DLP

How Does Data Loss Prevention for Email Work?

  • 09 February 2020

Data Loss Prevention is a vital part of security frameworks across industries, from Healthcare and Legal to Real Estate and Financial Services. There are dozens of different DLP solutions on the market, each of which secures data differently depending on the perimeter it is protecting.

There are three main types of DLP, including:

  1. Network DLP
  2. Endpoint DLP
  3. Email DLP

While we’ve covered the topic of email DLP broadly in this Complete Overview of DLP on Email, we think it’s important for individuals and larger organizations to fully understand what the proper application of email DLP can offer and, with that, why it’s so important to know which email DLP system to implement.

How can DLP for email protect an organization?

Importantly, there are two types of threats DLP must account for:

  1. Accidental Data Loss: To err is human. For example, an employee might fat finger an email and send it to the wrong person. While unintentional, this mistake could and has led to a costly data breach. DLP solutions need to be able to flag the email as misdirected before it’s sent, either by warning the individual or automatically quarantining or blocking it.
  2. Malicious Exfiltration: Whether it’s a bad leaver or someone hoping to sell trade secrets, some employees do, unfortunately, have malicious intent. DLP solutions need to be able to identify data exfiltration attempts over email before they happen in order to prevent breaches.

An introduction to rule-based DLP

On a basic level, the bulk of DLP solutions operate via rule-based policies, using if-then statements to lock down data after it’s been classified.

For example, if you want to ensure your HR department doesn’t share personally identifiable information (PII) like employees’ social security numbers, you could create a rule on email: “If an outbound email to a party outside of the organization contains the word ‘social security number’, then block. it.”

You could also create a more broad rule. For example, if you wanted to prevent accidental data loss of company information, you might forbid employees to send emails to their personal email accounts. To enforce this, you might block all emails from an official company account to freemail accounts like  @gmail.com, @yahoo.com, or @hotmail.com.

Of course, these rules need to be set up separately for each organization where a DLP system is implemented. Various factors can influence these rules, including the type of data being protected, workflows, and existing policies, procedures, and tools. This will help you recognize potential “borders” that sensitive data shouldn’t cross.

The limitations of rule-based DLP

Unfortunately, DLP – especially rule-based DLP – can be a blunt instrument.

“Not only is creating and maintaining the rules that police data within an organization time-consuming for administrators, but, oftentimes, these rules don’t succeed in preventing data exfiltration or accidental data loss. Why? New threats can evade pre-existing rules and employees or hackers can find workarounds.”

Rules simply don’t reflect the limitless nuances of human behavior.

A better approach to DLP

While IT and security teams could work tirelessly to properly deploy and maintain rule-based DLP solutions to detect potential threats and limit the exposure of sensitive data, there’s a better, smarter way.

Human Layer Security.

Instead of rules, Tessian’s DLP solutions use contextual machine learning models to understand the context of human behavior and communications.

Trained on historical emails and real-time correspondence, machine-intelligent software can recognize what looks suspicious; similar to what a human cybersecurity expert could do. However, unlike humans, it can do this thousands of times per second without missing key information or getting tired.

Which email DLP solution is right for my organization?

As we’ve mentioned, each organization has different needs when it comes to DLP. Some might need more network protection while others need to lock down email. In either case, it’s important to consider the budget, ease of deployment, and internal resources alongside the biggest threat vectors for data loss.

If your biggest concern is data exfiltration and you’re looking for a solution that’s easy and quick to deploy and that doesn’t require heavy maintenance from an administrator, Tessian Enforcer may be right for you. If your biggest concern is accidental data loss and – again – you’re looking for a solution that’s easy and quick to deploy and that doesn’t require heavy maintenance from an administrator, Tessian Guardian might be for you.