Email remains the vital tool for exchanging vital and confidential business information ranging from trade secrets to customer information. In fact, Osterman Research estimates as much as 75% of a company’s intellectual property is contained within emails floating around in employee inboxes and corporate email systems. Organizations put a lot of faith in their employees by putting that much valuable data in their hands. But no matter how much trust you put in your employees–they’re human and mistakes happen.
It comes as no surprise then that 69% of organizations surveyed by the Ponemon Institute last year indicated employees violated security policies frequently and send confidential and sensitive information via non-approved, unsecured email methods. It should be even less of a surprise that email is the leading source of data loss/leakage according to that same study, and many others.
5 Mistakes Email Users Make
User actions that appear as trivial mistakes or lapses in judgement can become heinous and costly incidents when they result in data loss or unauthorized exposure. So we’d like to point 5 overlooked mistakes email users make that can result in data leakage:
1. Failing to encrypt sensitive emails ”That was supposed to be encrypted?”
Maybe they didn’t think it was sensitive information, or maybe they didn’t care. Either way, users who fail to encrypt emails transferring sensitive information open the possibility that an email may be accessed by someone other than the intended recipient, leading to potential data leakage and exploitation of information that should have been sent securely.
2. Sending email to the wrong people “A trigger -happy ’reply all’ can be dangerous”
We’ve all done it. Maybe you meant to tell your co-worker how you hate your boss, or the details of last night’s party but hit “Reply All” instead telling everyone. Oops. Now when that email contains confidential company or customer information rather than the dronings of your worklife, and it just got sent company-wide, or outside the company… ‘Oops’ doesn’t cut it.
3. Sending corporate information from personal (unsecured) email accounts ”I’ll just use Gmail…”
Work email is for work, personal is for at home… or whatever right? Using company email accounts to send company-related information is necessary because personal accounts often lack the safeguards (such as encryption, automatic backup, etc) necessary to protect company information against loss of leakage.
4. Failing to backup/save/archive emails “It didn’t seem important at the time…”
If you diligently backup your emails to the server, you’re golden. For the other lazy half of email users who just save emails locally in their folder, on the desktop, or not at all, the possibility of data loss is just a computer crash or email glitch away. With 75% of corporate IP floating around in email boxes, it’s important for users to backup, backup, backup their emails.
5. Believing you’ve won the lottery or other scams “Just enter your credit card information to claim your prize!!”
You’d like to think that luck has finally come our way when we see an email announcing we’ve won the lottery, tickets to Disneyland or luxury getaway to Bora Bora. Though there’s something fishy about them asking for your credit card information, your address and your social security number, you push on because the thought of relaxing on a sunny beach is just too much to stop you from realizing you’re getting played. For the un-discerning user, a phishing scam can mean giving up all sorts of sensitive information, and if its company information you’re giving out, some scammer might just use it for a sandy escape of their own.
Catch Mistakes Before They Happen
While human error may be inherent in our nature, it doesn’t mean data loss is unavoidable simply because we’re destined to make a few bad calls. Instead, all 5 of these user mistakes and many more can be avoided with effective employee training and a powerful data leakage prevention (DLP) solution that can catch mistakes before they happen.
With data leakage centering on users, it’s obvious that an effective DLP policy begins with employee training and management. Educate users on policies for acceptable email use; emphasize that data is essentially money and that employees are responsible for losing company money when they violate policy and clearly articulate consequences for violations. When users understand proper workplace email usage and the consequences, they will be less likely to make mistakes.
While employee training and management can help reduce the potential for costly email errors and snafus, mistakes are bound to happen no matter employees’ good (or bad?) intentions, so training alone isn’t enough to ensure policy. The potential for data to be leaked or lost through email user mistakes underscores the need for organizations to enforce email policy with a data leakage prevention solution to pre-empt user snafus and stop data leaks before they happen. For the best protection against data leaks, businesses should implement a DLP solution that can stop users in their tracks before a damaging email is ever sent.
The best protection is prevention
At Email2 we recognize that user-mistakes are prone to happen and are costly when they do. That’s why we’ve developed a powerful DLP feature for secure email that pre-empts user-error by prompting users of potential data policy violations before the “send” button is hit. If a questionable email still makes it out of the email gateway, additional tools allow total recall of sent messages and attachments even after the message has been read by a recipient.
For more information on how Email2 prevents data leaks, visit the DLP product page.