In keeping with my Lord of the Rings theme (as seen in post one and post two), I’d like to focus on The Ring. The Ring wields incredible power for whomever wears it:
Email is the biggest risk to your organization
Email, like the Ring, can wreak amazingly destructive powers upon your organization’s reputation, compliance regulations and legal obligations. Email is the biggest risk in your organization! Why?
Let me reiterate that last point: People send the craziest stuff in email! Oh, like…
Opportunity makes a thief
Some say opportunity makes a thief. The ATF official had access to the data and for nefarious reason sent that data to his personal email address, most likely from his work address. And in the case of Woolworth, some of the recipients of the master gift card spreadsheet stole other people’s gift numbers and used them. For UPMC, the misdirected email released the personal information of 722 members, and as of July 15, “it wasn’t immediately clear who received the email or how the recipient handled that data” (Post-Gazette.com).
These are just the examples that made it into the news. Think about what you or your colleagues email on a daily basis and imagine if some of that made it into the wrong hands. No one wants to see the Ring in Saruman’s hands, so you don’t want your latest patent ideas in the inboxes of your competitors. Most of your email data leaks remain hidden and unknown underground, much like Gollum with the Ring all those years.
Opportunity makes a good teacher: DLP and email forensic tools
But I also say opportunity makes a good teacher. In this case it’s to highlight a really cool feature to prevent and alert on risky email behavior that many organizations already have at their disposal but use very little. Within Microsoft Exchange 2013 and Exchange Online is a native feature called data loss prevention (DLP).
DLP enables you to protect your company’s sensitive data from being sent via email and keeps you compliant with various regulations on the treatment of data like social security numbers, credit card information and more. Here’s how DLP works:
So DLP policies within Exchange 2013 would be the first line of defense that Woolworth could have set up to block the unfortunate gift card spreadsheet email.
UC Command Suite: bringing DLP and email forensics to light
Tracking DLP violations or flags can be tricky if you aren’t used to searching through endless tracking logs. Gollum has spent too long with his precious underground. It’s time to shed light on the DLP policy violations and other unusual email behavior going on in your organization.
The second line of defense would be to have a DLP insight solution in place to send you alerts when certain DLP violations are happening. Natively, on-premises Exchange 2013 DLP does not provide this reporting. Dell Unified Communications Command Suite is the only solution on the market today to report on Exchange 2013 DLP (see screenshot), covering:
With UC Command Suite, you can deliver additional security insights right to your inbox (even without DLP policies in place). For example, someone can create a daily subscription to monitor emails sent externally with abnormally large attachments to an abnormally high number of recipients (e.g. +20). Now wouldn’t that be interesting?
Learn more about risky email behavior and DLP from Michael Osterman of Osterman research in this recorded webcast, "Email is the Biggest Risk in Your Organization... and What to Do About It."