Considering the volume of communication via e-mail, it is no wonder that e-mails are often the source of costly data leaks within an organisation.
So says Craig Freer, head of enterprise products, Vox Telecom. The leaks can lead to brand damage, legal fees, regulatory fines, and lost revenue due to lost customers and lengthy investigations.
"Last year, an innocent blunder by insurance giant AXA in the UK left it not only red-faced but also in danger of fines to the tune of R9 million," mentions Freer.
"One of the company's branches had mistakenly sent an e-mail containing sensitive customer information to 32 of its brokers. The company quickly rectified its mistake, apologised and reassured the affected customers that the leak was curbed as much as possible, but the damage had been done - with a single click."
According to Freer, the reality is that while many secure mail solutions focus on encryption - that prevents data from being hacked by malicious, external sources - research by companies such EPIC and PerkinsCoie have found that 52% of data leaks come from internal sources as opposed to outside hackers. They also found that these internal leaks are rarely due to malicious intent - in fact, less than 1% of internal data breaches are deliberate.
He notes that sources of these unintentional leaks are due to commonplace mistakes - employees who use file-sharing apps and free cloud data storage tools such as Dropbox to transfer files that are too large to be e-mailed, or who mistakenly forward sensitive information to the wrong person. Encryption won't prevent that, nor can it point you towards the likely responsible party of the leak.
Freer says there are steps that can be taken to reduce e-mail data leaks, without disrupting the usual flow of e-mail communication as we've come to know it. "The surest form of curbing potential breaches would be to opt for a secure mailing system that doesn't just encrypt messages, but also audits them - allowing users to track the flow of information throughout the organisation as a whole," he notes.
"This will allow users to not only determine who sensitive mails were sent to, but whether they were forwarded, read or deleted by the recipient. It will also allow users to password-protect sensitive messages so that, should it accidently land in the wrong recipient's inbox, they would have no way of opening it. With an audit trail in place, users will know exactly who received and read it."
To Freer, good, auditable e-mail messaging services should also eliminate the need for alternative data storage mechanisms, such as Dropbox or FTP sites, as it is capable of transferring incredibly large volumes of data securely, via e-mail. Users should also be able to prevent recipients from taking certain actions before hitting the send button - such as forwarding the message after it's been received.
According to Freer, the right auditable e-mail service will also allow the company to introduce policy-based data leakage protection, such as automatic encryption based on keywords and phrases or algorithms. This guarantees that your data is not only protected from external threats, but also internal ones.
"Given the fact that legislation such as the Protection of Personal Information bill will soon place an even greater burden of responsibility on the shoulders of businesses to protect their customers' sensitive information, along with the potentially costly repercussions of a breach, very few companies can afford to let e-mails slip under their radar."
Freer urges organisations to their secure e-mail messaging provider and find out whether or not their e-mails are truly secure and auditable.
"If not, it's time to find an alternative," he concludes.
Share