What are you doing when it comes to preventing users from sending emails that could contain corporate data to their personal email addresses? Do you have controls in place or do you strongly discourage it through company policies? Many organizations have to deal with personal email addresses so blocking outbound emails to @gmail or other major players is out of the question. Thanks.

1.2k views2 Upvotes4 Comments

Sort by:

VP Infrastructure, Cloud, & Data Platforms in Consumer Goods4 years ago

Prohibited in policy, enforced via detective controls and direct follow-up.

Director in Manufacturing4 years ago

We have policies, yearly required training which also points out you could be fired. And we use DLP data loss prevention tools from McAfee and others. We don’t hide that we use the tools but don’t advertise it either. The tools auto notify the manager and one level up

CIO / Managing Partner in Manufacturing4 years ago

Unless you turn off everything there will always be a risk. Educating staff constantly is still the biggest defence, coupled with intelligent scanning of traffic to detect unusual behaviours.

Director of Information Security in Manufacturing4 years ago

Only retro-actively; if we suspect exfiltration (and this has to be a strong indication), we will go into a user's mailbox and manually search

Content you might like

Israeli security firm NSO Group has been exploiting a significant security flaw in Apple iPhones since February using a worrisome "zero click" attack. Are these cyber attacks a major concern for your organization?

Yes, and we actively scan for these types of vulnerabilities.18%

Yes, but we're still working out our strategy for these attacks.65%

No, we're not concerned about zero-click attacks.15%

Other (please share below)

View Results

What advanced identity analytics or continuous access controls is your organization using (or planning to implement)? Any lessons learned you can share regarding vendor selection or implementation?

Anyone have experiences or POVs on TruffleHog Open Source vs Commercial license?

Any tips for evaluating/implementing solutions for application detection and response? What’s your experience been like with these tools so far?

Imagine you had to adjust funding for your priorities. Regardless of why an adjustment needs to occur, which of the following would you prioritize first?

People43%

Process40%

Technology12%

None, these are always given equal priority and funding regardless of the situation3%

View Results

Sort by:

Content you might like

Israeli security firm NSO Group has been exploiting a significant security flaw in Apple iPhones since February using a worrisome "zero click" attack. Are these cyber attacks a major concern for your organization?

What advanced identity analytics or continuous access controls is your organization using (or planning to implement)? Any lessons learned you can share regarding vendor selection or implementation?

Anyone have experiences or POVs on TruffleHog Open Source vs Commercial license?

Any tips for evaluating/implementing solutions for application detection and response? What’s your experience been like with these tools so far?

Imagine you had to adjust funding for your priorities. Regardless of why an adjustment needs to occur, which of the following would you prioritize first?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go