What are you doing when it comes to preventing users from sending emails that could contain corporate data to their personal email addresses? Do you have controls in place or do you strongly discourage it through company policies? Many organizations have to deal with personal email addresses so blocking outbound emails to @gmail or other major players is out of the question. Thanks.

1.2k views2 Upvotes4 Comments

Director of Information Security in Manufacturing, 1,001 - 5,000 employees
Only retro-actively; if we suspect exfiltration (and this has to be a strong indication), we will go into a user's mailbox and manually search
CIO / Managing Partner in Manufacturing, 2 - 10 employees
Unless you turn off everything there will always be a risk. Educating staff constantly is still the biggest defence, coupled with intelligent scanning of traffic to detect unusual behaviours.
Director in Manufacturing, 1,001 - 5,000 employees
We have policies, yearly required training which also points out you could be fired. And we use DLP data loss prevention tools from McAfee and others. We don’t hide that we use the tools but don’t advertise it either. The tools auto notify the manager and one level up
VP Infrastructure, Cloud, & Data Platforms in Consumer Goods, 10,001+ employees
Prohibited in policy, enforced via detective controls and direct follow-up.

Content you might like

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
45k views132 Upvotes322 Comments