Data loss via email is common, and on the rise. Egress findings show that 85% of organisations have experienced email data loss in the last 12 months, and 59% of IT leaders have seen an increase in data leakage via email since the pandemic started.
We also found that 56% have noticed an increase in clients asking whether they have email data loss prevention (DLP) tools in place. If you haven’t got email DLP in place (or you’re worried yours isn’t up to scratch), here are three main strategies businesses choose from.
Continuing without any form of email DLP is highly risky. It might save an organisation costs in the short term, but it leaves them wide open to future risks. Any short-term savings could be quickly wiped out in the form of regulatory fines, reputational damage, or loss of clients.
Choosing the ‘DIY’ method of data loss prevention relies on employees double, or triple-checking every email they send. However, it’s hard to never make any mistakes – especially with more emails being sent than ever. It’s also unfair for businesses to put full responsibility for preventing data loss onto the employee.
Businesses that choose to go without DLP altogether might be blissfully unaware of the danger they’re in. Without DLP, they’re relying on self-reporting from employees in order to find out whether data has been lost. This relies on 1) the employee noticing they’ve leaked data in the first place, and 2) the employee being willing to come forward and admit their mistake.
Traditional DLP tools
There are plenty of traditional email DLP solutions on the market that can do a passable job. However, they do have limitations. These tools aim to predict where mistakes might occur but are unable to account for the nuances in human behavior.
Traditional DLP tools rely on static rules. For example, User A from one organisation might need to share financial data with several contacts from Company B with “@companyB.com” email domains. Static rules can allow these emails to be sent to that specific domain and enforce encryption.
The problem is that these tools often have a productivity cost. IT leaders end up having to manually alter them on a frequent basis to keep up with changes to context (for example, a new client who needs access to sensitive data). The rules themselves are rigid and can user friction, over-prompting people and resulting in ‘click fatigue’ where genuine risks get clicked past in frustration.
In our 2021 Data Loss Prevention Report, we surveyed 500 IT leaders and found that an incredible 100% were frustrated by their traditional DLP tools. On top of that, 42% using it believed over half of their security incidents were going undetected. If you can’t trust a security tool to catch half your incidents, what’s the point?
The truth is, there’s only one option to truly secure your data from the risks of data loss via email.
Human layer security
Intelligent Email Security, otherwise known as human layer security, uses machine learning to adapt to the behavior of each individual user. This allows it to build an understanding of a person’s working habits and communication patterns.
Unlike traditional (and often frustrating) tools, human layer security empowers people to remain both productive and secure. It’s able to detect abnormal behaviours and alert users to mistakes as they’re happening. The right encryption levels are automatically applied, and admins can be alerted in real time to intentional exfiltration and risky behavior.
Intelligent DLP works quietly in the background, only prompting users when a genuine risk is detected. This leads to a far better user experience, and when people are prompted, they’re much more likely to trust the advice and pay attention.
That means intelligent DLP is able to catch the context-driven incidents traditional DLP tools so often miss, such as someone:
- Selecting the wrong recipient
- Attaching the wrong file
- Failing to use Bcc
Investing in an intelligent solution allows an organisation and its employees to share data with confidence – and then pass that peace of mind onto their clients.