GDPR: Step 2

GDPR: Step 2

GDPR Step 2: Helping you become GDPR compliant.
This month we’ll be looking at the steps you will need to take to make sure that you evaluate your email security. The main considerations include:

  1. Strong inbound and outbound email protection
  2. Quarantining unknown email attachments
  3. DLP and Strong encryption
  4. Education, etc.

1. Protecting Inbound and outbound email

It is your duty to ensure that emails that contain sensitive customer data or confidential information are not leaked and are securely exchanged. In order to achieve this you should either deploy & maintain an on-premises email security solution or sign up to a cloud-based security solution.

2. Quarantining unknown email attachments

Complex attacks can get through anti-virus/malware systems because of sophisticated targeting and strategies employed. File and data analysis are therefore essential. Monitoring should detect known and unknown links, malicious sender URLs and attachments before they get to the end user. If they don’t then the email system should test links and attachments in a sandbox/secure environment before the user can click the link or attachment. In order to achieve this you should deploy a reputable anti-spam system.

3. DLP and Strong encryption

A Data Loss Prevention (DLP) tool can check outgoing emails for content that could indicate a breach. DLP’s can warn users if their emails contain PPS numbers or other keywords, automatically encrypt emails sent to certain addresses, or strip confidential attachments from emails sent outside the company.
Applications that use ‘EaaS’ (Encryption as a Service) architecture can control permission to read and share emails that have been recalled which otherwise once sent would be in the recipient’s inbox. Rescinding the encryption key can stop recipients from reading or sharing the message (even after it has been opened). Along with Virtual Read Receipts, this can address breach mitigation requirements or if you managed to recall the message before it is opened could avert a breach entirely.

4. Education

As with any other area of vulnerability in your organisation, you should educate your staff on company policy regarding email, monitor their email usage, teach them ways to recognise threats and what to do if they think there has been a breach. And re-educate regularly, as this is a vigorously developing danger that is not going away.

5. Keep your email password secure
6. Keep your email client secure (lock your pc when away from it or set a screen timeout)
7. Archive and/or delete old emails, which are no longer required

Read our GDPR section in our April newsletter where we will outline some changes we are making to our DRIVE CRM software to help you comply with your obligations.