Data Loss Prevention is a vital part of security frameworks across industries, from Healthcare and Legal to Real Estate and Financial Services. There are dozens of different DLP solutions on the market, each of which secures data differently depending on the perimeter it is protecting.
There are three main types of DLP, including:
While we’ve covered the topic of Data Loss Prevention broadly in our blog What is DLP?, we think it’s important for individuals and larger organizations to understand why email is the most important threat vector to secure and how Tessian approaches the problem of data loss on email differently.
Billions of email messages are sent every day to and from organizations. Contained within many of these emails is highly sensitive information including personal details, medical records, intellectual property, and financial projections.
Businesses, institutions, and governments rely on being able to share sensitive data with the right people how and when they want. But, at the same time, they also need to ensure data isn’t put at risk, whether through careless mistakes or intentional exfiltration.
Once data leaves your organization, you lose control of it and now, with compliance standards like HIPPA, GDPR, and CCPA, organizations face greater consequences in the event of a data breach, including:
And, with employees being busier than ever, it’s easier to make mistakes, for example typing the wrong email address when sending an email, or emailing a document to a personal account and raising the chance of that data being compromised.
Interested in Why People Make Mistakes? Click the link to read our report.
Importantly, though, mistakes are just one of the main causes of data loss on email.
The biggest risk to data security usually comes from within organizations. While few employees mean their company harm, the transfer of huge amounts of information every day by busy people means that mistakes happen, some with great cost to organizations’ reputations and balance sheets.
People pose three main risks to their employers: they make mistakes, they can be hacked or tricked, and they can choose to break the rules.
People regularly send the wrong thing to the right person or, alternatively, the right thing to the wrong person. This is known as misdirected email. For example, an employee who means to send a spreadsheet of financial projections to Jean Smith who works for the firm’s accounting partner, but accidentally sends it to John Smith who works for a different firm entirely.
“Bulk” phishing, malware and ransomware scams, where employees are deceived or coerced into sending data or money, are increasingly common. But a bigger threat comes from spear phishing emails; these are targeted attempts by sophisticated attackers who have researched genuine business relationships to launch highly convincing attacks. This could manifest, for example, in a cybercriminal impersonating a real supplier claiming to need urgent payment to process an order.
At the extreme end, this could be an employee deliberately selling company secrets to competitors. But it may also be the result of ignorance: for example, the lawyer who sends a spreadsheet to his personal email on a Friday to get some work done over the weekend. Some cases may need disciplinary procedures, others a simple reminder that this is not allowed. But every instance places data at risk and must be stopped before the information leaves the organization.
All of these circumstances pose tremendous risks.
Even if 99% of information sharing is secure, it only takes one rushed email to the wrong person to expose sensitive data and raise the chance of data loss or data exfiltration. DLP aims to minimize the chance of any of the above happening by catching sensitive information before it reaches the wrong person.
Based on the main causes of data loss on email, there are two threats DLP must account for:
Unfortunately, DLP – especially rule-based DLP – can be a blunt instrument. These solutions include:
Not only is creating and maintaining the rules that police data within an organization time-consuming for administrators, but, oftentimes, these rules don’t succeed in preventing data exfiltration or accidental data loss. Why? New threats can evade pre-existing rules and employees or hackers can find workarounds.
Rules simply don’t reflect the limitless nuances of human behavior and data loss is a human problem: it is people that share data and it is their actions that lead to data getting lost. To accurately detect when data loss is about to happen, you actually need to understand the context behind the action an employee is taking, rather than just the content that’s being shared.
You can read more about the Drawbacks of Traditional DLP on Email here.
While IT and security teams could work tirelessly to properly deploy and maintain rule-based DLP solutions to detect potential threats and limit the exposure of sensitive data, there’s a better, smarter way.
Tessian uses contextual machine learning to address the problem of accidental or deliberate data loss by applying human understanding to email behavior.
Our contextual machine learning models analyze historical email data to understand how people work and communicate. They have been trained on more than two billion emails – rich in information on the kind of data people send and receive every day. And they continue to adapt and learn as human relationships evolve over time.
This enables Tessian Guardian to look at email communications and determine in real-time if particular emails look like they’re about to be sent to the wrong person. Tessian Enforcer, meanwhile, can identify when sensitive data is about to be sent to an unsafe place outside an organization’s email network.
Each organization has different needs when it comes to DLP. But, email DLP is more important now than ever, especially with misdirected emails being the number one incident reported under GDPR.
But, it’s important to consider the biggest problems in your own organization, ease-of-deployment, and internal resources when choosing a solution.
If your biggest concern is data exfiltration and you’re looking for a solution that’s easy and quick to deploy and that doesn’t require heavy maintenance from an administrator, Tessian Enforcer may be right for you. If your biggest concern is accidental data loss and – again – you’re looking for a solution that’s easy and quick to deploy and that doesn’t require heavy maintenance from an administrator, Tessian Guardian might be for you.