Well pharmacy is the largest independent pharmacy chain in the UK, with over 740 pharmacies. The organization handles significant volumes of patient and corporate data, such as personally identifiable information, protected class data, and business and financial information, which employees need to quickly and securely share via email. In addition to internal communications and contacting patients and carers, Well’s employees also work with a complex supplier ecosystem.
The challenge: Human error putting patient data at risk
“It only takes one small mistake to cause a security incident,” explains Phill Brown, Senior Cybersecurity Engineer at Well. “We’ve always been conscious that the human element is the biggest risk in cybersecurity. Something that seems simple, like sending an email, can very easily lead to a data breach that puts patient or corporate data at risk – and, should the worst happen, it’s usually impossible to recall an email once it leaves the business. Consequently, you end up being very reactive, which isn’t good enough when you’re handling such sensitive data.”
As part of a regular cybersecurity strategy review in 2020, the team at Well highlighted the risk posed by employees accidentally sending an email to an incorrect address or with the wrong file attached, or by forgetting to use the ‘Bcc’ field for a large recipient list. With their office-based employees relying on email as their primary communication channel and routinely needing to share sensitive data to deliver best-in-class health services to patients, the team kickstarted a project to implement a data loss prevention (DLP) solution that could help detect and mitigate human error.
“We knew we needed to address this risk as part of providing the highest level of care for our patients,” continues Phill. “We wanted a solution that would offer advanced data loss prevention without introducing friction for our employees.”
Working closely with the UK’s National Health Service (NHS), Well uses Egress Protect to encrypt sensitive email communications with NHS teams and consequently approached Egress to further enhance their outbound email security.
"Since deploying Prevent, I cannot think of a single instance where a colleague has asked about recalling an email they've sent accidentally. The opposite is true: we've had direct feedback from colleagues that Prevent stopped them from making a mistake."
Phill Brown, Senior Cybersecurity Engineer, Well
The solution: Intelligent email data loss prevention in Microsoft 365
In partnership with the team at Egress, Well evaluated Egress Prevent, an intelligent email DLP solution that uses machine learning models to detect human error and stop security incidents before they happen.
“We were impressed by Prevent’s capability when it was demonstrated to us by our account manager and we were keen to try it out in our live environment,” recalls Phill. “We decided to run a pilot of the solution to our most critical users, those who regularly handle the most sensitive data in the highest volumes.”
Prevent’s detection capabilities are based on the principle of ensuring the right content is sent to the right recipient(s). Using machine learning, the solution understands how each employee uses email, including factors such as the domains and individual recipients they communicate with and how regularly, and the types of content they share. As an email is composed, Prevent dynamically compares this understanding with the employee’s behavior, highlighting in real time when they deviate from the expected patterns and create risk. This machine learning can also be supervised using keyword policies set by the organization and industry best practice for robust DLP.
Concise prompts explain when risk has been detected, providing users with opportunities to correct their mistakes and increase their awareness.
“The initial pilot went incredibly smoothly,” says Phill. “We were easily able to demonstrate the value of the solution and our colleagues liked that they are only alerted when Prevent has detected a risk.”
Following the success of the initial trial, Well decided to deploy Prevent to all office-based employees.
"The solution was incredibly quick and simple to deploy, making life easy for us on the Security team, and we began to see value immediately."
Phill Brown, Senior Cybersecurity Engineer, Well
The results: Increased efficiency and improved employee awareness
Following the full roll out, the Security team has benefitted from moving their outbound email security strategy from reactive to proactive, eliminating the need to investigate potential incidents caused by human error on email.
“Since deploying Prevent, I cannot think of a single instance where a colleague has asked about recalling an email they've sent accidentally" continues Phill. "In fact, the opposite is true: we've had direct feedback from colleagues that Prevent actually stopped them from making a mistake. This is exactly the result we wanted when we first began the project and gives us greater confidence that data is only sent to intended recipients.”
As a result, Prevent has saved the Security team time from triaging potential incidents, which can be reallocated to other tasks. It also enables employees to work more efficiently, not only with avoiding potential incidents but also by ensuring emails are sent to the correct recipient even when they do not contain sensitive data. Additionally, the prompts have resulted in a positive impact on security awareness, with employees understanding the real-world value of the solution and being provided with contextual warnings that are relevant to the situations they are in.
Prevent also offered Well immediate value with no unnecessary disruption to the Security team or users. “The solution was incredibly quick and simple to deploy, making life easy for us on the Security team, and we began to see value immediately,” concludes Phill. “The fact that Prevent only alerts colleagues when there is a risk limits disruption and improves engagement upon seeing a prompt. We’ve also had great support from the Egress team, who were very active during the pilot and the deployment to ensure everything ran smoothly, and who continue working with us to ensure ongoing success. We look forward to continuing our partnership in the future.”