It's natural for tension between the cybersecurity team and internal stakeholders to exist. As the administrator, you play a crucial role in ensuring the network's security, protecting against unauthorized access, and troubleshooting any access issues. But trying to keep people both secure and productive can be challenging. Ultimately, you want to protect critical data without making your colleagues' jobs more difficult. And the most frustrating part is that you may not have the technology to do it.
Security technology often creates friction
All too often, security technology creates unnecessary friction for users. One example is multi-factor authentication (MFA). Along with using a password, MFA requires added steps for people to validate who they are. However, if they don't have access to the device or system to receive the second factor, they won't be granted access.
Then there are data loss prevention (DLP) prompts, which can get annoying. For example, external emails are often automatically tagged as suspicious or dangerous—regardless of the source. Unfortunately, when it happens too often, your team becomes blind to these warnings and eventually starts to ignore them.
Our 2021 Data Loss Prevention Report showed that traditional email DLP tools aren't good enough. Out of every IT leader currently employing traditional email DLP, an incredible 100% were frustrated by their use. They told us these tools create friction and require a high level of administrative overhead to maintain. Thirty-seven percent even resorted to altering rules to make them more usable.
Finally, you have suspicious emails which can be quarantined by a secure email gateway (SEG) or other solution. At that point, users must jump through hoops to retrieve it. Of course, if the email is legitimate, the process can be more frustrating.
People break the rules
The biggest cyber threat isn't hackers. It's insider threats. Our 2021 Insider Data Breach Survey revealed that an overwhelming 94% of organizations had experienced insider data breaches throughout the last year. Human errors were the leading cause of serious incidents, according to 84% of IT leaders surveyed. Additionally, almost three-quarters (74%) of organizations have been breached because of people breaking security rules, and 73% have been victims of phishing attacks.
When security technology creates unnecessary friction, people feel like admins interfere with their productivity. That leads to resentment and rule-breaking, which can become dangerous for the organization. You might have people using their personal email accounts for work, taking sensitive data home, or resorting to shadow IT. That's why it's better to use technology that engages people only when risk is evident.
Use technology that engages users
Using technology that engages people "in the moment" is something we call "real-time teachable moments." These solutions remove you from the equation and empower individuals to protect themselves. For example, Egress Defend doesn't automatically quarantine emails. Instead, Defend neutralizes phishing threats within a user’s inbox at the point of risk and offers them the chance to learn why the email has been flagged as dangerous.
Another example is Egress Prevent which highlights risk as emails are composed, giving people real-time information to spot errors independently. For example, the software notifies users when they wouldn’t normally include a recipient in an email. The technology also detects other potential risks like accidentally sending the wrong email attachment. Rather than sending alerts all the time, Prevent uses machine learning to detect any anomalous recipients. At that point, it can immediately flag the risk—unlike traditional DLP prompts that get ignored because they take a one-size-fits-all approach to content inspection.
A case in point
One company looking for the highest level of security with minimal friction was BDO Jersey. BDO Jersey is part of BDO Global, the world's fifth-largest professional services network with annual revenues of $10 billion. According to Mel Pardoe, BDO Jersey's Head of Governance, "Outlook autocomplete is so helpful until you send a message to the wrong person and it's suddenly too late. We've always taken email security seriously, and so in 2019, we recognized that there was emerging technology we could implement to provide greater security."