Request a Demo of Tessian Today.

Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

Prepare for the next wave of email attacks at Fwd: Thinking on Nov 2 | Save Your Seat →

The ICO expands GDPR guidance to recommend a data loss prevention tool

by Meghan Brisson Monday, September 11th, 2023

Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises.

Are you up-to-date on the latest data protection requirements? On Aug 30, the ICO released  new guidance for organizations to implement additional email protection like a data loss prevention tool, among other suggestions. 

What is the TLDR? 

In short, it’s important for organizations to recognize that email addresses can be personal information, and therefore must be treated with care when using CC and BCC functions appropriately. 

In addition to staff training, organizations  should consider additional security measures when  handling and sending sensitive or confidential information. 

Why is this important? 

The ICO has seen hundreds of data breaches where a sender misused the BCC field. BCC can be a useful function to protect the identity of recipients, but it’s not enough to properly protect personal information within the body and attachments of the email. Especially when an email gets sent to the wrong recipient by mistake — a simple typo is all it takes for a potential data breach. 

What security measures should be considered? 

To balance employee productivity on email with security compliance, appropriate DLP controls need to be implemented, as well as staff training to help reduce human error. According to the ICO, there are a few alternatives to consider to ensure data security: 

  • Set rules within your email system to warn users when they use the CC field.
  • Set a delay to allow employees  time to correct their mistakes.
  • Have robust internal reporting processes to allow key staff to quickly investigate, contain, risk-assess the seriousness of the situation, and notify the ICO, if required.

The benefits of a Data Loss Prevention tool

The ICO recommends training and rule-setting, but these manual checks aren’t fool proof. Instead, you can consider a data loss prevention tool to automate security checks and utilize AI to do the heavy lifting. This way you can protect your sensitive data, meet regulatory requirements, and train your employees in-the-moment — all with one solution.

Check out the benefits:

  • Stop sensitive data loss before it happens and eliminate the financial risk that comes with the reputational damage of a reported data breach.
  • Create bespoke rules that remind employees to take extra protective measures when sending emails to a large number of recipients.
  • Take comfort in knowing that real-time warnings are allowing employees to correct their mistakes. This not only builds a stronger security culture but also prevents data loss incidents.

Learn more about Tessian Guardian

Tessian Guardian automatically stops misdirected emails and mis-attached files and is the perfect solution to fit the ICO’s requirements and recommendations. Ready to learn more? 

Meghan Brisson