E-mail is risky for business
21 July 2014 | 0
E-mail poses the highest risk for accidental data exposure, breaches of privacy and non-compliance with data protection regulations. This assertion made by Chris McCormack, senior product marketing manager, Sophos, who argues that recent snooping revelations have highlighted the need for greater controls in this area.
E-mail is an open book, argues McCormack, using the old postcard analogy, and citing a court filing where Google acknowledged that Gmail users have no “reasonable expectation” of privacy or confidentiality.
He goes on to argue that snooping is only one of the many issues with email, with the inadvertent actions of users also impacting. “How many times have you accidentally ‘replied-all’ to an email intended for one recipient?” asks McCormack, or accidentally sent an email to the wrong individual thanks to auto-complete in your email client?”
McCormack offers a three step strategy to take control with e-mail and put in place measures to make it more fit for business purpose.
The first step is to define a policy and educate users. By providing employees and stakeholders with a documented policy the key elements of the data loss prevention strategy are explained, combatting ignorance and ambiguity.
Secondly, e-mail data protection technology is a must. Users and policy must be supported by effective, transparent technology, McCormack argues. Solutions are required to protect against accidental loss and to secure sensitive data that must leave the organisation.
Finally, while it is essential to start with the basics, the strategy can be expanded over time. Data protection can easily become overwhelming, warns McCormack, which is why it is important to prioritise data protection needs.
He advises organisations to start with the most likely source of leaks, which is e-mail, and to continue on with broadening the implementations.