Having deployed Tessian at the end of 2020, Israel Bryski, Head of Information Security at an investment management firm headquartered in NYC, shared how Tessian has helped him and his team improve their security posture while changing employee behavior long-term.
The firm, which was formed in the early 1980s, has offices across Spain, Germany, the UK, and Singapore, and currently has 200 employees managing retirement plans and investments for roughly 30,000 current and former Mckinsey employees.
Their journey to Tessian
- Before working with Tessian, the firm had their developers build a custom Outlook add-in to prevent accidental data loss via misdirected emails
- Every time someone would send an outbound email to an external domain, they would get a pop-up asking them, “Are you sure to send to this domain?”
- But, because there was no context in the pop-up, it wasn’t as effective as it could have been immediately following roll-out. Employees were still blindly ignoring the warning, and accidentally sending emails to the wrong person.
- At the same time, the security team was also struggling to make security awareness training engaging and relevant to employees
- Guardian: Automatically prevents accidental data loss via misdirected emails and misattached files. No rules required.
- Human Layer Risk Hub: Enables security and risk management teams to deeply understand their organization’s email security posture, including individual user risk levels and drivers
Security Environment After Deploying Tessian
Explaining the “why” behind policies to change behavior
For Israel and his team, education is key.
Having learned from their custom-built Outlook Add-In which warned employees when an email was being sent to the wrong email address, but didn’t offer insight into the “why”, the team wanted to find a solution that offered context and that would bolster their security awareness training programs.
They found that in Tessian and, since deployment, they’ve actually seen a change in behavior and a reduction in data loss incidents.
In this example, Tessian Guardian is warning the employee that they have likely attached the wrong file to an email.
Learn more about why in-the-moment warnings are so effective.
Because Tessian is powered by machine learning instead of rules, it’s able to detect data exfiltration attempts and misdirected emails with incredible accuracy. In fact, on average, employees receive just two warning messages per month.
That means when an email is flagged, they pay attention.
Better still, Tessian gets smarter over time and evolves in tandem with changing relationships. As data becomes more accurate, false positives decrease. And with a decrease in false positives, comes an increase in trust.
“We’ve seen numerous examples where Tessian’s contextualized pop-ups add value. When they do come, they are context-rich. Not only have we prevented potential breaches, but we’ve helped educate our employees and make them more engaged. Over time, we’ve actually seen how behavior can change and risk can be reduced.”
Preventing accidental data loss without impeding productivity
Since deploying Tessian, over 100 data loss incidents have been prevented.
Israel shared an example:
- Someone at the firm created a goodbye video for a senior exec who was retiring; they meant to send it to a colleague for them to play the video in the goodbye meeting. When the sender put the address in the To field, they typed in the first letters, and another external vendor’s email popped up that was cached. They didn’t pay attention, added that address to the email, and tried to send it.
- When he went to send the email, he got the Guardian pop-up asking him if that vendor’s address was really meant to be part of the group of recipients. He read the contextualized warning, removed that particular vendor, and added the correct recipient.
It goes to show: Tessian does more than prevent breaches. It also saves employees from red-faced embarrassment.
Israel and his team have gotten kudos from quite a few people in the firm. One exec in particular was always casting a shadow over the different security tools that had been deployed.
He explained, saying “When we got kudos from him, that was a big win in my book! He actually sees the value of Tessian, why we’re purchasing new technology, and why we’re constantly evaluating new solutions on the market that can augment and complement our security program.”
Interested in learning more about how Tessian can help prevent accidental data loss in your organization? You can read some of our customer stories here or book a demo.