What is Outbound Email Security?

What is Outbound Email Security?

Outbound email security helps prevent highly sensitive information being sent to the wrong recipient.

Two of the most common outbound email security threats are:

  • Misaddressed (misdirected) emails: When an email is sent to the wrong recipient through inadvertent human error.
  • Unauthorized emails - When an email is intentionally being sent to an unauthorized recipient like an employee’s personal email account.

The versatility, speed and pervasiveness of email have made it the main artery of communication for the enterprise. However, these very benefits are also the reasons why email is one of the most insecure channels of communication for an organisation.

Email is versatile  

Email is used in countless different ways.  Employees use it for anything - from sending highly  sensitive data to clients, to discussing evening plans with friends. The versatility of email makes it ultra-convenient but also adds to the risk of content being shared with the wrong people.  

Email is pervasive

Unlike other messaging platforms, there’s no need for sending and receiving parties to use the same email provider, client or server. Because of its pervasiveness, email has become the go-to technology for sharing information within the enterprise.  

Email is established  

Email suffers from the phenomenon of being ‘too big to change’ – there are 
core features missing from the technology that  modern communication platforms now have as standard, including the ability to redact and recall. However, the sheer dominance of email makes it almost impossible to reform or upgrade as doing so would involve a global consensus on adopting a new protocol.

Email is accessible  

Gone are the days when people accessed their email solely from their desk. Employees manage their emails on laptops, smartphones, tablets and even watches. This ease of access increases the volume of information transactions and also the speed of email communication, thus making it considerably more prone to human error.  

Email is information rich  

An inbox often contains information spanning the entire working history of an employee. This ability to access enormous volumes of information from a single source means that employees are only a few clicks away from sending highly confidential information to the wrong people.

Over the 2017-18 financial year, 3,325 reports were filed with the Information Commissioner's Office (ICO), with the number one breach type being “data emailed to incorrect recipient,” (13%) . The ICO is the independent regulatory office set up in the UK to uphold information rights. Outbound email security is essential in organisations, operating in the legal, healthcare, and financial sectors, among others, handling confidential data.

The consequences of misdirected emails can be:

  • Non-compliance: Many emails contain highly sensitive information that regulated organisations have an obligation to protect. For law firms, this might be privileged data related to a legal matter whereas for pharmaceutical companies this could be healthcare records or patient data.
  • Regulatory fines and penalties: Data loss through misdirected emails can easily result in companies breaching their regulatory obligations. With increasingly stringent data protection regulation like GDPR, organisations will face mandatory breach reporting obligations and could face fines of up to 4% of annual global turnover, or €20m, whichever is greater.
  • Loss of trust and reputation: Data loss can significantly undermine the confidence that clients, shareholders and partners have in a company. In extreme cases, data loss events can lead to irreparable damage to a company’s reputation and a direct loss of revenue and clients.

The ICO reports show that in 2017, more than 80% of all data security incidents reported to the Information Commissioner’s Office (ICO) were caused by misdirected emails.

—  Source of information: https://ico.org.uk/action-weve-taken/data-security-incident-trends/

Existing email security solutions often rely on extensive lists of pre-defined rules and policies to control outbound email.

Tessian uses machine learning to understand normal email communication patterns in order to automatically identify outbound email security threats in real time, without the need for end user behaviour change or pre-defined rules and policies.

The Tessian platform has three core modules to help secure the outbound email channel for enterprises:

  • Tessian Constructor allows enterprises to design and implement customised email security filters to control compliance and security on outbound email.
  • Tessian Enforcer uses machine intelligence to automatically detect and prevent employees leaking highly sensitive information to personal or unauthorised email accounts.
  • Tessian Guardian uses machine intelligence to automatically detect and prevent highly sensitive emails being sent to the wrong recipients due to inadvertent human error.

About Tessian

Tessian is building the world’s first Human Layer Security platform to fulfil our mission to keep the world’s most sensitive data and systems private and secure. Using stateful machine learning to analyze historical email data, Tessian’s Parallax Engine can predict for this user, at this point in time, does this email look like a security threat?

Book a demo to learn more about the email security platform