While there are various ways in which someone can exfiltrate data, email is always the biggest risk. In order to understand what data exfiltration on email is, we should start with what data exfiltration is more broadly. Data exfiltration is the act of sensitive data deliberately being moved from inside an organization to outside an organization’s perimeter without permission. This can be done through the digital transfer of data, the theft of documents or servers, or via an automated process.
Donor’s data and sensitive information found in spreadsheets, calendars, or even in the CRM can be moved outside of an organization’s perimeter via email in one of two ways: someone inside the organization, like an employee or exiting employee, emailing data to their own personal accounts or to a third-party; or external bad actors targeting employees with phishing or spear phishing scams. So why is data exfiltration on email so dangerous?
The key reason is the underlying technology behind email hasn’t evolved since its inception in the 1970s. That means there are core security features missing that modern communication platforms have as a standard, including the ability to redact or recall and encryption-by-default. This makes email one of the go-to mediums for data exfiltration. In fact, 10 percent of all insiders and 10 percent of all external bad actors use email to steal data.
Related: What Is Data Exfiltration?
Whether it’s an exiting fundraiser emailing donor data to their personal accounts on their way out or a hacker targeting someone with privileged access to data via a phishing email, nonprofit leaders must find a way to prevent sensitive donor information from leaving their organization.
Because it’s people who control our data, training is a logical solution to data exfiltration. Many organizations have training every 6 months or more frequently. However while training does help educate employees about data exfiltration and what the consequences are, it’s not a long-term solution and won’t stop the few bad eggs from doing it. You also can’t train away human error.
Solutions like Gravyty Guard use artificial intelligence (AI) trained on historical email data to understand the intricacies and fluctuations of human relationships at nonprofits. That means our AI can constantly update its “thinking” to determine whether an action looks like exfiltration or not.
Ultimately, Human Layer Security can check for and recognize suspicious email activity thousands of times per second without missing information or getting tired. Nonprofits can use Gravyty Guard to prevent data exfiltration on email by turning an organization’s own data into its best defense against inbound and outbound email security threats.
Use today’s technology to protect against tomorrow’s cyber threats. Take our FREE 15-minute assessment and receive your own Data Security Health Score and find out if your organization is secure.