Data Loss Prevention

How Businesses Can Prevent Data Loss

Did you know “zettabyte” was a non-existent term before 2012? Today, there are more than 40 zettabytes or 40 trillion gigabytes of data floating around. With so much data, comes greater responsibility for those who handle this data!

Data is the new oil as they say, so imagine the ramifications of this data getting lost, and worse, falling into wrong hands. There are a lot of numbers that attest to this. For instance:

  • 40-60% of small businesses won’t reopen after data loss.
  • The average cost of downtime for companies of all sizes due to data loss is almost $4,500/minute.
  • Up to 50% of data loss cases are caused by human error.

Failures like data loss can happen to anyone but businesses must be prepared for any contingencies that can arise from it.

Did you notice, that we spoke about “data loss” specifically and not “data leak” or “data breach”? These terms are often used interchangeably; however, there is a subtle difference.

Difference Between Data Loss, Data Leak, and Data Breach

Data leaks are usually a result of organizations accidentally exposing sensitive data. This could be due to ignorance, security vulnerabilities, or plain simple mistakes. Such incidents are not initiated by cyber attackers.

Data breaches are a form of cyberattack, where cybercriminals persistently and deliberately compromise sensitive resources. In fact, any event that exposes sensitive data due to cybercriminal activity is considered a data breach.

So, a breach is when someone “knowingly” exposes sensitive data and a leak is when the data is exposed to the public “unknowingly.” In both cases, the data is compromised but the key differentiator would be the intent and the final outcome.

Data loss is another term that is used loosely with both data leaks and data breaches, and is the topic of our discussion here. Data loss describes incidents where sensitive information is misplaced and can’t be retrieved. The differentiating factor here is the data lost due to both human or system errors (corruption or deletion – accidentally or intentionally) as well as thefts through cyberattacks or insider threats.

So, what goes into preventing data loss in businesses? To understand that, let’s first deep dive into what causes data loss.

Causes of Data Loss

Primarily, there are three reasons why a business may lose data.

  1. Unintentional human error – This is said to be the number one cause of data leaks today. This can occur due to various reasons like failing to restrict or update access permissions, losing or leaking data in the public domain (think laptop left unattended or leaving a file with sensitive information unencrypted on an open server), or even failing to comply with the organizational procedures.
  2. Cyberattacks – Using techniques like phishing, malware, or ransomware, email impostors are able to penetrate the security firewalls and get hold of sensitive data.
  3. Insider threats – Mostly understood as “corporate espionage.” Here, a bad actor (generally bitter), compromises the user accounts and leaks information to outsiders for personal gains.

The costs from data losses are exponential. Per an IBM security analysis report, a customer’s personally identifiable information (PII) was the most common type of record lost, included in 44% of breaches with each record costing $180.

This is where data loss prevention (DLP) comes in handy as a security best practice. It’s not just an obligation on the part of businesses to protect the personal identifiable information of customers but is also enforced by several regulatory standards, such as GDPR, HIPAA, PCI-DSS, and even the new cybersecurity executive order signed by President Biden!

How Data Loss Prevention Can Help

There has been a rise of 47% in data breaches since 2020 as a result of the pandemic. With the acceleration of remote working, more data is being shared outside the company network and personal devices. It’s critical to protect not only the networks but the devices as well, besides extending that protection to data in transit and data at rest. Equally important is raising awareness on encrypting messages, human error prevention, and data protection, even when it has been shared.

Data Loss Prevention can stop this. It’s essentially a set of tools and processes to ensure that your sensitive data isn’t lost, misplaced, or exploited by bad actors. At the same time, it also classifies regulated, confidential, and business-critical data and ensures regulatory compliances.

Data loss prevention solutions’ primary job is to classify and prioritize data security. However, to counter today’s sophisticated threats, the DLP tools must go beyond simple detection to offer alerts, enforce encryption, and isolate data.

Typically, good DLP solutions offer:

  • Visibility into who is accessing data and systems, when, and from where
  • Restrict suspicious or unidentified activity
  • Reports for auditing
  • Identify vulnerabilities and provide forensic context to IT security teams

Such tools protect data in many ways.

  • Data in use – Data loss prevention software protects data that is being accessed, erased, processed, updated, or read by any user.
  • Data at rest – DLP tools protect data at rest across several storage mediums, including databases, file server systems, mobile devices, laptops/computers, and the cloud. They do this via controls to ensure only authorized users are accessing the data and to track their access.
  • Data in transit – DLP solutions are needed to ensure that the sensitive data in transit across a network is routed securely and doesn’t fall into wrong hands. Encryption and email security play a key role here.

There are several techniques through which DLP is accomplished, such as:

  • Pattern matching: Classifying text by the likelihood of it matching a certain pattern of protected data as a DLP technique. For example, a 16-digit number quoted in an email response or subject line could be classified as a credit card number, or a nine-digit SSN could be a social security number – both protected and sensitive information.
  • Keyword matching: Classifying and flagging text per specific keyword phrases set by the IT administrators as a DLP technique. For example, phrases like “wire transfer,” “invoice,” “payments,” etc.
  • Fingerprinting: Another example of a DLP technique is looking for an exact match in databases.
  • File matching: Looking for hashes of files and matching them against exact fingerprints for DLP.

The IBM report also pointed out that business email compromise (BEC) had the highest average total cost among the attack vectors at $5.01 million. In the U.S. alone, almost 20,000 BEC attacks were reported to the FBI in 2020, with a cumulative loss of $1.8 billion, according to another recent report by Osterman Research. Countless other BEC attacks have occurred since, which were not even reported to the FBI!

Clearly, email being the universal and primary mode of communication, it is the most vulnerable medium, resulting in huge data losses for businesses.

So, how can you protect your business against data losses arising from all these threat vectors? RMail, a global email security solution from RPost, ensures your sensitive data doesn’t fall into wrong hands. There are several ways in which data can be lost with different vectors of cybersecurity threats. RMail addresses these issues head-on with a layered e-security approach for DLP.

The first layer of DLP is RMail Gateway to protect your server - both inbound and outbound. Here is how.

RMail Gateway – Data Loss Prevention by Protecting Your Server

RMail Gateway automates encryption compliance for all users whether they send emails from their mobile devices, different email programs, or CRM applications. Senders don’t have to do anything – emails are automatically encrypted via pre-defined rules set by an organization’s IT team.

Based on certain keywords in the message or subject, such as “wire,” “file transfer,” “invoice,” recipient domains, or an unlimited variety of customizable rules and combinations, RMail Gateway keeps tabs on where your data is traveling and prevents from falling into wrong hands through several alerts.

RMail Gateway – Data Loss Prevention
RMail Gateway Enable Custom Rules – DLP

A notable aspect of using the Gateway is that you don’t have to train your users on anything. RMail Gateway adds options to route all or some of the messages based on content rules to send as encrypted Registered Email messages for simple and automated compliance. RMail Gateway offers a far easier user experience for your recipients and is one of the easiest techniques for DLP. They don’t need to log in, signup, click on any links, or download anything. What’s more – you get the proof of delivery and an audit record for proof of privacy compliance with each email sent to any recipient, which is court-admissible.

Plus, RMail Gateway can be used along with any other third-party anti-spam service that you use currently through an outbound send connector (i.e., a smart host connection). It makes the job of IT teams far easier as they can set a rule for all emails to go out with the transport security layer (TLS) encryption. They don’t have to rely on each individual user to take proactive measures to protect sensitive data. And all the emails will go out encrypted automatically without the need for your users to do anything. Let’s see how.

RMail – Data Loss Prevention by Protecting Your Email Client and Empowering Your People

RMail is an award-winning email security solution from RPost that offers much more than email encryption, including advanced email privacy and compliance features, data leaks, and human error prevention. Designed to run inside Outlook, RMail is a one-click install and is extremely simple to use for both sender and recipient. It’s also available for other email clients, such as Gmail, and offers integrations with several CRM systems, such as Salesforce, iManage, NetDocuments, Vertafore, etc.

The AI-user adapting, automated encryption is a unique aspect of RMail. Systems relying on "opportunistic" encrypted transmissions, are not considered reliable generally for privacy compliance. What this means is if the system cannot transmit the message in an encrypted manner, it simply sends in plain text, leaving breadcrumbs of your message content all over the Internet.

The Gmail transparency report says that on average more than 10% of emails may not be transmitted with a secure enough transmission if relying on "opportunistic" encryption. For the sake of pure calculations, let’s consider an organization sending out 500 emails daily. Out of this, it’s quite possible that about 50 randomly-selected messages (and their attachments) would be transmitted without any encryption. This poses severe risks of falling out of compliance and being subject to litigation and fines.

And it’s where RMail differs. It uses a double-layered encryption protocol as a means for DLP.

  • Transmission level encryption: It is the default encryption mode for encrypting emails, where the message is encrypted using a configurable level of TLS and auto decrypts the email and attachments for the recipients. Your recipients do not need to enter any password, click any link, or install any software to decrypt the message. And they can see the “Registered Encrypt” markings in the email body and subject line, which makes the message stand out in their inbox and tells them that it is encrypted.
  • Message level encryption: At any point, if the RMail server senses that the recipient’s email client does not have TLS or has a lower level of TLS than the minimum TLS threshold, the email will automatically revert to RMail’s “message level” encryption option. RMail automatically wraps the email content and attachments inside an AES 256-bit encrypted PDF to guarantee 100% end-to-end encryption. What this means is that the message and all attachments remain encrypted within the recipient’s email inbox and are encapsulated inside a PDF file. They can be read only after decrypting in the recipient’s PDF reader or any web browser PDF viewer. A significant edge this gives your business is that cybercriminals cannot access these emails if there is an email breach at the recipient. Senders also have the option to force Message Level Encryption at the moment of sending.

RSecurity Makes RMail Even More Effective at Data Loss Prevention

While traditional threat vectors are still widespread and very damaging, the past years have witnessed a concerning spread of sophisticated socially engineered cyberattacks that target the human layer of companies, against which encryption alone cannot protect. Account Hijacking, Business Email Compromise, Phishing, and Whaling, to name a few, are threat vectors that exploit human vulnerability by tricking people into making costly mistakes – for example, sharing sensitive information with malicious impostors.

This is why businesses need to protect their data against human errors – intentional or unintentional. It’s here where RMail becomes more effective as a second layer through RSecurity, its Human Error Protection Suite.

For example, the latest Osterman Research study unveils that traditional e-security tools are not designed to protect against socially engineered BEC attacks, a sophisticated form of impostor email that seeks monetary payment as a direct outcome. Such types of BEC attacks include (but are not limited to) diverting payment on a valid invoice to a fraudulent bank account, submitting a fake invoice for payment, diverting employee payroll to a fraudulent bank account, and using impersonation of senior executives to lend credibility to plausible but irregular requests.

RSecurity solves the three main DLP challenges not addressed by traditional email perimeter and gateway security services, and it does so in the flow of email sending and within Microsoft Outlook in Microsoft 365:

Secure Email Recommendations and Sensitization

Automated, non-intrusive, e-security sensitization and training for all staff through RMail Recommends™, a new feature. It uses advanced AI to predict what messages the sender might want to treat in a special manner and gently nudges them to encrypt such messages, making it easy to track, prove, certify, encrypt, or send encrypted specially to protect against wire fraud.

DLP – RMail Recommmends Popup
DLP – Anti Whaling Alert

Anti-Whaling Alerts

RMail identifies when an email is likely to be routed to someone other than the displayed email sender and alerts users before they reply or forward. This is a key step in DLP to protect sensitive information from falling into the wrong hands.

Impostor Email Alerts

Awareness of potential human e-security error before it happens in the email send flow through the Right Recipient™ feature as a means for DLP. It prompts users to double check recipient addresses if the RSecurity AI engine determines that the sender is about to misaddress a sensitive email. It also additionally alerts the sender if the recipient domain is likely to be a clever misspell of an authentic recipient domain, considering domain age and other variables.

DLP – Domain Age Detector
DLP – Protect the Thread

E-Security Content Controls

Erase sensitive content from an email thread after it has been read by the recipient to eliminate the risk of data leaks with unsecure replies and forwarded email chains. With RMail’s Redact+™ feature, you can tag selected sensitive parts of an email by adding a carat sign (^), so that those parts are removed from the email body, which prevents recipients from replying or forwarding. It’s like erasing sensitive content from within an email or kill access to an attached document while at the recipient’s end – one of the most effective ways for DLP.

Bottomline – What Makes RMail’s Data Loss Prevention Unique?

It’s all in the AI that runs inside either Microsoft Outlook, at the email security gateway, as well as in the smart email encryption engine. The AI determines the best method of secure delivery considering the sensitivity of content and the recipients’ experience.

DLP From RMail Inside Microsoft Outlook

RMail’s new automated security user experience is elegantly easy. The sender just needs to click the “Send Registered” button right within their Microsoft Outlook interface and RMail AI determines if the message should be encrypted for security, or compliance, or whether it should have timestamped proof of delivery. RMail’s AI will then offer an encryption recommendation to the sender right before they send the message if the message is deemed sensitive.

The send then either continues in an RMail secure manner or normal, depending on the RMail AI and user behavior. This entire email security process happens in milliseconds right from when the sender clicks the “Send Registered” button and before the message leaves the sender’s device.

Better than MS Defender

It is the user experience - for the sender and most important, the recipient - that matters when it comes to email encryption in some advanced Microsoft plans. Plus, RMail offers added features like tracking, proof, file share, and more.

Additionally, even if you have an email gateway service (like Microsoft 365 Defender, or other perimeter gateway offerings) that focuses on inbound email protection, you can still add the RMail Security Gateway only for your outbound messages. This makes the user experience for the outbound email encryption pure bliss.

Reduce the Risk of Data Loss with RMail Gateway and RMail

A good DLP solution is essential for businesses, with data volumes exploding exponentially and cybercriminals deploying increasingly sophisticated attack methods. It is crucial to ensure that business-critical, sensitive data is secure at all times, no matter where it is located. Businesses can no longer fall back on traditional perimeter security solutions to protect valuable and sensitive data; they must consider a DLP strategy that guards data-at-rest, data-in-use, and data-in-motion, and also put a robust DLP policy in place.

RMail Gateway and RMail can dramatically reduce the risk of data loss from human errors or disrupted business processes. They are simple to use and protects your data at a fraction of the cost of what you currently spend. Try RMail to protect your data for free!