Are you up-to-date on the latest data protection requirements? On Aug 30, the ICO released new guidance for organizations to implement additional email protection like a data loss prevention tool, among other suggestions.
What is the TLDR?
In short, it’s important for organizations to recognize that email addresses can be personal information, and therefore must be treated with care when using CC and BCC functions appropriately.
In addition to staff training, organizations should consider additional security measures when handling and sending sensitive or confidential information.
Why is this important?
The ICO has seen hundreds of data breaches where a sender misused the BCC field. BCC can be a useful function to protect the identity of recipients, but it’s not enough to properly protect personal information within the body and attachments of the email. Especially when an email gets sent to the wrong recipient by mistake — a simple typo is all it takes for a potential data breach.
What security measures should be considered?
To balance employee productivity on email with security compliance, appropriate DLP controls need to be implemented, as well as staff training to help reduce human error. According to the ICO, there are a few alternatives to consider to ensure data security:
- Set rules within your email system to warn users when they use the CC field.
- Set a delay to allow employees time to correct their mistakes.
- Have robust internal reporting processes to allow key staff to quickly investigate, contain, risk-assess the seriousness of the situation, and notify the ICO, if required.
The benefits of a Data Loss Prevention tool
The ICO recommends training and rule-setting, but these manual checks aren’t fool proof. Instead, you can consider a data loss prevention tool to automate security checks and utilize AI to do the heavy lifting. This way you can protect your sensitive data, meet regulatory requirements, and train your employees in-the-moment — all with one solution.
Check out the benefits:
- Stop sensitive data loss before it happens and eliminate the financial risk that comes with the reputational damage of a reported data breach.
- Create bespoke rules that remind employees to take extra protective measures when sending emails to a large number of recipients.
- Take comfort in knowing that real-time warnings are allowing employees to correct their mistakes. This not only builds a stronger security culture but also prevents data loss incidents.
Learn more about Tessian Guardian
Tessian Guardian automatically stops misdirected emails and mis-attached files and is the perfect solution to fit the ICO’s requirements and recommendations. Ready to learn more?