For starters, what exactly is Policy Management?
Every day there are increasing amounts of information being transferred by email, resulting in data theft and leakage becoming an increasing threat for every corporation. In their report, ‘The Value of Corporate Secrets,’ Forrest Research shows that corporate secrets comprise two-thirds of the value of firms’ information portfolio. However, most companies are still under-protected and focus their security budgets on compliance and protection of custodial data (customer personal information) rather than internal information such as corporate/product strategy, or financial reports which directly affect the bottom line.
Instead of being reactive to scandals and managing them after the fact, organizations should take a proactive role and protect data leakage before it happens, to prevent the loss of secrets that are revenue generating.
There are different causes for data leakage and they can fall into the following categories:
Employee Negligence: An example of unintentional data leakage could be as simple as accidental sender auto-complete. We’ve all had that happen to us at some point! Well, this did happen when an email list of names, races and social security numbers of dozens of top Republican donors were erroneously sent to a New York Sun reporter.
Malicious Employees: At Blue Cross, a contractor emailed the names and Social Security numbers of 27,000 current and former employees, vendors and contractors to his home computer in violation of company policies.
Ex-Employees: A disgruntled former employee of Source Media hacked into the company’s computer network, read confidential emails about pending personnel moves, and sent anonymous messages to the affected employees to let them know their jobs were in jeopardy.
Corporate Espionage: In a recent case, a corporate lawyer at Meraas Capital in Dubai has been accused of industrial espionage after allegedly revealing inside information about the company to a competitor through email.
These cases all have email abuse and data leakage in common.
So how can these types of incidents be prevented?
The Radicati group recommends having a Data Leakage Protection solution that has the ability to:
- Scan both incoming and outgoing messages
- Provide comprehensive message handling
- Provide options to quarantine and forward to a policy officer
Issue a warning and reject messages
Deliver ‘allowed’ message content
Encrypt messages, and
- Has your organization experienced data loss or are you looking to add this type of solution?Other cases in the news:
The FBI is examining former Rep. Mark Foley’s email exchanges with teenagers to determine if they violated federal law, an agency spokesman said Sunday. http://www.msnbc.msn.com/id/15096062/
Financial services: Press ‘Send’ for Liability: A Case Study in Misdirected E-mail