How ‘triple safe’ outbound email security can prevent human error data leaks
By Rick Goud – CEO & Co- Founder at ZIVVER,
Research shows that employees spend an average of two and a half hours per day working on emails. Its ease of use and flexibility contribute to its popularity. Email is, however, risky as well. The ICO’s Data security incident trends for Q4 2018 reported 79% of all data leaks were non-cyber related/due to human error by employees and in 41% of all known causes, the data leak was caused by sending information to the wrong person. The same report showed 11% of data security incidents were due to unauthorised access, mostly because of a lack of two-factor authentication.
To tackle these problems, in today’s digitisation era, ‘triple safe’ technology is now available to protect sensitive information throughout the whole communications process of outbound emails and file transfers, i.e. before, during and after sending. This advanced level of security helps organisations to more easily and affordably stop data leaks happening through human error and unauthorised access, while also improving compliance (including email safety aspects of GDPR) and saving costs from ineffective communication via fax, snail mail and courier.
With email ingrained in the business operations of so many companies around the globe, it was essential for our technology integrations to allow workers to use their normal email environment, such as Outlook and Gmail. In addition, the risks attached to each stage of an outgoing email or file transfer’s journey had to be examined in detail, in order to develop the best possible solution:
1. Before sending
RISK: Human error, e.g. a worker emailing information to the wrong person.
SOLUTION: Eliminate human errors by alerting users before they send an email about possible errors. E.g. that an email contains sensitive information (e.g. ‘Your attachment X contains social security numbers, are you sure you want to share this?’); is addressed to an unusual recipient (e.g. ‘You’ve never shared medical information with John Doe before, are you sure this is the correct recipient?’) or is sent to a large number of recipients whose contact details will be exposed (e.g. ‘You are sending this email to 50 recipients; maybe you want to use BCC for this?’). This feedback to users both raises their awareness and also reduces the likelihood of misaddressed emails, unintended sharing of sensitive information and sending sensitive information insecurely.
2. During sending
RISK: Unauthorised access to sensitive data.
SOLUTION: Apply strong encryption and strong authentication, e.g. via a SMS text message or TOTP-code, across all email content. (ZIVVER’s key management policy ensures we never hold the data owner’s keys, nor can we give access to third-parties; this yields better data access restraints than Google and Microsoft, for example.)
3. After sending
RISK: Identify and limit the impact of a potential data leak, e.g. damage to an organisation’s brand and reputation, finances (including a possible GDPR fine) and customer churn.
SOLUTION: Provide real-time logging allowing organisations to identify real-time risks and potential data leaks. Also, limit the impact of data leaks by allowing senders to retract messages and then also show if the message and attachments were accessed, and by whom (audit logs). Via this logging capability, users and organisations are able to assess the impact of a (potential) data leak, which is what GDPR and similar legislation requires.
Combining human error checks, email encryption and the ability to retract messages in one user-friendly and easy to install outbound email security solution enables organisations of any size, or sector, to benefit from more efficient and secure communications, as well as significant cost savings.
By taking this approach to protecting sensitive data – such as price agreements, market performance and contracts – the risks of accidental data loss are vastly reduced, which helps to keep a business in business, the path to growth and opportunity unhindered.