Detecting and Preventing Data Loss Through Email

Detecting and Preventing Data Loss Through Email

Detecting and Preventing Data Loss Through Email

While most of us may have developed a knack for blocking incoming spam, flagging suspicious looking email and spotting a Phish, applying the same cautionary approach to outgoing mail is, more often than not, overlooked and underestimated. Email remains one of the most widely used communication tools, yet is among the highest ranking sources of modern-day cyber breaches, which continue to grow in number and sophistication.

A proactive approach to email security is no longer exclusively resigned to incoming malware, viruses and spam. Managing data loss now requires (in addition to significant compliance, training and technology investment) the ability to secure and monitor outgoing mail and data activity which looks irregular.

Insider Threats…

A recent Intel Security report showed that 43% of data breaches were caused by employees, contractors or suppliers. Statistics like this highlight that even the most robust compliance and cyber security defence systems have limitations, especially when it comes to mitigating data leakage and monitoring unusual end-user behaviour. One of the most high profile companies to learn this the hard way was Tesla. According to the Washington Times, the automotive company failed to remove their former employee’s email and administrative privileges after he was fired. The 28 year old employee in question was subsequently able to use his work email to distribute sensitive data inside and outside of the organization.

So what can organizations do…?

There are no shortage of tools that can be implemented to prevent data loss through email, but according to McAfee, there is a strong correlation between actively monitoring outgoing email and a reduction in data loss. While DLP systems are protective by nature, they only go so far in terms of mitigating insider risks.

At Options, we actively deploy a range of monitoring and alerting tools as part of our recently launched S.I.A (Security, Intelligence and Analytics) product offering. We use Splunk to collect meta data from email traffic and over the last few years have built some very insightful dashboards to analyse the findings. Here we’ll take you through a couple of dashboards that have helped our clients detect and mitigate data loss threats within their organization.

High Volume of Attachments Sent

One of the most useful dashboards we have built for our clients is the email watch list. On this dashboard we are able to show the number of attachments sent per user over a period of time, which has helped our clients spot anyone who is sending an unusually high number of attachments (a key indicator that malicious data exfiltration may be occurring).

Emails Sent to Personal Domains

Another key indicator of data exfiltration is an employee sending data to their personal mailbox. According to a survey of IT professionals by Ipswitch, more than 25% of employees have admitted to sending proprietary files to their personal email accounts with the intent of using that information at their next place of employment. With this in mind, we have created dashboards for our clients that clearly highlights if this behaviour is occurring. Using Splunk, we are able to build a list of domains known for personal use, and can query any user sending attachments to these domains.


While the implementation of Data Loss Prevention technology can help keep a tight lock on sensitive data, it is crucial that organizations not only understand the associated risks of outbound email capabilities, but have the tools and resources to monitor suspicious activity on an ongoing basis. At Options, our goal is to address this challenge through a seamless blend of cutting-edge technology, training tools and engineering. From highlighting unusual or anomalous behaviour to providing the alerting tools necessary for swift and effective management of email irregularities, our continuously proactive approach gives clients lasting peace of mind.

Security doesn’t end with security tools; well-trained employees and a strong supporting security team are also essential. In 2019 we’ve substantially expanded our team and extended our global operational presence, rolling out rigorous training programs across the board alongside numerous platform security enhancements and the deployment of new cybersecurity initiatives to safeguard our clients’ data. For the latest on our Security, Intelligence and Analytics product offering, download our product sheet here.

– Sophie McDonald, Options Head of Analytics

Leave a Reply

Your email address will not be published. Required fields are marked *