COVID-19 acted as a catalyst for cyber attacks, with hackers taking advantage of remote workers during challenging times. With the number of cyber attacks continuing to increase, one could argue that cybersecurity has become the world’s fastest growing form of criminal activity.
One prominent cause of data loss comes from internal staff making mistakes, as 88% of data breaches are caused by human error. Companies are becoming increasingly concerned about the risk of inadvertent data loss, with sensitive information such as regulatory compliance to safeguarding Intellectual Property (IP) on the line. But how can this threat be mitigated? Implementing a crucial double check is crucial in order to improve security culture.
Insider fault
Being dependent on emails increases the risk of a cyber attack significantly across all businesses. With over 300 billion emails sent and received each day over 2020, mistakes are inevitable. Company-sensitive information and assets are trusted with the employee, and many are permitted to make financial transactions – often without requiring approval. Furthermore, with strict data protection requirements in place, such as GDPR, organisations require robust processes to reduce the threat of this data ending up in the wrong hands
Financial penalties, loss of trust and competitors gaining advantage are just some of the potentially devastating impacts of information falling into the wrong hands. But the responsibility of data protection is often overlooked by the employee. BitMEX, one of the world’s biggest cryptocurrency trading platforms, accidentally leaked thousands of private customer email addresses when a member of staff distributed a mass mailshot without using the BCC function. But how could this mistake be prevented? Employees need the opportunity for mistakes to be flagged prior to pressing send, providing them with an improved way to manage their email functions.
A layered security approach
Only a small number of businesses have a clear strategy for helping their employees understand how a simple error can put the company at significant risk; and even fewer have a strategy for protecting their staff from becoming an insider threat. But more importantly, what they may not know is that there is a solution available that can add a layer of employee security awareness that can be leveraged to empower the user when sending emails.
Businesses can support employees to avoid easy mistakes, such as misaddressed emails or including wrong attachments, by providing a simple safety check, which alerts users to confirm both the identity of the addressee(s) and, if relevant, any attachments. The solution can be configured to work on a department or user basis, for example, a business may not want HR to be able to mistakenly send sensitive personal information to anyone internally, and therefore, require a confirmation for all emails.
Using Data Loss Prevention rules, the technology can also check for keywords within the email content. Each business can set its own requirements and parameters determined by corporate security protocols. Any emails, including attachments, containing these keywords will be flagged, requiring an extra process of validity before they are sent without impeding working practices, and providing users with a chance to double check whether the data should be shared with the recipient(s).
With hybrid working meaning employees are more dispersed, this is more crucial than ever before. This type of tool reinforces security culture by building on education and training, with a valuable solution that helps users avoid the common email mistakes that are inevitable when people are distracted, tired or stressed. It provides a crucial ‘pause’ moment, allowing individuals to be confident that emails have been sent to the correct people, and with the right attachments.
Conclusion
In most working environments today, email can be considered the key tool for productivity, placing much of the responsibility for secure use of that tool on employees. But supporting staff with an extra prompt for them to double check they aren’t mistakenly sharing confidential data helps to raise awareness and provides that essential security check – before it’s too late. The idea is to foster an attitude of awareness and care in an area where mistakes are easily made, without adding delays to the day to day management of emails.
It’s all about increasing awareness and improving email culture while reinforcing compliance credentials. No organisation is immune to human error, but by having a clear strategy in place to address the issue of misaddressed emails and data loss through emails, as well as mitigating the associated risks, helps businesses to remain compliant and secure.
