Email threats from external bad actors like spear-phishing and whaling dominate headlines. But email threats from insiders are on the rise. And just because they don't make the front page doesn't mean they can't be as costly, if not more so, than a common breach.
In fact, there’s been a 47% increase in incidents over the last two years - and that includes accidental data loss and deliberate data exfiltration by negligent or disgruntled employees or contractors. While every incident of data loss or leakage may not result in a breach, many do, and the cost can be tremendous. In addition to the possible financial losses, having to send an email to the entire donor database informing them that their personal data may have been compromised can be damaging to the organization's reputation.
That’s one reason why data loss prevention (DLP) is one of the top priorities for nonprofits and why email is the threat vector most nonprofit leaders are concerned about protecting. The question is: do these leaders have true visibility over how their employees are handling and mishandling data on email?
Ultimately, the answer is no. While the DLP market is saturated with rule-based software, IT leaders actually count security awareness training and “following company policies and procedures” as the most effective ways to prevent data loss. Security awareness training confronts the crux of data loss by educating employees on best practice and company policies. But training does not effectively influence and change human behavior that is causing these breaches.
One of the reasons IT leaders don’t have true visibility over the flow of data within their organizations is because employees don’t always report their mistakes internally. Whether it’s because they’re afraid to admit wrongdoing or simply because they don’t know the implications or their internal reporting processes, this means leaders are actually underestimating how many misdirected emails are sent within their organization every year.
While sending company data to personal email accounts isn’t always malicious, it is often against security policies. Of course, sending company data to a personal email account can also be a sign of intentional data exfiltration by, for example, a disgruntled employee on their way out or an insider threat.
As many organizations have been forced to adopt remote-working structures and policies – and as more are opting to keep these flexible structures – maintaining visibility over data flow is now more difficult. The new office is a virtual one, which means past strategies have become obsolete. In fact, they became obsolete the day companies switched to remote-working. It’s no wonder that the overwhelming majority of nonprofit leaders say DLP is more challenging when their employees are working remotely.
So how can we achieve the visibility needed to protect donor data? Without inhibiting employees or burdening IT teams, Gravyty's AI is trained to understand the behaviors of nonprofit employees to accurately and automatically predict when they’re making a mistake or breaking the rules. Next Generation DLP takes human error out of the cybersecurity equation, protects your donors, and empowers employees to work safely wherever they are.
Is Data Loss Prevention a priority at your organization? Take our FREE 15-minute assessment and receive your own Data Security Health Score and find out if your organization is secure.