A key part of the data leak prevention effort is making sure that email and other messaging systems are used securely. Here are some tips on how to keep email leaks to a minimum

Dark Reading Staff, Dark Reading

December 9, 2011

2 Min Read

[Excerpted from "Email and Data Loss," a new report posted this week on Dark Reading's Insider Threat Tech Center.]

A single email doesn't seem like much to worry about. After all, how much damage can one email cause? A lot, as many companies have discovered in the past few years.

All it takes is one email for a disgruntled employee to send product secrets to a competitor. And just one email sent to the wrong person can result in a company’s dirty laundry being aired on public social networking sites. The possibilities, unfortunately, are almost unlimited.

Putting usage policies and rules into place will let employees know exactly how company information should be handled and communicated via email, instant messaging (IM), and text messaging, and will lay out the consequences for not abiding by the rules. But a policy can’t stop a mistake once it has been made, and it won’t slow an insider determined to expose sensitive data.

Companies need to take purposeful, proactive steps to ensure that their email systems are protected against data leakage. Indeed, it’s a requirement for enterprises that must comply with various industry regulations.

The good and bad news is that there are many different approaches to take -- from email encryption to rights management systems to gateways that scan messages for sensitive content to massive data loss prevention (DLP) systems that try to lock down all ways that data can leak from a business.

One of the oldest forms of securing messages is through email encryption. In its simplest form, email encryption can secure a message so that only the sender and recipient can see its content. If the encrypted message finds its way into the hands of someone who shouldn’t have access to it, there is nothing he or she can do with it.

Many modern systems can be set to automatically encrypt all communications within a company (though external emails remain open). Today’s encryption systems also take advantage of the cloud and advanced Web application technology to remove some of the barriers to email encryption. In these systems, public keys are maintained on a cloud server, and online browser-based applications can be used to decrypt and view sensitive communications.

Another approach to prevent data leakage through email and other communications channels, such as IM, is rights management. Rights management systems are usually client/server products used to define and control policy from a central system that then dictates to the email client (typically Microsoft Outlook) how content can be viewed, shared, and distributed.

For more detailed information on email encryption and rights management -- as well as detailed discussions of email gateways and data leak prevention -- download the free report on email security.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights