Step Into The Future of Cybersecurity — Save your spot at the Human Layer Security Summit for free.

Request a Demo of Tessian Today.
Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.
DLP

Read our latest articles, tips and industry-specific news around Data Loss Prevention (DLP). Learn about the implications of data loss on email.

DLP
How Does Data Loss Prevention for Email Work?
09 February 2020
Data Loss Prevention is a vital part of security frameworks across industries, from Healthcare and Legal to Real Estate and Financial Services. There are dozens of different DLP solutions on the market, each of which secures data differently depending on the perimeter it is protecting. There are three main types of DLP, including: Network DLP Endpoint DLP Email DLP While we’ve covered the topic of email DLP broadly in this Complete Overview of DLP on Email, we think it’s important for individuals and larger organizations to fully understand what the proper application of email DLP can offer and, with that, why it’s so important to know which email DLP system to implement. How can DLP for email protect an organization? Importantly, there are two types of threats DLP must account for: Accidental Data Loss: To err is human. For example, an employee might fat finger an email and send it to the wrong person. While unintentional, this mistake could and has led to a costly data breach. DLP solutions need to be able to flag the email as misdirected before it’s sent, either by warning the individual or automatically quarantining or blocking it. Malicious Exfiltration: Whether it’s a bad leaver or someone hoping to sell trade secrets, some employees do, unfortunately, have malicious intent. DLP solutions need to be able to identify data exfiltration attempts over email before they happen in order to prevent breaches. An introduction to rule-based DLP On a basic level, the bulk of DLP solutions operate via rule-based policies, using if-then statements to lock down data after it’s been classified. For example, if you want to ensure your HR department doesn’t share personally identifiable information (PII) like employees’ social security numbers, you could create a rule on email: “If an outbound email to a party outside of the organization contains the word ‘social security number’, then block. it.” You could also create a more broad rule. For example, if you wanted to prevent accidental data loss of company information, you might forbid employees to send emails to their personal email accounts. To enforce this, you might block all emails from an official company account to freemail accounts like  @gmail.com, @yahoo.com, or @hotmail.com. Of course, these rules need to be set up separately for each organization where a DLP system is implemented. Various factors can influence these rules, including the type of data being protected, workflows, and existing policies, procedures, and tools. This will help you recognize potential “borders” that sensitive data shouldn’t cross. The limitations of rule-based DLP Unfortunately, DLP – especially rule-based DLP – can be a blunt instrument.
Rules simply don’t reflect the limitless nuances of human behavior. A better approach to DLP While IT and security teams could work tirelessly to properly deploy and maintain rule-based DLP solutions to detect potential threats and limit the exposure of sensitive data, there’s a better, smarter way. Human Layer Security. Instead of rules, Tessian’s DLP solutions use contextual machine learning models to understand the context of human behavior and communications. Trained on historical emails and real-time correspondence, machine-intelligent software can recognize what looks suspicious; similar to what a human cybersecurity expert could do. However, unlike humans, it can do this thousands of times per second without missing key information or getting tired. Which email DLP solution is right for my organization? As we’ve mentioned, each organization has different needs when it comes to DLP. Some might need more network protection while others need to lock down email. In either case, it’s important to consider the budget, ease of deployment, and internal resources alongside the biggest threat vectors for data loss. If your biggest concern is data exfiltration and you’re looking for a solution that’s easy and quick to deploy and that doesn’t require heavy maintenance from an administrator, Tessian Enforcer may be right for you. If your biggest concern is accidental data loss and – again – you’re looking for a solution that’s easy and quick to deploy and that doesn’t require heavy maintenance from an administrator, Tessian Guardian might be for you.
DLP
Data Privacy Day: Why You Need to Protect Your People
28 January 2020
Everyone has an email blunder story. Whether you forgot to bcc someone or you sent a message to the wrong person, mistakes on email are common. After all, the average worker spends two fifths of their working week on email, so accidents are bound to happen. But it could be happening in your organization more often than you think. According to our data, employees at large organizations send over 130 emails a week to the wrong person. What’s more, workers are also sending company data to unauthorized or personal email accounts nearly 200,000 times a year. In SMBs, we found that employees send as many as 177 emails a year to the wrong person.
Our data highlights how much of a risk employees pose to an organization’s data security. Misdirected emails – emails accidentally sent to the wrong person – are particularly dangerous. Beyond just embarrassment over cc’ing the wrong person, for example, we are seeing serious repercussions as more people expose personal and corporate data. Simply misspelling a name can result in sensitive data or company secrets falling into the wrong hands and your company facing a regulator’s wrath. More than a simple mistake In fact, latest figures from the Information Commissioner’s Office (ICO) reveal that emails being sent to the wrong person were the leading cause of online data breaches during 2019. UK organizations reported 1,357 data breaches caused by people emailing the incorrect recipient last year, up from 447 in 2017. That’s a 300% increase in misdirected emails over two years.
Last year, the ICO made it clear that failure to implement appropriate organizational and technical measurements to protect data under GDPR will result in significant penalties. With so much at stake, businesses need to consider whether their company data is properly protected from incidents of human error. And Data Protection Day (EU) / Data Privacy Day (US) on 28 January acts as a timely reminder to do this. To keep data safe, businesses need to start at the human level and protect their people. Human error is the leading cause of data breaches, and this is because people make mistakes, break the rules and are easily hacked. In many cases, people may not even realize they’re doing anything wrong. Businesses, therefore, need to take a people-centric approach to cybersecurity that focuses on educating and protecting their employees. But in addition to policies and training, organizations also need to add an extra layer of security. Securing the human layer Human Layer Security (HLS) is technology that secures all human-digital interactions in the workplace. By focusing on the human layer (employees, suppliers, customers) as opposed to the machine and systems layer (networks, devices, apps), HLS keeps business’ sensitive data and systems safe. Tessian’s Human Layer Security technology understands human behavior and relationships, enabling it to detect and prevent dangerous activity. Importantly, Tessian’s technology learns and adapts to how people work without getting in the way or impeding productivity. Tessian uses stateful machine learning models to analyze historical email data in order to understand human relationships and communication patterns. Once we know what normal and abnormal look like, Tessian can automatically predict and prevent security breaches caused by people, for example, accidentally sending emails to the wrong person or exfiltrating sensitive data to personal accounts. Given the huge volumes of sensitive data exchanged every day, the consequences of just one of these emails ending up in the wrong hands are extremely damaging. Not to mention the serious financial penalties of personal data breaches. It’s time to protect your people with Human Layer Security.
Human Layer Security Customer Stories DLP
Insights on Human Layer Security from Tim Fitzgerald, CISO of Arm
23 January 2020
In case you missed it, on January 22 Tim Sadler, Tessian’s CEO and co-founder, hosted our first webinar of the year which explored the biggest threat to an organization’s security: its employees. To understand the risk of human error in the workplace and how Tessian’s Human Layer Security platform is able to mitigate that risk, Tim S. was joined by Tim Fitzgerald, the CISO of Arm for a live Q&A. Before joining Arm over two years ago, Tim F. served as the CSO of Symantec for over five years. He has a special interest in digital data and human security. Arm is a customer of Tessian’s, and has deployed Tessian Defender,  Tessian Guardian, and Tessian Constructor. Consequently, Tim F. is not just attuned to the security risks associated with employees making mistakes, he understands how best to combat those risks. While you can listen to the full webinar and Q&A on-demand here, below are some of the key takeaways from Tim Fitzgerald. Where does risk really exist? Tim Fitzgerald: “It is very ‘sexy’ in security to talk about big hacking groups and use that as justification to invest in security. And there’s a lot of legitimacy behind that. But the other side of the narrative – which we spend more time on now than nation-state type threats – is how do we not do it to ourselves? Because now we’re more often dealing with avoidable events caused by predictable human error.” “I think, in general, not only should we be talking to our senior executives and boards more clearly about where real risk exists – which for most companies is the human layer – but we also need to be doing more to help these people combat the problem rather than just passing blame.” To err is human, but people are (generally) well-intentioned TF: “I very much chafe at the idea that we think of our employees as the weakest link. It underserves peoples’ intent and how they choose to operate. Rather than that, we try to take a look in the mirror and say ‘What are we not providing our employees to help them avoid these type of scenarios?’” “At Arm, we take the ‘people-are-people’ view. Not that they’re the weakest link; not that they don’t come with good intent; or that they don’t want to be good at their job; or that they take shortcuts just to get that extra moment of productivity. But, actually, everyone wants to do a good job and our job is to arm them with both the knowledge and the tools to be able to keep themselves secure, rather than trying to secure around them.” The role of a CISO is people-centric TF: “I view my job in human security as somewhere between a sociology and a marketing experiment. We’re really trying to change peoples’ behaviors in a moment. Not universally, not their personal viewpoints. But will they make the right decision in this moment to do something that won’t create security risk for us? Evolving that strategy relies not just on how we influence behavior in that moment of time, but actually, can we change their ethos? Can we make responsible security decision-making part of everybody’s job?” “Security is ultimately my responsibility. But, we very much rely on what we consider our extended security team, which is all of our employees. Our view is that they can undo all the good that we’ve done behind them to try to compensate for the risk that normal human beings create.” Security solutions should empower employees TF: “By far the biggest single challenge we have is Arm’s ethos around information sharing. We have a belief – that has proven to be true – that this level of information sharing has allowed Arm to be extraordinarily successful and innovative. There’s no backing up from that, and that represents a huge amount of challenge; that level of information sharing is quite difficult to manage. “Rather than saying people are an intractable problem and therefore we can’t conquer this, if we start thinking about how we can mobilize them as a part of our overall cybersecurity defense mechanism, it causes you to rethink whether or not you’re serving your populous correctly.”
Machine learning enables Human Layer Security TF: “What I liked about Tessian is that it gave us an opportunity to use the ML in the background to try and develop context about whether or not something that someone was doing was either atypical or perhaps just part of a bad process. Either way, we can get a sense of whether or not what they’re doing is causing us risk. It doesn’t require us to be completely prescriptive about what we’re looking for, but it allows us to learn with the technology – and with the people – what normal patterns of behavior look like and, therefore, intervene when it matters and not have to react every time an alarm goes off. “You have all this amazing context of what people are doing on email, which is where people spend most of their time and where most of the risk comes for most organizations. How can we turn this into more than just making sure someone doesn’t fat finger an email address or send sensitive files where they’re not supposed to go? Can we take the context that we’re gaining through how people are using email and create more of those moments in time to connect with them?” Tessian fits into a larger security framework TF: “We have a whole bunch of other mechanisms to protect against traditional insider threats – the people who are really acting against our best interest – but that instance is infrequent and high impact. The person who makes the mistake is high frequency, medium-to high-impact. We were getting hammered on that sort of stuff, which is why we came to Tessian.”
“When used correctly and in a finite environment or a finite data set, DLP solutions are very effective at keeping that data where it’s supposed to be and understanding movement in that ecosystem. When you try to deploy that broadly though…you start to run into the inability of the DLP system to understand where that data is supposed to be. Is this person supposed to have it based on their role and their function? It’s not a smart technology like that. You end up trying to write these very complex rules that are hard to manage.” The future of Human Layer Security TF: “Can we start to mesh together what we know about the technology and the machines with real human behavior? It’ll not only help us find those bad guys in our environments who we know are there, but also to get out in front of people’s behavior rather than reacting to it after it happens. That’s the holy grail of what this could become. To get – if not predictive – at least start leading us toward where we think risk exists and allowing us an opportunity to intervene before things happen.” Want to learn more about how Tessian helps Arm catch and stop accidental data loss with Tessian Guardian and prevent spear phishing attacks with Tessian Defender? Read the case study here.
DLP
How a Gmail Design Flaw Causes Misdirected Emails
By Ed Bishop
15 January 2020
A seemingly innocuous and incredibly common occurrence like sending an email to the wrong recipient can have severe consequences. The sender of a misdirected email is often blamed for being careless, for not paying attention to detail and, in some cases, for being technically illiterate. This can set a culture of embarrassment for employees, which means many misdirected emails and their corresponding data breaches, are often not reported to line managers and compliance teams. Gmail Design Flaw A few years ago, Google added a feature to Gmail that suggests contacts to be added to an email’s recipient list. For example, if you add Jane and Sam to an email, it might suggest Ali, because Ali is often included on emails with Jane and Sam. Designed to be a productivity feature, this in itself could encourage a user to add a contact who maybe shouldn’t be included – resulting in a misdirected email. However, the focus of this article will be on what I consider to be an unpredictable UI (user interface) design flaw in the Gmail email compose window. We reported this flaw to Google’s Security Bug Report page on 18th December 2018. I consider this to be a relatively common email user flow: In a new email: Click in the recipient text area start typing the 1st recipient’s name, and press enter to select Start typing the 2nd recipient’s name, press enter to select Click in the Subject field to type desired email subject You can see this demonstrated in a video below: If you look carefully, as the second recipient is added—and after a significant delay, caused by an asynchronous API request—Google suggests that you might like to add two internal addresses to the email as they are often seen on emails with recipient 1 and recipient 2. But notice where Google positioned the “add recipient” hyperlink. It shifted the position of the subject text area down and placed the hyperlinks where the original subject text area was. The clickable hyperlink area is fully encapsulated by the old subject text area. In step 4 of the above user flow, if after adding the second recipient I quickly attempted to click in the subject text area, there is a chance that at that exact moment the delayed API request finishes, the subject bar shifts down, and I accidentally add an unintended recipient to the email. Ironically, I believe this unpredictable delay makes it more likely for a tech-savvy employee working quickly, — those who can navigate around the compose window more quickly than it takes for the API request to finish — to fall foul of this design flaw and accidentally misdirect an email. A Potential Fix There are many potential fixes, but I think a simple rule that “no UI component should unpredictably move” would solve this. I would suggest increasing the spacing of the default compose window so that the “add recipient” hyperlinks could fit above the subject bar without moving anything. Google’s Response We raised this design flaw with Google Security on 18th December 2018.
While Google does not feel it substantially affects the confidentiality or integrity of its users’ data, we disagree and believe this design flaw could lead to an increase in misdirected emails and data loss. Implications of sending misdirected emails can range from the embarrassing to the damaging, and can even lead to revenue loss due to reputational harm. Technology should be built and designed in a way to minimize human error, not increase the likelihood of it occurring. Update: this design flaw seems to only affect Gmail on browsers, not the mobile application.
DLP
A Brief History of Data Loss Prevention Solutions
09 January 2020
For many organizations, Data Loss Prevention (DLP) is at once one of the most important components of their security framework and the biggest headache for administrators. Why? Because most risks to data security actually come from within an organization, which means security teams have to classify and monitor data across hundreds – even thousands – of different entry and exit points of a corporate network. This includes user devices like laptops and mobile devices, email clients, servers, and gateways within the network. While every vendor offers a slightly different functionality – and can solve for data loss on email, endpoints, or networks – the goal of DLP software is essentially the same: to minimize the risk of data leaving the organization. To understand the agility and efficiency of some modern solutions, it’s important to understand not only the history of DLP but the history of email. This is, after all, where employees now spend 40% of their time. How has email changed over the years? Today, most of us have at least one email address. It’s the main form of communication both in the workplace and with consumer-facing brands. While a decade or two ago, we might have used traditional mail, picked up the phone, or even met in person to share information, now we freely send sensitive data and information like bank account details, medical records, and confidential trade secrets via email every day. And, the fact is, most of us don’t consider the security of these exchanges. But, with the exchange of sensitive information comes potential risks. As such, there’s an urgent need to keep email – and therefore data – safe and secure. Back in the 1990s, when email started to take off, there was little-to-no email security. It soon became apparent that some kind of filtering system was necessary. This way, people could not only limit the volume of emails they received, but they could ensure that whatever landed in their inbox was relevant. While this filtered out spam broadly, we remain exposed to targeted email threats like phishing or spear phishing attacks. Internet Service Providers (ISPs), Secure Email Gateways (SEGs), and anti-virus software took filtering a step further, using pattern and keyword recognition to identify potentially threatening emails, but it’s still not enough. In fact, the number of phishing attacks continues to rise and 2019 saw the highest number in three years. Of course, this isn’t the only problem with email. As we mentioned, there are also data risks within an organization. Data could be lost through a simple mistake, for example sending a misdirected email. Or, there could be more nefarious intent, like a disgruntled employee leaving the company on bad terms and taking valuable information with them. So, how do you solve all of these problems? There are two schools of thought: one is data-centric and the other is human-centric. Data vs. human behavior When you consider the objective of DLP, you realize there are two distinct approaches to take. Data-centric approach: Rule-based solutions use the content of an email to perform analysis. These rules consider keywords, attachments, seniority level, and even the role or department of an employee to identify sensitive information and keep it within the organization. Human-centric approach: Instead of focusing only on the data, human-centric approaches like those offered by Tessian seek to understand complex and ever-evolving human relationships in order to protect sensitive information. While both approaches have their merits, there are some clear shortcomings to a data-centric approach.
That means that the more effective solution is one that’s adaptable and can discern the variations in human behavior over time. A solution like this relies on machine-intelligent software that learns from historical email data to determine what is and isn’t anomalous in real-time. Learn more about human-centric DLP Tessian Guardian and Tessian Enforcer are advanced DLP solutions that leverage machine learning to offer superior data protection in real-time.
Human Layer Security Spear Phishing DLP
A Year in Review: 2019 Product Updates
By Harry Wetherald
01 January 2020
2019 was a big year for email security. While the world did see a record number of data breaches (up 33% from 2018) we also saw tighter security-related policies and regulations drafted and implemented, and, in general, an increased awareness amongst businesses about the importance of proactive security strategies. While we may be biased, it seems note-worthy that human error became more and more of a talking point in the cybersecurity space. In fact, human error and the importance of machine learning and artificial intelligence in protecting people has been one of the most talked about trends by analysts going into the new year. Similarly, companies are waking up to the fact that humans are their biggest risk. It’s about time. After all, misdirected emails – emails accidentally sent to the wrong person – have been one of the top data security incidents reported under GDPR according to the Information Commissioner’s Office. We believe it’s unreasonable to expect employees to do the right thing 100% of the time when it comes to making security-related decisions; people break the rules, people make mistakes, and people can be hacked. To err is human! What’s more, we have seen how quickly the threat landscape continues to evolve, which is why throughout 2019, we rolled out a series of important product updates that have kept our user base – which saw triple digit growth over the last 12 months – safe. Here are the most important product updates to Tessian’s Human Layer Security platform for 2019.
1. Human error, quantified. The new Tessian Dashboard gives customers an at-a-glance view of breaches and near-misses on email Keen to discover trends related to the number of breaches that were prevented by Tessian over the last 30 days? Our easy-to-navigate dashboard gives administrators a complete overview of activity, including any malicious and anomalous emails detected, misdirected emails prevented, and unauthorized email attempts thwarted. Module performance for Tessian Defender, Guardian, Enforcer, and Constructor are all visible on one page, and visual representations of data make it easy to monitor and drill down on activity day-by-day. If suspicious activity is spotted, you can quickly and easily generate a report without navigating off the page. The Tessian Dashboard also allows administrators to view user health at a glance, including the percentage of users active on the Add-in and Gateway and any connection issues across the network. This will help in-house security teams ensure every employee within their organization is protected by Tessian’s modules at all times. 2. Evolving algorithms. Tessian Defender can now detect and prevent more spear phishing attempts than ever Throughout 2019, Tessian Defender was improved through a series of subtle but impactful tweaks to our algorithms to be even more adept at detecting spear phishing attempts, including advanced, difficult-to-detect direct spoof attacks. The fact is, bad actors are using increasingly sophisticated techniques to trick unsuspecting people into handing over sensitive information or granting access to controlled networks. It’s imperative that we stay ahead of the curve, hence the regular updates. Tessian Defender has improved over time – and will continue to improve – enabling the detection and prevention of even the most advanced spear phishing attempts.
3. Thwarted first-attempts. It’s now even more difficult for employees to exfiltrate sensitive data Tessian Enforcer can now detect the first attempt an employee makes to exfiltrate data over email. How? By inferring what is and isn’t likely to be authorized communication based on the vast amount of data Tessian’s ML algorithm was trained on, which doesn’t necessarily rely on prior email history of a particular email address. For example, if an employee attempts to send an email to their personal, freemail account and that email address contains the employee’s first name or surname, Tessian Enforcer presents a warning to the user advising them that the behavior is potentially unsafe and prompting them to reconsider the action. Data exfiltration remains an incredibly unwieldy problem for businesses. Tessian gives businesses much-needed oversight of the problem over email.
4. In-situ learning opportunities. Employees have an opportunity to understand why an email is unsafe with contextual warnings While Tessian prides itself on low flag rates so that security doesn’t impede productivity, we wanted to maximize the opportunity to educate users through our warnings. This way, when users do see a notification, they understand why. Improved warnings across all four modules were designed for a more user-friendly experience that seamlessly reinforces any previous or ongoing security training. With more context included, employees can now see exactly why an email is being flagged as suspicious and – importantly – they can make their own decision on how to proceed. This is at the core of Tessian’s mission. Employees should be empowered by security solutions instead of burdened by them. 5. New detection capabilities. Customers can create rules that are specific to their environment Every business or enterprise is different and IT and Infosec security leaders need some flexibility in creating filter conditions that are applicable specifically to their operations. Because we’ve introduced new detection capabilities, users can now combine more conditions to create filters for their individual use cases; for example, scanning attachment content, identifying hidden fields in spreadsheets, and reading Azure Information Protect and other DLP labels. At the most basic level, these rules look something like this: If A and B, then C, except when D or E. These variables can apply to a number of elements contained in an email, from the recipient(s) to language patterns. One way an administrator might use these new detection capabilities would be to configure a filter which only allows the finance team, for example, to share spreadsheets with people outside of their organization if the recipient’s email address is recognized as a customer, except when the attachment contains a hidden row titled “social security numbers”. Protect your most valuable asset: your people Tessian is committed to creating the world’s first Human Layer Security platform and exciting developments lie ahead as we build out a holistic platform to protect people using email and, eventually, other interfaces frequently used in the workplace. Not yet a Tessian customer? Across four modules, Tessian protects the human layer by detecting and preventing both inbound and outbound threats. This includes advanced spear phishing attacks, accidental data loss, and data exfiltration. Tessian is quickly and easily deployed to Office 365, Exchange, and G-Suite, product updates are seamlessly rolled out for users and administrators, and the technology – which doesn’t disrupt workflow – was built with productivity in mind. To understand how Tessian can fit into your existing security framework, request a demo now.
Human Layer Security DLP
The Dark Side of Sending Work Emails “Home”
By Cai Thomas
11 October 2019
This article was originally published on TechRadar Pro. In the last four years, the number of remote working jobs has more than doubled, as employers acknowledge the need to change traditional working practices. In fact, it’s expected that 50% of the UK workforce will work remotely by 2020, further blurring the lines between home and the office. This shift has huge benefits; improving people’s work-life balance, increasing employee productivity and boosting employee retention rates. However, it does also pose a problem for one very important aspect of business: data security. Data security is at a greater risk as staff are more likely to send important and, even, confidential company information to personal email accounts, with the usual intention of working on documents at home. Worryingly, many are completely unaware how risky these actions are. According to tech firm Probrand, nearly two-thirds of UK employees have forwarded customer emails to their personal email accounts and 84% of them did not feel they were doing anything wrong. So what are the risks with sending work home? And who are the workers you need to be wary of? 1. The 24/7 worker While a number of the emails sent ‘home’ contain non-sensitive information, like travel arrangements, cinema tickets or food recipes, we’ve seen that around 10-15% of emails sent to personal accounts contain company sensitive information. We’ve all been there; it’s late on a Friday, that Monday deadline is looming, and the employee thinks to themselves, “I’ll just have to finish this document at home over the weekend”. So they send the document to their, or their partner’s, personal freemail account. However, this can have devastating consequences for the company’s reputation and it could destroy customers’ trust in the business. The problem is that by sending emails ‘home’, the information the messages contain now sits in an environment that is not secured by the company, leaving the data vulnerable to cybercriminals. It’s also important to note that this simple act of sending work home means your company is now at risk of breaching data protection regulations, like GDPR, due to the fact that you, as the Data Controller, no longer have oversight as to where the data is held. Boeing, for example, faced scrutiny after an employee shared a spreadsheet containing the personal information of 36,000 co-workers with his spouse, simply because she was better at Excel formatting than him. The incident sparked an internal security investigation and was brought to the attention of the Washington state Attorney General and other officials in California because employee data had left the control of the company. 2. The leaver We often see a spike in data exfiltration during an employee’s notice period. Workers know they’re not supposed to, but the temptation to take information that will give them an advantage in their new role is hard to ignore. As such, we see people sending company IP and client data to personal accounts prior to moving to another employer. This happens most frequently in industries such as financial services, legal, healthcare and recruitment, where a person’s client base and network is king. The task of manually monitoring suspicious ‘leaver’ behaviour over email has become incredibly challenging for IT staff, due to the increased employee churn rate year on year. A study by LinkedIn found that young workers now switch jobs four times in their first 10 years after graduation. However, by not putting a stop to this act, companies could face losing their competitive advantage as well as their clients’ business due to leaked secrets, strategy and IP. 3. The malicious insider This is where employees steal data from their company for personal or financial gain. Despite being less common, the threat of the ‘malicious insider’ is something businesses have come up against more frequently in the past few years. Employees will typically steal confidential company secrets and/or client data with the intention of selling it on the dark web or handing it over to a competitor to damage their current company. Just last year, Bupa fell victim to this crime after the personal data of 500,000 customers was sold on the dark web while audit firm SRBC and Co.’s reputation was tarnished after its client’s earnings estimation was maliciously leaked over email. An intelligent solution for a flexible workforce There can be no denying that monitoring all employee email behavior is an arduous task for IT and compliance teams to undertake. With the average employee sending and receiving 124 emails a day, and with daily email traffic increasing 5% year on year, deciphering data exfiltration within email logs is like finding a needle in a haystack. To help tackle the problem of data being leaked to unauthorized accounts, some organizations opt to simply blacklist all freemail domains. However, this can impede productivity and is usually ineffective given that many clients, small businesses and contractors use freemail accounts, as do prospective applicants looking for jobs at the company. Businesses need a more intelligent approach to data exfiltration – one that can look at the emails each employee has sent and received in the past, in order to identify non-business contacts with whom each employee interacts with. Machine learning, for example, can evolve to understand the differences between authorized and unauthorized freemail accounts, and it can analyze email content to determine whether it is sensitive or non-sensitive. By doing so, machine learning can make an accurate prediction as to whether an employee is exfiltrating data and acting against company policies. There will always be reasons for people to bend the rules and leak data outside of their organization – maliciously or for convenience. The consequences for doing so, though, could be devastating for any company; huge fines, loss of competitive advantage and a damaged reputation. So as more businesses adopt remote working practices, it’s important that technologies are place to ensure company sensitive data is secure and not at risk of ‘being sent home’.
DLP
Bupa Fined £175,000: The Risks and Costs of Unauthorized Emails
18 October 2018
As the recent Bupa data breach highlighted, the sending of unauthorized emails – an email that is intentionally sent to an unauthorized recipient, such as an employee’s personal email account – can have a detrimental financial and reputational impact upon an organization. The global insurance and healthcare group’s failure to prevent the exfiltration and attempted sale of over half a million international health insurance customers’ personal information led to a £175,000 fine and a damning evaluation of its negligent security practices.
The loss of consumer data can also result in: • Breaching contracts or non-disclosure agreements • The loss of IP and proprietary research • Breaching data protection regulations • Heavy fines imposed by regulators and clients (GDPR, in particular, will greatly increase fines for all manner of data breaches) Despite such demonstrably damaging ramifications, many organizations do not have sufficiently secure networks and, as a result, lack the necessary visibility over how sensitive data is processed and stored. Before they know it, sensitive data is shared, stolen and sold; the damage is done. For large organizations like Bupa, monitoring thousands of employees and hundreds of thousands of email communications containing millions of pieces of data can seem an insurmountable and relentless task. In 2018, it is estimated that 124.5 billion business emails were sent every day with each employee sending an average of 31 each. These figures are only expected to increase (by at a rate of 3% per annum over the next few years) as corporate email networks grow in size and importance. Organizations that possess large amounts of highly sensitive patient or consumer data like Bupa have a duty to prevent this kind of data breach from happening. If they cannot monitor or control employee behaviour, they must take the necessary steps to find and invest in an approach and solution that can prevent unauthorized emails from being sent. It’s crucial to be proactive – rather than reactive – to address this kind of threat As such, we recommend enterprises employ an email security platform that offers comprehensive protection against the sending of unauthorized emails. Tessian Enforcer, for example, uses machine learning to understand human conversation patterns in order to detect, flag and prevent anomalous emails, which may contain sensitive data, from being sent to unauthorized or personal email accounts.
Human Layer Security DLP Data Exfiltration
What is an Insider Threat? Insider Threat Definition, Examples, and Solutions
By Maddie Rosenthal
29 June 0201
Organizations often focus their security efforts on threats from outside. But increasingly, it’s people inside the organization who cause data breaches. There was a 47% increase in Insider Threat incidents between 2018 and 2020, including via malicious data exfiltration and accidental data loss. And the comprehensive Verizon 2021 Data Breach Investigations Report suggests that Insiders are directly responsible for around 22% of security incidents. So, what is an insider threat and how can organizations protect themselves from their own people?
Importantly, there are two distinct types of insider threats, and understanding different motives and methods of exfiltration is key for detection and prevention. Types of Insider Threats The Malicious Insider
Malicious Insiders knowingly and intentionally steal data, money, or other assets. For example, an employee or contractor exfiltrating intellectual property, personal information, or financial information for personal gain.  What’s in it for the insider? It depends. Financial Incentives Data is extremely valuable. Malicious insiders can sell customer’s information on the dark web. There’s a huge market for personal information—research suggests you can steal a person’s identity for around $1,010. Malicious Insiders can steal leads, intellectual property, or other confidential information for their own financial gain—causing serious damage to an organization in the process. Competitive Edge Malicious Insiders can steal company data to get a competitive edge in a new venture. This is more common than you might think.  For example, a General Electric employee was imprisoned in 2020 for stealing thousands of proprietary files for use in a rival business. Unsurprisingly, stealing data to gain a competitive edge is most common in competitive industries, like finance and entertainment. The Negligent (or Unaware) Insider 
Negligent Insiders are just “average” employees doing their jobs. Unfortunately, “to err is human”… which means people can—and do—make mistakes. Sending a misdirected email Sending an email to the wrong person is one of the most common ways a negligent insider can lose control of company data. Indeed, the UK’s Information Commissioner’s Office reports misdirected emails as the number one cause of data breaches.  And according to Tessian platform data, organizations with over 1,000 employees send around 800 misdirected emails every year. We’ve put together 11 Examples of Data Breaches Caused By Misdirected Emails if you want to see how bad this type of Insider Threat can get. Phishing attacks Last year, 66% of organizations worldwide experienced spear phishing attacks. Like all social engineering attacks, phishing involves tricking a person into clicking a link, downloading malware, or taking some other action to compromise a company’s security. A successful phishing attack requires an employee to fall for it. And practically any of your employees could fall for a sophisticated spear phishing attack. Want to know more about this type of Negligent Insider threat? Read Who Are the Most Likely Targets of Spear Phishing Attacks? Physical data loss  Whether it’s a phone, laptop, or a paper file, losing devices or hard-copy data can constitute a data breach. Indeed, in June 2021, a member of the public top-secret British military documents in a “soggy heap” behind a bus stop. Looking for more examples of Insider Threats (both malicious and negligent?) Check out this article: 17 Real-World Examples of Insider Threats How can I protect against Insider Threats? As we’ve seen, common Insider Threats are common. So why is so hard to prevent them? Detecting and preventing Insider Threats is such a challenge because it requires full visibility over your data—including who has access to it. This means fully mapping your company’s data, finding all entry and exit points, and identifying all the employees, contractors, and third parties who have access to it. From there, it comes down to training, monitoring, and security. Training While security awareness training isn’t the only measure you need to take to improve security, it is important. Security awareness training can help you work towards legal compliance, build threat awareness, and foster a security culture among your employees. Looking for resources to help train your employees? Check out this blog with a shareable PDF. Monitoring Insider Threats can be difficult to detect because insiders normally leverage their legitimate access to data. That’s why it’s important to monitor data for signs of potentially suspicious activity. Telltale signs of an insider threat include: Large data or file transfers Multiple failed logins (or other unusual login activity) Incorrect software access requests Machine’s take over Abuse by Service Accounts Email Security The vast majority of data exfiltration attempts, accidental data loss incidents, and phishing attacks take place via email. Therefore, the best action you can take to prevent insider threats is to implement an email security solution. Tessian is a machine learning-powered email security solution that uses anomaly detection, behavioral analysis, and natural language processing to detect data loss. Tessian Enforcer detects data exfiltration attempts and non-compliant emails Tessian Guardian detects misdirected emails and misattached files Tessian Defender detects and prevents spear phishing attacks How does Tessian detect and prevent Insider Threats? Tessian’s machine learning algorithms analyze your company’s email data. The software learns every employee’s normal communication patterns and maps their trusted email relationships — both inside and outside your organization. Tessian inspects the content and metadata of inbound emails for any signals suggestive of phishing—like suspicious payloads, geophysical locations, IP addresses, email clients—or data exfiltration—like anomalous attachments, content, or sending patterns. Once it detects a threat, Tessian alerts employees and administrators with clear, concise, contextual warnings that reinforce security awareness training
Page