Fifty years after it was invented by an MIT engineer, email remains the world’s most popular business communication tool. Unfortunately, it is also the single greatest source of business data leakage.
A whopping 95 percent of IT leaders say that customer and company data is at risk on email, according to the 2021 Data Loss Prevention Report by the cybersecurity firm Egress. It’s not mere conjecture, either. More than 80 percent say their organizations experienced at least one actual email data breach in the last 12 months.
Human error is often to blame. According to the study, 80 percent said sensitive data was exposed when an email was accidentally sent to the wrong person. Another 80 percent reported incidents in which someone accidentally attached the wrong file to an outgoing email.
Spilling the Beans
Given the sensitive nature of information often included in emails, such breaches can have devastating consequences. Business users commonly use email to share customer data, contracts, financial reports, personnel information and many other types of documents that aren’t meant to be widely distributed.
In early September, for example, McDonald’s accidentally emailed login credentials for development and production databases related to its Monopoly VIP game. The company says it was able to change passwords before any sensitive files were accessed.
What makes such errors so infuriating is that they could easily be averted. Researchers say almost two-thirds of email breaches involve unencrypted emails. Sending emails in plain text creates an unnecessary risk because the content is perfectly readable by either unintended recipients or malicious actors.
With email encryption, recipients must have access to the correct encryption key in order to read the message. The technology has been around for decades but has never achieved widespread acceptance. Users often struggle with encrypting and signing messages, finding and verifying other people’s public encryption keys, and sharing their own keys.
A Simpler Solution
The latest solutions eliminate much of the complex. Encryption just happens in the background — users don’t need to manually enable it. For example, Advanced Email Encryption from Zix scans the content of all outbound emails and automatically encrypts them based on policies you define through a dashboard interface.
If emails contain sensitive information, they can also be quarantined. If an email is quarantined, employees, managers and IT receive a notification to view the message and the suspected policy violations. They can then either delete the email or approve it and release it for delivery.
The Zix solution also simplifies encryption key management. ZixDirectory, the industry’s largest repository of encryption keys, automatically manages the coordination and exchange of keys. Keys are generated, securely stored, managed and made available through the global repository, eliminating the need to transmit keys individually.
Advanced Email Encryption also features built-in data loss prevention (DLP) filters that scan email headers, body content and attachments for security policy violations. They can block sensitive company information from leaving the company by email, and also prevent unauthorized users from downloading or copying data onto USB devices or other unsecured endpoints.
Email has been an incredibly valuable business communication tool for decades because it is fast, easy to use and gets the job done. However, email messages have always been subject to theft and data leakage because they are predominantly transmitted in plain text. Contact us to learn more about using Zix Advanced Email Encryption to safeguard your key communications.