Kevin Tunison, Data Protection Officer, Egress Software Technologies
I’ve held CISO and DPO roles across both public and private sectors, so I’ve felt my share of frustrations over not knowing how my colleagues are sharing data over email. Sound familiar?
Do you really know whether the actual data flows of your organisation match the business processes? This lack of visibility is something that has traditionally put our function on the back foot. Security teams have been stuck in reactive mode, often firefighting when the worst happens and a breach occurs.
Reporting processes have been laborious and manual, taking up a lot of (already scarce) time and resource. And then subsequent company-wide training efforts to help everyone keep data safe often fall on deaf ears with employees complaining about how disruption.
On top of this, executive leadership and boards have been only too quick to hold their security teams accountable the moment something goes wrong. It’s not a great look – and it’s time for something better.
A better approach to mapping email security risk
I joined Egress at the start of 2021 and am extremely pleased to announce the re-launch of our reporting platform – Egress Analytics. This functionality is incredibly innovative and will truly transform organisations’ behaviours for the better.
Baked into the existing Egress Prevent solution, this revamped feature comes with concise visuals that show Information Security and Data Privacy teams exactly how users interact with email. Among many other things, I can now more accurately track sources of email risk such as:
- Misdirected emails
- Display name impersonation in phishing attacks
- Insecure domains
- Adding everyone in the “To:” field
Egress Analytics gives me granular reporting into the number of email security incidents prevented, and how employees are responding to Egress Prevent advice – including the recipients involved and the type of associated risk. It writes the business case for verifiable risk reduction.
As Data Protection Officers, it will help us become far more proactive when it comes to tracking and identifying email risk across our businesses. Egress Analytics will also make it easier to prove business value in terms of financials and efficiency.
Five ways Egress Analytics proves business value
- Proving ROI
I can clearly highlight gains in email security posture and demonstrate tangible returns on the time, effort and investments that my team is undertaking to keep email data safe. Days of effort in tracing a breach back to its source now takes minutes.
- Safeguarding compliance
The comprehensive data sets give me instant intelligence and insight into whether my business is at risk of committing a regulatory violation. This lets me take fast action to avoid any activity that could be in breach of a regulation.
- Focusing training where it’s needed
Nobody likes annual compliance training. Many see it as a box-ticking exercise with no real correlation to show whether it’s effective. I agree we need to move on from the shotgun approach and become more surgical.
In a couple of clicks I can pinpoint specific individuals who might be putting email data at risk. That way, I can run targeted training and support programs. This doesn’t mean compliance training goes away, but it does mean I can focus time and effort where it’s needed most.
- Running faster
It gives me the ability to draw critical conclusions faster and based on facts. Expensive days-long manual investigations will become a thing of the past. Gone are the times of wondering whether your security tool has effectively stopped the finance department from ‘sending their work home’ or sharing confidential information externally.
I can know the answers today, and prove it was prevented from happening in the first place.
- Speaking the language of the c-suite
A picture paints a thousand words… but at this level it usually boils down to red, amber or green. With clear visibility into how users are interacting on email, I now have the tools to communicate more effectively with the Board and Executive team. Risk management, value, and efficiency speaks for itself through Egress Analytics.
Transforming data privacy into business value
On this last point, what’s clear to me is that Egress Analytics offers security and privacy leaders the ability to showcase how they deliver value to their business – whether that’s ROI, risk mitigation/avoidance, or even gaining competitive edge in the eyes of customers.
This shift allows us to further raise the status of the function internally and get away from the firefighting of the past! It’s an exciting time to be a Security Leader.