What are you doing when it comes to preventing users from sending emails that could contain corporate data to their personal email addresses? Do you have controls in place or do you strongly discourage it through company policies? Many organizations have to deal with personal email addresses so blocking outbound emails to @gmail or other major players is out of the question. Thanks.
Sort By:
Oldest
Director of Information Security in Manufacturing3 years ago
Only retro-actively; if we suspect exfiltration (and this has to be a strong indication), we will go into a user's mailbox and manually searchCIO / Managing Partner in Manufacturing3 years ago
Unless you turn off everything there will always be a risk. Educating staff constantly is still the biggest defence, coupled with intelligent scanning of traffic to detect unusual behaviours.Director in Manufacturing3 years ago
We have policies, yearly required training which also points out you could be fired. And we use DLP data loss prevention tools from McAfee and others. We don’t hide that we use the tools but don’t advertise it either. The tools auto notify the manager and one level upVP Infrastructure, Cloud, & Data Platforms in Consumer Goods3 years ago
Prohibited in policy, enforced via detective controls and direct follow-up.