Email Security and Risk
Supposedly, more than 90 percent of cyberattacks start with email. Using my somewhat faulty logic, if you could protect privacy and sensitive information, prevent compliance violations from being created and shared within emails and attachments, guard the information in real time, and train your users to question what they are opening, then cyberattacks should be reduced and you have an extra layer of protection for your data.
Our organization is trying to move away from the flurry of internal emails sent and received each day. Since we are dispersed across the globe, we have used the traditional form of communication – email. Email has morphed into an activity management tool instead of remaining a communications tool. According to surveys, despite the rise of collaboration software, it is like pulling teeth to get end users to use email judiciously and just for communication.
Why is email such a risk? Well, I create most of the presentations in our organization. Yes, I know, presentations don’t usually contain privacy, sensitive, or compliance information, this is just an example. We have been known to have more than four working renditions of the same presentation for a webinar – we do know what we are doing, honestly. The revised slides are sent and resent to all involved. They are always sent to the two speakers, me, our manager, and sometimes a technology expert. Potentially, we have five people receiving at least four presentation file attachments. What do they do with them? I honestly don’t know. Hopefully they are deleting them.
Now let’s translate that into information that is more meaningful, such as client lists, client privacy data, salary or payroll information, financial reports, new product specs, or content associated with litigation or eDiscovery. An organization may have 20 copies of original and revised information floating around. As end users, we not only send and receive all these emails, we save them – just in case we may need them later, which is hardly ever. Now we’re getting into to serious exposures and information that cybercriminals may find useful.
Email management is done by most organizations on a frequent basis to manage passwords, archive information, delete stale information, and complete primarily administrative tasks. It is rarely viewed as a source of risk and noncompliance. Hopefully, you are taking appropriate steps to prevent a cybersecurity attack. If you are concerned about General Data Protection Regulation (GDPR), you will need quick and easy access to any emails regarding an individual. In fact, you may need to do this regardless of GDPR.
Our solution provides visibility into emails and attachments. It’s pretty easy to do. Once your emails are automatically tagged with semantic multi-term metadata and classified against a taxonomy of your own design, you can quickly and easily identify anomalies, compliance violations, and exposures of privacy and sensitive information. And by the way, you can clean up stale emails, multiple copies of the same information, and also redundant, outdated, or trivial (ROT) content.
It’s really a security, compliance, information governance, archiving identification, and data cleansing solution. Think I’m going overboard? I realize we marketers have a habit of doing that. I’m not. Please contact us and see for yourself.
Join us for our Discovery, Risk, and Insight in a Metadata-Driven World webinar, on Wednesday, June 13. Discovery, risk, and insight mean something different to every organization, even at different locations within the same company. This webinar shows the automatic generation and use of semantic metadata, to gain a detailed view of risk mitigation for data security, compliance, and operational intelligence.