Data Loss Prevention Challenge – No. 5 – Human Error

There is a saying in IT that if we could remove all users from IT we would not have any Incidents to fix. In almost everything we do, human error, is always at the front of issues we try to minimise.

In managing Data Loss Prevention programmes the focus is typically focused against deliberate theft threats of data, but we must also consider the honest human being who can make mistakes. I was undertaking a Workshop recently on a DLP implementation with my client and I asked how many of the attendees had accidently sent an email externally to someone who they didn’t mean to. With some encouragement, everyone eventually admitted they had. I know I have sent at least two important emails to the wrong person and company, fortunately the recipients were good contacts and I kindly asked that they delete the email as they were confidential.

Sending an email to an incorrect recipient because the name starts with the same name and Microsoft always does such a good job at predicting the mail address (using Autocomplete function) we should use, and when we are in a rush we don’t always check. If the email content contains sensitive data, we can at least validate whether the email should be sent to the listed email recipient. In most case if the email contains some defined sensitive data, we can highlight this with a Pop Out message, as the mail should be sent with a Confidential label, and this should prompt us to check the mail content and the recipients.

We will never get to 100% correct, but at least we reduce the chance of sending the email.

If we do send an email with Confidential data, you can revoke external access, as long as it has been encrypted using Microsoft’s Online Message Encryption (OME) service (part of the Purview suite). This can be done by selecting your sent message in Outlook and clicking ‘Remove external access’. The recipient if using an Exchange Server and having not opened the mail will then no longer be able to open the mail at the other end as it will be automatically deleted from their mailbox.

This does of course assume you noticed the error in the first place. Have you sent any embarrassing emails to the wrong email address that you wished you could have revoked? (Keep them clean)

You might also be interested in

Blog

Data Loss Prevention Challenges – No. 2 – Security Incident Response Management

It has been interesting to work with a range of clients over the years and understand how organisations implement and integrate their tools into existing processes.

Blog

Data Loss Prevention Challenge – No. 7 – Insider Threats

It's amazing how often I speak with clients about their cybersecurity activities, and the focus is nearly always on preventing external threats.

Data Loss Prevention Challenge – No. 6 – Threat Prevention in a sophisticated threat landscape

Addressing an organisation's threat prevention stance for its IT estate is a complex task without a simple answer.