Data Loss Protection – Email

I’ve recently heard from a customer their experience associated with a key staff member moving on and taking highly valuable, extremely sensitive business critical data with them, unauthorised.  Naturally, we all want to trust our staff and would never expect this to happen, but reality and experience says that it unfortunately does.

It’s a competitive world and every advantage to succeed sometimes overcomes ones moral ethics and sensibilities.  When a trusted employee decides to leave your organisation, particularly if they are leaving to a competitor, the suspicious side of our nature (justified or not) can kick in and we start to become concerned about what information they may be “sending” home in preparation for departure and a new start with your closest competitor.

So how do you protect your business, data and the staff that are still with you, or at least how do you track or find out what has been “sent” home.  It’s a very good question and something that cannot be answered in a single Blog.

So let’s start by at least tracking email communications in and out of the organisation; who is sending / receiving what.  Sure, we don’t want to play big brother and read everyone’s email, that’s not the intention here.  What we want to do is ensure that this information is at the very least captured and contained somewhere within the network that would enable future discovery for any number of reasons in protection of the organisation and/or individual.

This solution is commonly referred to as eDiscovery compliance, the ability to automatically copy all email communications both internal / external as it enters and leaves an in/out box within your corporate email environment.   This information is permanently stored within the system and is preserved from being tampered with or deleted in a secured and audited format.

It can be searched upon at any future point in time be it for legal purposes or other, via subject, conversation, date, time, customer, staff member etc.    This type of solution may help you confirm or allay your suspicions one way or another, hopefully before it’s too late.  At the same time, the solution can also be used to ensure that the organisation and/or individuals are protected from a legal or internal staffing issue perspective should a business transaction go wrong, an employment issue arise (i.e.: sexual harassment etc.), or a vital piece of communication supporting a business critical decision or advice be mislaid.

Access to aged email long ago deleted from your inbox that supports, clarifies or proves the situation right/wrong may just be the information that resolves the situation quickly and efficiently with minimal impact upon the business or individual.

There are any number of solutions available in the market place today, however one of the most cost effective, simplest to deploy, manage and administer ongoing we have experienced at Aliva is the Barracuda Message Archiver appliance.

It’s important to remember that corporate email is just one area that requires protection against data loss, so let’s not forget the others areas of potential data loss that need protection which I will touch on in future blogs over the coming weeks including:

  • 3rd party internal email services (i.e.: Hotmail, Gmail etc.)
  • Instant Messaging
  • USB Keys
  • Hard copy printing

Should you wish to discuss any concerns you have around Data Protection, please don’t hesitate to call the Aliva team as we are more than happy to discuss your organisations specific requirements.