The number of data leaks and associated financial losses continue to grow significantly year over year. Companies around the world from many industries have seen their sensitive data lost, stolen or leaked to the outside world at an alarming rate—and the problem is only getting worse.
Many of the high-profile leaks and hacks have resulted in millions of dollars in damage to the compromised company, while others have resulted in catastrophic loss of reputation and brand image.
Some of the incidents can be attributed to external threats (hackers) but many if not most of them are caused by mistakes, carelessness and even theft by employees or partners. Among incidents caused by employees or trusted third parties, the vast majority could have been prevented if proactive precautions were taken by the compromised company.
But how can you ensure that employees are handling documents and data appropriately and that nothing goes astray when you’re dealing with email attachments?
Risky email attachments and what you can do about them
One aspect of securing your company’s sensitive data that might throw IT for a loop is locking down email attachments. They are one of the most difficult file sharing elements to monitor, manage and secure. Without control over email attachments, you don’t have complete control over your enterprise file security, and hence there’s a high risk of data leakage and theft. But there are several ways you can prevent accidental data leakage that might happen through emails.
- Apply policy-based enterprise rights management on email attachments
People share sensitive documents through emails using Microsoft Outlook and Lotus Notes on a daily basis. Doing so creates risk of loss of control over corporate documents and data. But there’s really no way around using email attachments at work. It’s simply a matter of course today. And even though you may trust your employees with sensitive information, some documents may get shared accidently with unintended recipients (which is one of the top reasons for data loss). If that happens and you don’t have eDRM in place already, there’s no way to block access to that document or track its whereabouts.
So the best bet for you is to use a solution that integrates with these email systems and allows IT to apply eDRM on sensitive files. That way, any information going through authorized channels will be wrapped (a.k.a DRM-encrypted) with access controls. Administrators can change access rights and revoke access completely even after the data has been downloaded by third parties. IT will also have a complete audit trail of the use of shared files, which is essential for pinpointing weak points or breaches in your security strategy.
- Use content classification of data loss prevention (DLP) to determine the sensitivity of email attachments
Content-aware DLP is a popular and effective way to identify sensitive data, classify it based on specific parameters, and then perform appropriate remediation/enforcement based on content classification set by administrators. DLP and DRM are two sides of the same coin—scanning email attachments with a content-aware DLP classification engine can help you prevent accidental data loss, as it ensures that the information that requires the highest security is always locked down automatically by your DRM system. The highly confidential and jewel crowns of the company should be straightway blocked while certain types of sensitive information should be automatically protected through DRM controls. Normal information can be passed as is. It is important for any DRM solution to integrate with popular DLP solutions from the likes of McAfee, Symantec and Websense so that the same DLP policies can be applied across your entire organization.
- Replace large size attachments with secure links
Enterprise file sync and sharing solutions, or EFSS, replace email attachments with secure links. This allows you to send much larger size attachments than most email platforms will support and gives you more control over access to your documents while freeing up email storage (both in the mailbox and email server) and network bandwidth. In the absence of such a solution, employees resort to cloud-based consumer file sharing solutions like Dropbox and Box that can potentially create a huge risk to your corporate data because there is no IT control. The control over the information is left to the individual, and that's when mistakes go unnoticed.
- Maintain audit trails to meet compliance requirements
Once all levels of protection and security parameters are applied to email attachments, enterprise IT administrators (as well as other employees/document owners) should be able to monitor all the actions performed on documents and data and make the information available as audit trails and reports. This is extremely helpful and potentially required for breach investigations or regulatory compliance.
Rather than leaving the security and protection of sensitive email attachments up to employees, you should implement the above preventive methods to ensure that you and your organization are protected from accidental leakage and theft.
Read more about proactively preventing accidental data leakage through deployment of enterprise digital rights management (eDRM), endpoint data protection, enterprise file sync & share (EFSS), mobile content management (MCM) and data loss prevention (DLP) solutions in our previous blog post on the topic: 5 Important Ways to Prevent Accidental Data Leakage and Ensure Enterprise File Security.
We’d love to hear from you! Please reach out to us at firstname.lastname@example.org if you have any questions about your existing data security strategy or if you’d like to schedule a demo with one of our solutions architects.