What are you doing when it comes to preventing users from sending emails that could contain corporate data to their personal email addresses? Do you have controls in place or do you strongly discourage it through company policies? Many organizations have to deal with personal email addresses so blocking outbound emails to @gmail or other major players is out of the question. Thanks.

Security & GRCThreat & Vulnerability ManagementIdentity & Access Management (IAM)+5 more
1.2k views2 Upvotes4 Comments
Director of Information Security in Manufacturing, 1,001 - 5,000 employees
Only retro-actively; if we suspect exfiltration (and this has to be a strong indication), we will go into a user's mailbox and manually search
3
CIO / Managing Partner in Manufacturing, 2 - 10 employees
Unless you turn off everything there will always be a risk. Educating staff constantly is still the biggest defence, coupled with intelligent scanning of traffic to detect unusual behaviours.
3
Director in Manufacturing, 1,001 - 5,000 employees
We have policies, yearly required training which also points out you could be fired. And we use DLP data loss prevention tools from McAfee and others. We don’t hide that we use the tools but don’t advertise it either. The tools auto notify the manager and one level up
2
VP Infrastructure, Cloud, & Data Platforms in Consumer Goods, 10,001+ employees
Prohibited in policy, enforced via detective controls and direct follow-up.
3

Content you might like

In terms of your incident response strategy, are employees required to have the org’s instant messaging platform (Teams, Slack, etc.) installed on their personal mobile device in case their computers become nonfunctional during an incident?

Threat Intelligence & Incident ResponseResilienceSecurity Strategy & Roadmap

Yes, all employees31%

Yes, but only for some employees53%

No15%

I’m not sure…1%


85 PARTICIPANTS
544 views1 Comment

There are so many types of social engineering attacks – how should we determine which ones to focus on for employee security awareness training?

Awareness & TrainingThreat & Vulnerability ManagementSecurity Strategy & Roadmap
718 views2 Comments

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
142 19 Replies
Read More Comments
45k views132 Upvotes322 Comments

Does it actually make sense to have multiple cybersecurity point solutions that serve the same purpose? Or does that added complexity just weaken your overall security posture?

Security Strategy & RoadmapThreat & Vulnerability ManagementThreat Intelligence & Incident Response
353 views1 Comment

If you have a smart TV, are you personally concerned about its listening capabilities (with regards to the potential privacy risks)?

Data PrivacyThreat & Vulnerability ManagementCulture & Values

Yes82%

No17%


118 PARTICIPANTS
321 views