to adapt and learn as human relationships evolve over time.   This enables Tessian Guardian to look at email communications and determine in real-time if particular emails look like they’re about to be sent to the wrong person or if an employee has attached the wrong file. Tessian Enforcer, meanwhile, can identify when sensitive data is about to be sent to an unsafe place outside an organization’s email network. And, finally, Tessiden Defender prevents inbound threats, like spear phishing, business email compromise, and CEO fraud.    To learn more about data exfiltration and how Tessian uses machine learning to keep data safe, check out our customer stories or talk to one of our experts today. You can also subscribe to our monthly newsletter below to get more updates about DLP, compliance, spear phishing, industry trends, and more. 
ATO/BEC Data Exfiltration Email DLP
Mergers and Acquisitions: Why Email Security Must Be a Priority
05 August 2021
The buying and selling of companies is big business, but there are a lot of moving parts to manage. One area you don’t want to overlook is email security.  Why? Because email is the primary communication channel for M&A communications, and throughout the event, dozens of stakeholders will send thousands of emails containing personnel information, board documents, private equity, and other top secret merger and acquisition intelligence. If just one email lands in the wrong hands, or if one employee goes rogue, the entire transaction could be disrupted, compliance standards could be violated, and your organization could lose customer trust.    Keep reading to learn why M&A events introduce added risk to organizations, and how to overcome new security challenges.  Why do Mergers and Acquisition events create more security risks for organizations? According to Gartner analyst Paul Furtado, there are four key reasons M&A events create more security complexity for organizations: Mergers and acquisitions (M&A) are driven by potential synergies, which can be gained in cost efficiencies, growth opportunities or market share increases. But, these may lead to conflicts among long-held security paradigms by either party The disruption of the M&A transaction, along with the postclose technical changes required, can expand the current attack surface significantly Following transaction close, at least temporarily, security must be maintained in three separate operating environments: sunset, future-mode, and transition processes Potential M&A outcomes and the secrecy surrounding them also leads to employee angst and uncertainty, which may lead to rogue or damaging employee actions or a loss of key employees What are the key email security challenges in Mergers and Acquisitions? In order to understand how to prevent data loss, security leaders first need to understand where they’re most vulnerable. Both inbound and outbound email security should be a priority, and threat visibility is essential. 1. Increased Risk of Accidental Disclosure of Sensitive Information During M&A transactions, it’s important that organizations be able to control where sensitive information is being sent and to whom. Often, emails and attachments can be sent to the wrong people, resulting in accidental data loss. 2. Inbound Email Attacks Such as Phishing, Impersonation and Account Takeover Email is typically the first to deliver initial URLs, in the form of an exploit kit or phishing website, attachments in the form of payloads, or a starting point for social engineering attacks. This puts sensitive information within organizations at tremendous risk of a data breach. Tessian covers these attacks using three proven and differentiated approaches — threat prevention, education and awareness, and reducing the overall burden on security operations centers. 3. Increased Risk of Data Exfiltration by Internal Stakeholders M&A transactions significantly increase the number of people exchanging information through email. This increases the attack surface and the risk of more sensitive information being sent outside the organization. Whether it’s an employee sending sensitive M&A data to less secure, personal accounts, or a bad leaver maliciously exfiltrating information, Tessian automatically detects any kind of data exfiltration and non-compliant activity on emails.  4. Difficulty in Maintaining Control and Visibility of the Email Environment With many new stakeholders becoming included during M&A transactions, it can be difficult to obtain visibility into which employees and third-parties are exchanging information through emails. Organizations need to be able to identify all the people-centric security threats related to your email environment and view them in a single dashboard for easy remediation. This includes complete insight into accidental data loss, insider threats, advanced phishing attacks, and zero-day threats facing your organization. How does Tessian help protect information and communications related to Mergers and Acquisitions? Stop outbound data loss: Tessian Guardian is the industry’s only solution that automatically prevents accidental data loss from misdirected emails and misattached files (sending wrong attachments over email).  Guardian compares millions of data points for every outbound email and detects anomalies that indicate whether the email is being sent to the wrong person or if a wrong document is being attached and alerts the user before the email is sent. Learn more. Stop data exfiltration: Tessian Enforcer is the industry’s first solution that uses machine learning to automatically prevent data exfiltration via email to employee personal, unauthorized and non-business accounts.  Powered by Tessian’s proprietary Human Layer Security Engine, Enforcer analyzes millions of data points for every outbound email and detects anomalies that indicate data exfiltration before it leaves your organization. Tessian Enforcer notification messages can be customized to reinforce security awareness and data protection policies through in-the-moment training.  Learn more. Prevent inbound email attacks: Tessian Defender is a comprehensive inbound email security solution that automatically prevents a wide range of attacks that bypass Secure Email Gateways (SEGs), while providing in-the-moment training to drive employees toward secure email behavior.  Defender protects against both known and unknown email attacks, including business email compromise, account takeover, spear phishing, and all impersonation attacks that bypass SEGs, M365, and G Suite. Learn more. Threat visibility: With the Human Layer Risk Hub, SRM leaders will be able to quantify risk levels, pinpoint their high risk user groups, perform targeted remediation at scale, measure impact, and demonstrate progress in lowering risks posed by employees. Learn More.
Page