The Importance of Email DLP for Remote Organizations
Email is a popular channel for hackers: phishing attacks and malware usually originate from email. In 2022, Verizon found that 82% of breaches involved the human element: phishing emails and ransomware delivered via email continue to plague organizations of all sizes. For an organization with 1–250 employees, roughly one in 323 emails will be malicious, according to Comparitech. Email is an integral part of working remotely, increasing the likelihood that your organization is frequently the target of email-based attacks.
Adding email DLP can help prevent criminals from exfiltrating your company’s data. Email data loss prevention tools monitor a company’s email communications to determine whether data is at risk of loss or theft.
What is email DLP?
It is often considered a subset of network DLP — and many network DLP platforms monitor email for inappropriate use of data. However, organizations that take an integrated data loss prevention (IDLP) approach and use discrete, decentralized tools, may need to implement a separate email DLP solution.
Traditional email DLP tools prevent sensitive information from being sent or shared outside the organization. Some tools also include features to defend against inbound threats, such as spear phishing, business email compromise, or CEO fraud.
How does it work?
Especially for remote organizations, email is the most common way for teams to communicate. This also means it’s the most likely way that an employee could expose sensitive data, intentionally or not. Many email DLP tools work to eliminate insider threat: any action that compromises the security of an organization’s data.
Insider threats are risks that happen by accident, neglect, or malicious intent. Email DLP can be used to anticipate and reduce the threat of human error (or malicious intent) by enforcing a set of email flow rules.
Flow rules are set by the administrator to scan and filter email message content and attachments, looking for keywords, dictionary matches, and text patterns. Traditional email DLP rules tend to be somewhat static, based on criteria such as data sensitivity that are applied in a one-size-fits-all approach.
What does this look like in practice? Imagine a CPA preparing a tax return for a client. The CPA attaches the return in a PDF, adds the client's email address in the “to” field, and CCs their assistant for billing purposes. When the CPA hits send, the email DLP tool is triggered.
The tool would scan the PDF, the email body, and the user permissions of the assistant, CPA, and client. It would compare the content to a set of pre-set rules to see if the email contains sensitive information.
If the email DLP scan finds sensitive information, it may:
- Ask the sender to modify the email before sending it by removing sensitive information that can’t be sent to external domains or applying encryption
- Ask the sender to verify recipients and attachments
- Reject or quarantine the email
- Automatically modify the message through pre-built rules within the DLP software (i.e., applying email encryption)
The CPA would have to modify or encrypt the email if the tool finds sensitive information that shouldn’t be sent through this channel.
Remote organizations need to be able to communicate seamlessly. It can be frustrating when an email DLP tool quarantines an email or prevents an employee from sending information. It’s important to set up your email DLP tool in such a way that enables employees to do their work without interruption — but still keeps your data secure.
Inventory your company’s sensitive data
Start by defining what sensitive information your remote organization will need to protect. This can include PHI and PII such as:
- Account numbers
- Intellectual property
- Trade secrets
- Social Security numbers
- Health records
- Credit card numbers
- Files containing login IDs and user passwords
There may be compliance regulations that complement your understanding of the PII, PHI, and other valuable information you need to protect. Make sure you are using the definitions provided by PCI DSS, HIPAA, or another compliance regime to determine what data needs protection.
Use email encryption
Email encryption is an authentication process that prevents messages from being read by an unauthorized individual. Encryption tools scramble the original message content, converting the text into an unreadable format. The recipient will have the private key to decode the email.
Many email DLP programs will have encryption software built in. Most encryption services rely on gateway software that enables the enforcement of policy-based encryption. You can also install encryption software on your employees’ devices. Email encryption is a must-have for every remote organization, as unauthorized users cannot view encrypted content even if they access the device, avoiding a potentially catastrophic data breach.
Look for dynamic email DLP
In the example above, we described a rules-based, traditional email DLP tool. Dynamic email DLP tools are able to evaluate the context, as well as the keyword. Through machine learning, these tools can understand when a message is anomalous or suspicious. Algorithms are constantly reclassifying data and learning about communication norms between a business and customers, suppliers, and other third parties. Look for an email DLP tool, like the one that Virtru built on top of Nightfall's Developer Platform. Solutions like this are able to set static rules in tandem with intelligent scanning to achieve the right balance of security and usefulness.
Email vs. cloud DLP: what’s the difference?
While email remains the core communication channel for professionals, more and more remote organizations are using cloud-based programs like Slack to share information. Email DLP software doesn’t protect information shared in these cloud channels.
This is where cloud DLP comes into play. Cloud DLP tools help organizations discover, classify, and protect their most sensitive data in SaaS, PaaS, and IaaS platforms. Similar to email DLP, the best cloud DLP tools use machine learning to assess the context when data is shared. For instance, Nightfall uses AI to efficiently discover, classify, and protect data in the cloud by integrating directly with popular platforms – like Slack, Jira, and Google Drive at the API level.
Nightfall scans both structured and unstructured data, with the capability to parse text from 100+ file types, including customer chat logs, JSON objects, application logs, spreadsheets, PDFs, images, screenshots, and more.
Remote work requires email and cloud programs: companies simply can’t function without easy file sharing, streamlined communication, and shared collaboration tools. Layering email and cloud DLP makes it possible to reduce the risk of insider threats and still keep communication flowing smoothly.
Learn more about Nightfall by scheduling a demo at the link below.