Without a doubt, email is the primary form of communication for businesses and organizations of all sizes to their internal and external stakeholders. According to the Radicati Group, the total number of emails sent and received per day is expected to exceed 246 billion by the end of this year.
Email is not only the top form of communication, but it is also the most utilized attack vector for cybercriminals. While many are quick to focus on the malicious threats delivered via email, one threat that is often overlooked is the threat of accidental data leakage through email.
What is Data Leakage?
Data leakage is the unauthorized transmission of data within an organization to an extern destination or recipient. The term can be used to describe data that is transferred electronically or physically. Data leakage threats usually occur via email but can occur in a variety of other manners. While there are multiple methods and motives when concerning data leakages, most of them are accidental in nature.
This can be attributed to human error. According to research by IBM, 95% of all cybersecurity incidents globally involve some form of human error. The most common form of this is as simple as a misaddressed email.
Misaddressed Emails are a Real Problem
The United Kingdom’s Information Commissioner’s Office confirmed that misaddressed emails are the largest source of data loss for organizations. While this error may seem hard to make, it is quite an easy mistake with the advent of address autocompletion features in email clients such as Outlook and Gsuite.
For example, you are currently working for a bank and have been involved in the project with key individual members of the Marketing, Business Intelligence, and Development teams. You are working to develop a new mobile banking application. You’ve just finished with an Excel spreadsheet that contains over 300,000 individual lines of sensitive information that includes your customer’s name, address, email address, online banking username, and password to name just a few. You go to send this data to team members, but when you type in ‘Mike’, you accidentally click the Mike from an outside vendor that your team utilizes.
Many of us have sent an email to the wrong person both at least once in our lives and that sinking feeling can be both uncomfortable and embarrassing. However, while the pain of disappointment may way on us, our companies and organizations will feel the pain of severe financial impact. Especially if they must adhere to strong compliance and regulatory requirements such as those within the healthcare and financial sectors.
Compliance and Regulation Issues
Two of the biggest industries in the developed world are healthcare and finance. These two sectors, while taking in large sums of revenue each year, must also comply with some of the strictest regulations known to businesses. While the laws have been boiled down to simple acronyms like HIPAA, FINRA, SOX, and GDPR, these laws all call for information protection and/or compliance.
If a business were to violate any of these regulations they would have to pay very steep fines that could possibly cause an entire company to eventually close up shop if they were too expensive.
The hardest part is you don’t have to look very far for examples on the web when seeking what a typical regulatory violation will cost you. In 2018, Anthem Inc. paid a HIPAA settlement fine of $16 million and settled a class-action lawsuit for $115 million for exposing the private electronic health information of nearly 80 million people. Additionally, GDPR violations for an accidental data leakage could run you as much as €20 million (About $22.47 million USD) depending on the severity of violation.
Ultimately, it boils down to the fact that misaddressed external emails are not just a simple error that one will feel ashamed of. They have far-reaching consequences that impact all organizational stakeholders.
How can businesses and organizations work to ensure that misaddressed emails are a thing of the past within their organization and prevent accidental data leakage to external recipients?
The answer is VIPRE’s newest email security solution.
Introducing VIPRE SafeSend
VIPRE SafeSend is a simple Microsoft Outlook add-on that is used to prevent misaddressed email or inadvertent autocomplete email mistakes by requiring the sender to confirm external recipients and file attachments before their email can be fully sent.
This tool will proactively assist in preventing data leakage due to autocomplete by asking to confirm external recipients but also has numerous other essential features. VIPRE SafeSend can scan for sensitive data within emails. Admins can build their own DLP rules to define which data is sensitive and scan outbound email content and attachments to ensure your rules are upheld.
VIPRE SafeSend will assist organizations in improving their compliance with federal regulations such as GDPR, HIPAA, SOX, FINRA, and many more. It achieves this by protecting data from being sent to the wrong recipient by allowing admins to define a list of keywords and approved domains through an additional DLP module. The add-on is GDPR compliant. The preventative function of SafeSend aligns with GDPR article 32.
It is easy to manage and scale for enterprise organizations of all sizes. It is easily deployable to tens of thousands of users via SCCM or any other deployment tool. There is virtually no limitation in terms of user count. Once implemented organization-wide, you can manage SafeSend via Windows Group Policy and can specify configurations on a per-group basis.
VIPRE SafeSend is surely a powerful add-on to any organization’s email security strategy. It will assist in the elimination of the threat of misaddressed emails, help steer companies towards greater compliance, and will help to protect the data of your company and its key stakeholders.
See just how powerful VIPRE SafeSend is for yourself and take a free demo.
Guest blog courtesy of VIPRE Security. Read more VIPRE Security blogs here.
