A Complete Overview of DLP on Email

  • By Maddie Rosenthal
  • 27 April 2020

Data Loss Prevention is a vital part of security frameworks across industries, from Healthcare and Legal to Real Estate and Financial Services. There are dozens of different DLP solutions on the market, each of which secures data differently depending on the perimeter it is protecting.

There are three main types of DLP, including:

  1. Network DLP
  2. Endpoint DLP
  3. Email DLP

While we’ve covered the topic of Data Loss Prevention broadly in our blog What is DLP?, we think it’s important for individuals and larger organizations to understand why email is the most important threat vector to secure and how Tessian approaches the problem of data loss on email differently.  

“Once data leaves your organization, you lose control of it and now, with compliance standards like HIPPA, GDPR, and CCPA, organizations face greater consequences in the event of a data breach.”

Why is DLP on email important?

Billions of email messages are sent every day to and from organizations. Contained within many of these emails is highly sensitive information including personal details, medical records, intellectual property, and financial projections.

Businesses, institutions, and governments rely on being able to share sensitive data with the right people how and when they want. But, at the same time, they also need to ensure data isn’t put at risk, whether through careless mistakes or intentional exfiltration. 

Once data leaves your organization, you lose control of it and now, with compliance standards like HIPPA, GDPR, and CCPA, organizations face greater consequences in the event of a data breach, including: 

  • Lost data
  • Lost intellectual property
  • Revenue loss
  • Losing customers and/or their trust
  • Regulatory fines
  • Damaged reputation 

And, with employees being busier than ever, it’s easier to make mistakes, for example typing the wrong email address when sending an email, or emailing a document to a personal account and raising the chance of that data being compromised.

Interested in Why People Make Mistakes? Click the link to read our report.

Importantly, though, mistakes are just one of the main causes of data loss on email.

What are the main causes of data loss on email?

The biggest risk to data security usually comes from within organizations. While few employees mean their company harm, the transfer of huge amounts of information every day by busy people means that mistakes happen, some with great cost to organizations’ reputations and balance sheets.

People pose three main risks to their employers: they make mistakes, they can be hacked or tricked, and they can choose to break the rules.

Mistakes

People regularly send the wrong thing to the right person or, alternatively, the right thing to the wrong person. This is known as misdirected email. For example, an employee who means to send a spreadsheet of financial projections to Jean Smith who works for the firm’s accounting partner, but accidentally sends it to John Smith who works for a different firm entirely.

Being tricked

“Bulk” phishing, malware and ransomware scams, where employees are deceived or coerced into sending data or money, are increasingly common. But a bigger threat comes from spear phishing emails; these are targeted attempts by sophisticated attackers who have researched genuine business relationships to launch highly convincing attacks. This could manifest, for example, in a cybercriminal impersonating a real supplier claiming to need urgent payment to process an order.

Breaking the rules

At the extreme end, this could be an employee deliberately selling company secrets to competitors. But it may also be the result of ignorance: for example, the lawyer who sends a spreadsheet to his personal email on a Friday to get some work done over the weekend. Some cases may need disciplinary procedures, others a simple reminder that this is not allowed. But every instance places data at risk and must be stopped before the information leaves the organization.

All of these circumstances pose tremendous risks.

Even if 99% of information sharing is secure, it only takes one rushed email to the wrong person to expose sensitive data and raise the chance of data loss or data exfiltration. DLP aims to minimize the chance of any of the above happening by catching sensitive information before it reaches the wrong person.

How can DLP for email protect an organization?

Based on the main causes of data loss on email, there are two threats DLP must account for:

  1. Accidental Data Loss: To err is human. For example, an employee might fat finger an email and send it to the wrong person. While unintentional, this mistake could and has led to a costly data breach. DLP solutions need to be able to flag the email as misdirected before it’s sent, either by warning the individual or automatically quarantining or blocking it.
  2. Malicious Exfiltration: Whether it’s a bad leaver or someone hoping to sell trade secrets, some employees do, unfortunately, have malicious intent. DLP solutions need to be able to identify data exfiltration attempts over email before they happen in order to prevent breaches.
“Not only is creating and maintaining the rules that police data within an organization time-consuming for administrators, but, oftentimes, these rules don’t succeed in preventing data exfiltration or accidental data loss. Why? New threats can evade pre-existing rules and employees or hackers can find workarounds.”

The limitations of rule-based DLP

Unfortunately, DLP – especially rule-based DLP – can be a blunt instrument. These solutions include:

  1. Blocking accounts/domains
  2. Blacklisting email addresses
  3. Tagging data

Not only is creating and maintaining the rules that police data within an organization time-consuming for administrators, but, oftentimes, these rules don’t succeed in preventing data exfiltration or accidental data loss. Why? New threats can evade pre-existing rules and employees or hackers can find workarounds.

Rules simply don’t reflect the limitless nuances of human behavior and data loss is a human problem: it is people that share data and it is their actions that lead to data getting lost. To accurately detect when data loss is about to happen, you actually need to understand the context behind the action an employee is taking, rather than just the content that’s being shared.

You can read more about the Drawbacks of Traditional DLP on Email here.

How does Tessian’s email DLP solution work?

While IT and security teams could work tirelessly to properly deploy and maintain rule-based DLP solutions to detect potential threats and limit the exposure of sensitive data, there’s a better, smarter way.

Human Layer Security.

Tessian uses contextual machine learning to address the problem of accidental or deliberate data loss by applying human understanding to email behavior.

Our contextual machine learning models analyze historical email data to understand how people work and communicate. They have been trained on more than two billion emails – rich in information on the kind of data people send and receive every day. And they continue to adapt and learn as human relationships evolve over time.

This enables Tessian Guardian to look at email communications and determine in real-time if particular emails look like they’re about to be sent to the wrong person. Tessian Enforcer, meanwhile, can identify when sensitive data is about to be sent to an unsafe place outside an organization’s email network.

Do I need an email DLP solution?

Each organization has different needs when it comes to DLP. But, email DLP is more important now than ever, especially with misdirected emails being the number one incident reported under GDPR. 

But, it’s important to consider the biggest problems in your own organization, ease-of-deployment, and internal resources when choosing a solution.

If your biggest concern is data exfiltration and you’re looking for a solution that’s easy and quick to deploy and that doesn’t require heavy maintenance from an administrator, Tessian Enforcer may be right for you. If your biggest concern is accidental data loss and – again – you’re looking for a solution that’s easy and quick to deploy and that doesn’t require heavy maintenance from an administrator, Tessian Guardian might be for you.

Maddie Rosenthal