Monthly Archives: August 2012

You Have Encryption, but Data is Still Walking out the Backdoor

Your encryption solution could be the best-of-breed technology, have the most advanced features for tracking messages—it might even have won a shiny award from analysts at some firm, but you may still be at risk for data leakage. Why? Because your employees aren’t using it. In fact, 69% of organizations surveyed by the Ponemon Institute last year indicated they believe employees frequently violated policies for email encryption, while 61% indicated that employees use insecure email channels, such as personal Web-based email to send confidential data. So why are employees failing to encrypt sensitive company emails? Are they dumb? Lazy? Resentful they missed a bonus this year?

While it’s easy enough to blame the user, the truth is that email encryption software has become a commodity that’s fairly easy to obtain, but often difficult to use and manage. Over half of email encryption users are frustrated with their encryption solutions being inflexible difficult to use, according to a recent email study. With the average business email user sending and receiving 115 emails per day, it’s no wonder they avoid the 8-10 steps necessary to send or receive a message using antiquated, commoditized encryption technology. But with a high volume of emails being exchanged, potentially unsecured, users are exposing the organization to the very real risk of data leakage.

So what do you do? Do you bite the bullet, keep your 10-step process and hope the losses from productivity outweigh the alternative of a data breach? Evidence would suggest that users would continue to fumble with and avoid such a system—leaving your organization still at risk to a data breach at the email gateway.

True Security Has Usability

It doesn’t matter how secure the technology is if it’s too difficult to use, employees will avoid and circumvent it. Security needs everyone to adopt it, and every change of behavior, additional step or extra click is a hassle that makes a solution more difficult to use and adopt. To encourage adoption solutions must be flexible and simple enough to compliment the email, mobile and tablet solutions users are already comfortable with.

For more information on how encryption can work seamlessly with your existing email and encourage user adoption, visit the Email2 Product Page.

Data Leakage: 5 Mistakes Email Users Make and How to Prevent Them

Email remains the vital tool for exchanging vital and confidential business information ranging from trade secrets to customer information. In fact, Osterman Research estimates as much as 75% of a company’s intellectual property is contained within emails floating around in employee inboxes and corporate email systems. Organizations put a lot of faith in their employees by putting that much valuable data in their hands. But no matter how much trust you put in your employees–they’re human and mistakes happen.

It comes as no surprise then that 69% of organizations surveyed by the Ponemon Institute last year indicated employees violated security policies frequently and send confidential and sensitive information via non-approved, unsecured email methods. It should be even less of a surprise that email is the leading source of data loss/leakage according to that same study, and many others.

5 Mistakes Email Users Make

User actions that appear as trivial mistakes or lapses in judgement can become heinous and costly incidents when they result in data loss or unauthorized exposure. So we’d like to point 5 overlooked mistakes email users make that can result in data leakage:

1. Failing to encrypt sensitive emails    ”That was supposed to be encrypted?”

Maybe they didn’t think it was sensitive information, or maybe they didn’t care. Either way, users who fail to encrypt emails transferring sensitive information open the possibility that an email may be accessed by someone other than the intended recipient, leading to potential data leakage and exploitation of information that should have been sent securely.

2. Sending email to the wrong people   “A trigger -happy ’reply all’ can be dangerous” 

We’ve all done it. Maybe you meant to tell your co-worker how you hate your boss, or the details of last night’s party but hit “Reply All” instead telling everyone. Oops. Now when that email contains confidential company or customer information rather than the dronings of your worklife, and it just got sent company-wide, or outside the company… ‘Oops’ doesn’t cut it.

3. Sending corporate information from personal (unsecured) email accounts  ”I’ll just use Gmail…”

Work email is for work, personal is for at home… or whatever right? Using company email accounts to send company-related  information is necessary because personal accounts often lack the safeguards (such as encryption, automatic backup, etc) necessary to protect company information against loss of leakage.

4. Failing to backup/save/archive emails    “It didn’t seem important at the time…”

If you diligently  backup your emails to the server, you’re golden. For the other lazy half of email users who just save emails locally in their folder, on the desktop, or not at all, the possibility of data loss is just a computer crash or email glitch away.  With 75% of corporate IP floating around in email boxes, it’s important for users to backup, backup, backup their emails.

5. Believing you’ve won the lottery or other scams  “Just enter your credit card information to claim your prize!!”

You’d like to think that luck has finally come our way when we see an email announcing we’ve won the lottery, tickets to Disneyland or luxury getaway to Bora Bora. Though there’s something fishy about them asking for your credit card information, your address and your social security number, you push on because the thought of relaxing on a sunny beach is just too much to stop you from realizing you’re getting played. For the un-discerning user, a phishing scam can mean giving up all sorts of sensitive information, and if its company information you’re giving out, some scammer might just use it for a sandy escape of their own.

Catch Mistakes Before They Happen

While human error may be inherent in our nature, it doesn’t mean data loss is unavoidable simply because we’re destined to make a few bad calls. Instead, all 5 of these user mistakes and many more can be avoided with effective employee training and a powerful data leakage prevention (DLP) solution that can catch mistakes before they happen.

With data leakage centering on users, it’s obvious that an effective DLP policy begins with employee training and management. Educate users on policies for acceptable email use; emphasize that data is essentially money and that employees are responsible for losing company money when they violate policy and clearly articulate consequences for violations. When users understand proper workplace email usage and the consequences, they will be less likely to make mistakes.

While employee training and management can help reduce the potential for costly email errors and snafus, mistakes are bound to happen no matter employees’ good (or bad?) intentions, so training alone isn’t enough to ensure policy. The potential for data to be leaked or lost through email user mistakes underscores the need for organizations to enforce email policy with a data leakage prevention solution to pre-empt user snafus and stop data leaks before they happen. For the best protection against data leaks, businesses should implement a DLP solution that can stop users in their tracks before a damaging email is ever sent.

The best protection is prevention

At Email2 we recognize that user-mistakes are prone to happen and are costly when they do. That’s why we’ve developed a powerful DLP feature for secure email that pre-empts user-error by prompting users of potential data policy violations before the “send” button is hit. If a questionable email still makes it out of the email gateway, additional tools allow total recall of sent messages and attachments even after the message has been read by a recipient.

For more information on how Email2 prevents data leaks, visit the DLP product page.