Email is the Biggest Risk in Your Organization and What to Do About It

In keeping with my Lord of the Rings theme (as seen in post one and post two), I’d like to focus on The Ring. The Ring wields incredible power for whomever wears it: 

  • For one, it can make people invisible (much like email can give you a cloak of invisibility when wanting to say something snarky to someone).
  • It can bind other lesser ring-wearers to you (kinda like those emails from THAT GUY in your organization trying to get you to do his or her work).
  • Most importantly, it can wreak amazingly destructive powers; it is after all the whole crux behind the deaths, wars and destruction in the Lord of the Rings.

Email is the biggest risk to your organization

Email, like the Ring, can wreak amazingly destructive powers upon your organization’s reputation, compliance regulations and legal obligations. Email is the biggest risk in your organization! Why?

  • 71% of IT managers consider email mission-critical, and another 28% consider it very important to doing business (Dimensional Research).
  • 81% of these same folks say that corporate email is THE MOST IMPORTANT tool for communication (same survey)
  • People send the craziest stuff in email!

Let me reiterate that last point: People send the craziest stuff in email! Oh, like…

Opportunity makes a thief

Some say opportunity makes a thief. The ATF official had access to the data and for nefarious reason sent that data to his personal email address, most likely from his work address. And in the case of Woolworth, some of the recipients of the master gift card spreadsheet stole other people’s gift numbers and used them. For UPMC, the misdirected email released the personal information of 722 members, and as of July 15, “it wasn’t immediately clear who received the email or how the recipient handled that data” (Post-Gazette.com).

These are just the examples that made it into the news. Think about what you or your colleagues email on a daily basis and imagine if some of that made it into the wrong hands. No one wants to see the Ring in Saruman’s hands, so you don’t want your latest patent ideas in the inboxes of your competitors. Most of your email data leaks remain hidden and unknown underground, much like Gollum with the Ring all those years.

Opportunity makes a good teacher: DLP and email forensic tools

But I also say opportunity makes a good teacher. In this case it’s to highlight a really cool feature to prevent and alert on risky email behavior that many organizations already have at their disposal but use very little. Within Microsoft Exchange 2013 and Exchange Online is a native feature called data loss prevention (DLP).

DLP enables you to protect your company’s sensitive data from being sent via email and keeps you compliant with various regulations on the treatment of data like social security numbers, credit card information and more. Here’s how DLP works: 

  • Uses rules and content analysis (keyword and dictionary matches, regular expression evaluation) to scan outgoing emails.
  • If a violation is found, one of the following things can happen:
    • Warns users that content may violate a DLP Policy (Policy Tip)
    • Blocks user from sending the email and tells them why it’s violating a DLP Policy
    • It tracks all DLP violations, whether blocked or advised against sending, in the messaging tracking log.

So DLP policies within Exchange 2013 would be the first line of defense that Woolworth could have set up to block the unfortunate gift card spreadsheet email.

UC Command Suite: bringing DLP and email forensics to light

Tracking DLP violations or flags can be tricky if you aren’t used to searching through endless tracking logs. Gollum has spent too long with his precious underground. It’s time to shed light on the DLP policy violations and other unusual email behavior going on in your organization.

The second line of defense would be to have a DLP insight solution in place to send you alerts when certain DLP violations are happening. Natively, on-premises Exchange 2013 DLP does not provide this reporting. Dell Unified Communications Command Suite is the only solution on the market today to report on Exchange 2013 DLP (see screenshot), covering:

  • How many Exchange DLP matches are generated by your users?
  • What are the associated DLP policies and rules?
  • Who are the top senders associated with the DLP matches?

With UC Command Suite, you can deliver additional security insights right to your inbox (even without DLP policies in place). For example, someone can create a daily subscription to monitor emails sent externally with abnormally large attachments to an abnormally high number of recipients (e.g. +20). Now wouldn’t that be interesting?

Learn more about risky email behavior and DLP from Michael Osterman of Osterman research in this recorded webcast, "Email is the Biggest Risk in Your Organization... and What to Do About It."

About the Author
Jennifer LuPiba
Office 365, Azure, Active Directory, Exchange, SharePoint, and Skype for Business are my life. First in product marketing and then in strategic planning, I've focused on the Microsoft stack and cloud...