Significant changes in regulatory requirements mean that email use has never been more in the spotlight, and organisations now need to consider more than ever how users share sensitive email both internally and externally. Whether using Microsoft Outlook, Webmail, Gmail or the latest mobile devices, users are under increasing pressure to not make mistakes and to make the right decisions regarding appropriate security.
The email security knowledge gap
Research shows that many organisations suffer from significant gaps in their users’ understanding of when an email is safe to send. In a recent survey conducted on behalf of Egress, 44% of IT leaders said that lack of awareness was a leading cause of data breaches, while 36% indicated that breaches were caused by a lack of training. Over a third of employees said they were simply unaware that certain information should not have been shared. The problem really starts with the widespread challenges that the average user must contend with:
- Have they been sent malware?
- Have they received a phishing email?
- Are they replying to an email with sensitive content?
- Have they received an email targeting the release of sensitive content?
- Have they accidentally emailed sensitive data to the wrong recipients?
- Have they sent an email to multiple recipients using To/CC instead of BCC?
The list of challenges is endless.
So how does your average user who has little to no knowledge of security know an email is safe to send?
There are many factors at play here which are probably above and beyond the average user. For example, would a user know if the domain they are sending to can receive TLS encrypted email, or in fact the recommended level of TLS v1.2+? Would the user easily spot that they are replying to a phishing email from a hijacked mailbox? Because of all of these challenges and many more, users are now asking lots of questions about who they are sending to and swamping IT departments with questions like “Is this email safe to send out?” The fact is, users often don’t understand or care about security, and expect their IT teams to provide systems that automatically deal with all the threats posed by modern email communication.
Empower people to share sensitive data with confidence
So how can organisations provide systems that reassure users about sending sensitive content via email while reducing support overheads? Training and user education are certainly important parts of any protection plan, but they need to be complemented by technology.
At Egress we believe that cloud computing has provided many new avenues for providing real-time analysis and feedback straight to the end user, whether on a desktop, web or mobile device. Finally, the user can receive an instant answer to the question ‘Is it safe and secure to send this email?’
Egress uses data analytics and machine learning to build a risk score for the email being sent based on domain attributes, content and classification. By understanding the recipient's authenticity, it is possible to calculate a confidence level as to whether the message can be securely delivered via TLS, whether the domain is authentic, and whether there is a strong history of secure communication. In addition, Egress can provide the user with guidance to avoid accidentally sending sensitive data to the wrong recipients.
We believe that users can be given relevant and useful guidance and gain confidence in IT systems. This in turn will allow them to perform their daily tasks assured that risks are contained.