The world of work has become more digital with conversations that would once have been face-to-face now taking place over email. In fact, 85 percent of employees are using email more than they did before the pandemic, according to our recent Data Loss Prevention Report, which surveyed 500 IT leaders and 3,000 remote employees in the U.S. and the U.K.
This has had significant implications for data security within organizations. Our research found that 59 percent of IT leaders have experienced a rise in email data loss since the start of the pandemic. The increased reliance on digital forms of communication, such as email, for sharing sensitive data means that there’s more risk of human-activated security incidents, such as emails sent to the wrong recipient or emails sent with the wrong attachment. It’s easy to imagine what the implications might be if that email contained company data.
That’s why organizations must consider the human element when they look at their security risks — and that means looking at what might raise the risk of accidental data breaches, as well as intentional ones.
The Human Element of Data Security
Right now, for many businesses, that human element is under more strain than ever.
We found that 60 percent of employees are working in home environments where distractions and interruptions are commonplace, increasing the risk that they might make a mistake or cause a data-loss incident. Employees are feeling worse too: 39 percent reported that they felt more stressed and 34 percent more tired. It’s easy to see how these tired, stressed and distracted employees can be more prone to causing data leakage by mistake.
In an attempt to mitigate these risks, many organizations turn to traditional data loss prevention (DLP) tools. However, these solutions can often cause their own problems. Traditional DLP tools use static rules to prevent email data breaches — for example, they might block an email from being sent to certain domains.
Our research found that 79 percent of IT leaders have static DLP tools in place — and that same percentage reported experiencing difficulties resulting from their use. Further, 24 percent of IT leaders reported that these tools created user friction or frustration. This is because the static rules of traditional DLP tools sometimes don’t align with real user behaviors, so they might harm user productivity by preventing them from sending emails even when the risk is low.
So what action should businesses take to secure their human layer and prevent email data loss? The answer lies with advanced DLP tools, which utilize contextual machine learning. These solutions go beyond the capabilities of traditional DLP technologies by deeply understanding user behavior.
The Power of Advanced DLP Tools
Machine learning enables advanced DLP tools to understand how users behave and recognize when they’re acting abnormally.
For instance, an advanced DLP tool will understand which recipients a user usually includes together when sending an email. If that user were to include the usual recipients, but mistype the name of one of them, an advanced DLP tool would recognize this as abnormal. It might then prompt the user to make them aware of this or automatically apply encryption as additional protection. Advanced DLP tools protect the human layer because they’re able to recognize human error — something that we all know is sometimes inevitable.
These tools can also remove the problem of user friction. Machine learning is able to quietly observe a user’s behavior and understand the ways that they use email to share data. Beyond understanding who each user usually emails, an advanced DLP tool knows what type of information they usually share with them. For example, if a user shares invoices with John in the finance team, an advanced DLP tool will recognize this as normal behavior. However, if the same user tried to send invoices with John in marketing by mistake, it would be able to recognize this as abnormal.
This capability also means that users are prompted only when there’s a risk of data loss, like when a user is about to send a misdirected email. With traditional DLP tools, a user might be prompted — or even prevented entirely — from sending an email to a specific domain, even when the risk is low.
However, by understanding the user’s behavior, an advanced DLP tool would recognize the true level of risk. By only prompting when it recognizes an element of risk or abnormal behavior, advanced DLP technology can reduce the phenomenon of click fatigue, where users become tired of frequent prompts and start to ignore them. In that manner, advanced DLP solutions enable users to share data safely, without disrupting their workflow.
By implementing the right technology, organizations can ensure that they’re securing their people without creating a barrier to productivity. In these times of heightened risk, businesses must take action to stem the flow of data leaving their organizations not just for now, but for the long term too. By securing their human layer, businesses can provide a safety net for their employees, so that in the event that an incident does occur, their data is protected.
