All of us know how critical email is in business today. We realise how dangerous this mission critical communications channel can be to the company and how many risks to our information systems email can present. We do everything we can to secure ourselves against the threat of incoming email; we scan for malware, we scan for spam. We use filters at our borders, and we parse lists of sender addresses to reduce the chance that an email carrying a threat will get into our systems.
But what about outbound mail? Do we do anything at all about outgoing mail? Do we look at it as a potential threat, or do we trust it implicitly, since, after all, it was generated internally by one of our users? Scanning outbound email for malware is just good security sense. The embarrassment and ill well a company could incur sending an infected email to a customer is one aspect. Another is leakage of sensitive information. Data Loss Prevention looks at the ways to protect information from loss of confidentiality, integrity, and availability, with an emphasis on ensuring that mission critical information does not leak to the outside world. Email, being the largest source of outbound information most companies experience is a key area to focus on in your Data Loss Prevention efforts.
Take for example a recent case of data loss prevention that may cost the company millions of dollars in lost revenue. A recent case of data loss is covered in this article published on the SC Magazine website. An employee of Swiss bank UBS emailed out details of an upcoming flotation of General Motors. This email, containing extremely confidential information, was sent out to over one hundred people. While there is no clear indication that malicious or criminal intent was present, General Motors had to report the information disclosure to the United States Securities and Exchange Commission, and GM then decided to drop UBS as an underwriter of the upcoming deal. This business loss is expected to cost UBS some $10 million dollars.
How could an email data loss prevention solution prevent this? By scanning all outgoing email, and searching for key words, such an email could have been intercepted and held at the network border. Whether a held message is either reviewed by the information security department or the sender is simply prompted to review the message first to ensure it is safe to send to the intended recipients, this extra step would have prevented a $10 million mistake.
Scanning outgoing email for content can do more than simply search for keywords. Bayesian filters are supported by many of these products. Administrators can define filters to search for strings of numbers, enabling security departments to scan for numeric sequences that could be credit card numbers, social security numbers, or customer account numbers. Combining these searches with key words such as customer names, account names, the word “password,” and other content that could indicate sensitive information is contained in the email and should be examined before release. This can also assist with compliance. There are a number of regulations/laws regarding the transmission of customer NPI, health information, or financial information in an unencrypted form. Scanning outbound mail is an easy way to ensure that no one is sending out emails containing that sort of information without encrypting it.
Content scanning outbound email, in combination with antimalware scanning, and setting limits on number of recipients, size of file attachments, and any other limits appropriate to your business can help to make sure that your company’s outgoing email never causes a security incident, a public relations issue, or a loss of a customer.