E-mail remains the most popular business communication tool in the world – 204-million mails are sent every minute, of which about 25% are business-related. Considering the sheer volume of communication, it is no wonder that e-mails are often the source of costly data leaks within an organisation, says Craig Freer, head of Enterprise Products, Vox Telecom.
The leaks can lead to brand damage, legal fees, regulatory fines and of course, lost revenue due to lost customers and lengthy investigations. Last year, an innocent blunder by insurance giant AXA in the UK left them not only red-faced but also in danger of fines to the tune of R9-million. The reason?
One of their branches had mistakenly sent an e-mail containing sensitive customer information to 32 of their brokers. The company quickly rectified their mistake, apologised and reassured the affected customers that the leak was curbed as much as possible, but the damage had been done – with a single click.
The reality is that whilst many secure mail solutions focus on encryption – that prevents data from being hacked by malicious, external sources – research by companies such EPIC and PerkinsCoie have found that 52% of data leaks come from internal sources as opposed to outside hackers. They also found that these internal leaks are rarely due to malicious intent – in fact, less than 1% of internal data breaches are deliberate.
Sources of these unintentional leaks are due to commonplace mistakes – employees that use file-sharing apps and free cloud data storage tools such as Dropbox to transfer files that are too large to be e-mailed, or who mistakenly forward sensitive information to the wrong person. Encryption won’t prevent that, nor can it point you towards the likely responsible party of the leak.
The good news is that there are steps that can be taken to reduce e-mail data leaks, without disrupting the usual flow of e-mail communication as we’ve come to know it. The surest form of curbing potential breaches would be to opt for a secure mailing system that doesn’t just encrypt messages, but also audits them – allowing you to track the flow of information throughout the organisation as a whole.
This will allow you to not only determine who sensitive mails were sent to, but whether they were forwarded, read or deleted by the recipient. It will also allow you to password protect sensitive messages so that – should it accidently land in the wrong recipient’s inbox – they would have no way of opening it. With an audit trial in place, you will know exactly who received and read it.
Good, auditable e-mail messaging services should also eliminate the need for alternative data storage mechanisms (such as Dropbox or FTP sites) as it is capable of transferring incredible large volumes of data securely, via e-mail. You should also be able to prevent recipients from taking certain actions before hitting the send button – such as forwarding the message after it’s been received.
The right auditable e-mail service will also allow the company to introduce policy-based data leakage protection, such as automatic encryption based on keywords and phrases or algorithms. This guarantees that your data is not only protected from external threats, but also internal ones.
Given the fact that legislation such as the Protection of Personal Information bill will soon place even an even greater burden of responsibility on the shoulders of businesses to protect their customers’ sensitive information, along with the potentially costly repercussions of a breach, very few companies can afford to let e-mails slip under their radar. Speak to your secure e-mail messaging provider and find out whether or not your e-mails are truly secure and auditable. If not, it’s time to find an alternative.