Organizations struggle with insider threats to their data security. Employees planning to leave their jobs are involved in 60% of insider cybersecurity incidents and data leaks, research suggests. Whether intentional or accidental, sensitive content leaked by employees represents a massive challenge. Innovative use of cloud storage may be the best solution yet.
A key concern of corporate cybersecurity is the insider threat of data leakage. Employees can be a source of data leakage for several reasons. The reasons for employee data leakage can be innocent (accidentally sharing sensitive content), malicious (purposely stealing data), and purposeful but not malicious (skirting security in an attempt to get work done). Whatever the motive behind employee data leakage, the most common means of leakage is through email. An email can lead to data leakage when it gets accidentally sent in the wrong direction, sent to a private email account to get around stifling inbox quotas, or sent to a private account just before leaving the company. The organization’s challenge is the inability to accurately and efficiently monitor or control the flow of content through email regardless of employee motive. This article examines a powerful option available to organizations of all sizes to detect and prevent data leakage through email.
“41% of workers may bypass their company’s security policies. 57% say it’s the most efficient way to get work done.” — Dell Workforce Security TAP Report, 2018
The Challenge of Email
Email is a challenging technology for corporate security. It is ubiquitously used, provides no native data security or tracking, and duplicates its content at an alarming rate. [1] A recent study found that email is, by far, the primary means of data exfiltration by “flight-risk” employees.
Given that email plays such a central role in data leakage, any effective strategy would focus on this loss vector. Typically DLP (data loss prevention) systems are deployed to scan for sensitive documents. But DLP solutions encumber IT with complex administration and training of content classification rules. Also, DLP solutions offer little recourse after an email is processed.
The Power of Cloud Storage
A powerful addition to traditional DLP solutions has surfaced for protecting email bound data. The rise of business-class cloud storage combined with tools like mxHero can automatically ensure that all email attachments are converted to cloud storage links. There are many benefits to replacing email attachments with cloud storage links, among them, is a simple yet powerful means of containing the loss of data resulting from insider threats. [2]
The implications of replacing email attachments with cloud storage links have a fundamental impact on data exfiltration. Content shared in email as a cloud storage link never leaves the organization until it is downloaded by an authorized recipient. What leaves the organization is a link to content saved on company managed storage. This link is fully controlled by the organization, even after the email is delivered. The organization can limit, revoke, and monitor access. In stark contrast, standard attachments, once delivered to their destination, are lost.
Let’s examine a scenario and see how an organization is protected from insider data leakage using Box’s cloud content platform with mxHero. Knowing he is leaving the organization in two weeks, an employee suddenly sends a significant amount of files to a private email account. Because of mxHero, those files are automatically uploaded to Box before delivery. In other words, despite being emailed, those files have never left the control of the company. For the employee to possess those files, he would then need to download each from the receiving account.
Furthermore, with a solution like mxHero with Box, the content sent is restricted by automated content classification (Box Shield). The recipient won’t be able to access the links without authenticating himself. Finally, Box offers the ability to detect unusual upload/download activity in real-time, meaning IT security will receive an alert as soon as the data’s atypical transfer occurs through the user’s email.
When updating email-based file exchange with modern file-sharing technology, like cloud storage, the benefits are profound.
Eliminating email attachments in favor of cloud storage links is game-changing. It fundamentally changes how data is exchanged over email. Email attachment technology is 50 years old and woefully unprepared for the demands of today. Myriad complex technologies have been invented in an attempt to patch its vulnerabilities. Given the worsening cybersecurity crises, it is clear that those attempts continue to fail. [3] When updating email-based file exchange with modern file-sharing technology, like cloud storage, the benefits are profound. Organizations can fully leverage their storage investment by keeping all their content in a single, secure system. Protections put into place for their data can now be extended to their email as well.
By bypasses the intrinsic shortcomings of email’s archaic file-sharing methodology, organizations can reap the dual benefits of increased security and simplified operation.
Sources
