​INSIGHT: Top 4 ways to prevent email insider threats

​INSIGHT: Top 4 ways to prevent email insider threats

"Email presents companies with serious ‘insider threats’."

Criminals have become more advanced, expanding their activities from credit card data theft for immediate gain to going after personal data that they can monetise for weeks, months and even years.

Yet oftentimes, the greatest risk within an organisation is its employees.

Email remains the central mechanism for business communications, transferring significant amounts of sensitive data daily, including market sensitive information, personal information and intellectual property (IP), yet most businesses aren’t taking adequate measures to protect their emails.

The average employee sends and receives about 110 emails each day, or 29,000 emails per year - one in every 20 of those emails might contain sensitive data.

That means that a company with 100 employees creates or handles 145,000 emails with sensitive data each year.

That sensitive data can become a major problem for organisations if the emails containing them are hacked, intercepted, or accidentally sent to the wrong recipients.

“Everyone uses email,” says Adrian Blount, Director Cyber Security Solutions A/NZ, BAE Systems Applied Intelligence.

‘Not just to communicate, but often as a place to keep important information. Email presents companies with serious ‘insider threats’.

“It only takes one honest mistake by an employee or one dodgy link in an email to lose that precious information.

“The preventable situations are the frequent, innocent leaks that happen via email as a dedicated, if ignorant, employee just goes about his business.

“It’s the mistakenly attached spreadsheet with personal customer data. It’s the confidential email sent in error to everyone in the database. Those employees didn’t mean to do it. And they’d love to have the click of that mouse back.”

As a result, Blount recommends four key strategies to help prevent sensitive information from being leaked via email:

1. Measure violations and set targets

It’s impossible to manage something without first being able to measure it. Tracking and reporting on questionable email usage over time and monitoring activity across individual workstations is an important start.

This can be done with email Insider Threat Prevention (ITP) technology, which can spot specific violations of internal policies.

2. Filter sensitive information out of email

Companies are often concerned with incoming traffic and protecting themselves against viruses, worms, and botnets. While those are important, critical information flowing out of the organisation represents the greatest risk.

Companies need a solution that can help block, quarantine, redact, or automatically encrypt sensitive messages, including content-aware policies that, for example, recognise credit card details within an email and don’t allow the email to leave the organisation.

3. When in doubt, encrypt and notify

Often it’s simpler and faster to encrypt an outbound message and notify the sender of the encryption than it would be to involve the message in timely quarantine activity.

4. Communicate your email policy

If staff do not understand internal email policies, then they cannot be expected to follow them correctly. A good starting point is partnering with a member of HR to write a simple memo explaining the policy.

Creating a policy can be a delicate process, as a good policy needs to be brief and concise, without being too vague.

“One of the biggest risks to businesses is the threat of employees who accidentally or intentionally leak data,” Blount adds.

“Despite internal protocols and education, email is still a major source of information breaches.

“Through a combination of measurement, content-aware policies, encryption techniques and email usage guidance for staff, companies can be more secure against insider threats.”

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags emailBAE Systems Applied Intelligencesecurity



Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Examining the changing job scene in the Kiwi channel

Examining the changing job scene in the Kiwi channel

Typically, the New Year brings new opportunities for personnel within the Kiwi channel. 2017 started no differently, with a host of appointments, departures and reshuffles across vendor, distributor and reseller businesses. As a result, the job scene across New Zealand has changed - here’s a run down of who is working where in the year ahead…

Examining the changing job scene in the Kiwi channel
​What are the top 10 tech trends for New Zealand in 2017?

​What are the top 10 tech trends for New Zealand in 2017?

Digital Transformation (DX) has been a critical topic for business over the last few years and IDC is now predicting a step change as DX reaches macroeconomic levels. By 2020 a DX economy will emerge and it will become the core of what New Zealand industries focus on. From the board level through to the C-Suite, Kiwi organisations must be prepared to think and act digital when the DX economy emerges in 2017.

​What are the top 10 tech trends for New Zealand in 2017?
Show Comments