What are you doing when it comes to preventing users from sending emails that could contain corporate data to their personal email addresses? Do you have controls in place or do you strongly discourage it through company policies? Many organizations have to deal with personal email addresses so blocking outbound emails to @gmail or other major players is out of the question. Thanks.

1.2k views2 Upvotes4 Comments

Sort by:

VP Infrastructure, Cloud, & Data Platforms in Consumer Goods4 years ago

Prohibited in policy, enforced via detective controls and direct follow-up.

Director in Manufacturing4 years ago

We have policies, yearly required training which also points out you could be fired. And we use DLP data loss prevention tools from McAfee and others. We don’t hide that we use the tools but don’t advertise it either. The tools auto notify the manager and one level up

CIO / Managing Partner in Manufacturing4 years ago

Unless you turn off everything there will always be a risk. Educating staff constantly is still the biggest defence, coupled with intelligent scanning of traffic to detect unusual behaviours.

Director of Information Security in Manufacturing4 years ago

Only retro-actively; if we suspect exfiltration (and this has to be a strong indication), we will go into a user's mailbox and manually search

Content you might like

Have you seen an increase in attacks on your IoT or OT devices in the past year?

Significant increase5%

Moderate increase36%

Slight increase28%

No change19%

Slight decrease3%

Moderate decrease4%

Significant decrease1%

Not sure1%

View Results

How are you addressing technical debt risk resulting from AI coding tools? Have you established specific processes to manage vulnerabilities in AI-generated code, and are you collaborating with software engineering or other teams using these tools?

What are the challenges and best practices in implementing robust time-sensitive access controls and location-based risk assessments for secure remote work environments?

Considering your organization's use of public cloud infrastructure, do the same technical practitioners manage compute resources as do storage and data management? Or are they different?

The same people are tasked with managing cloud compute and storage42%

Different people are responsible for managing cloud compute and storage54%

For the most part they are the same, but there are some specific situations in which we have specialized teams for each3%

View Results

What sorts of challenges have you encountered in adapting your governance framework to address AI adoption across business units, and how are you attempting to resolve these?

Sort by:

Content you might like

Have you seen an increase in attacks on your IoT or OT devices in the past year?

How are you addressing technical debt risk resulting from AI coding tools? Have you established specific processes to manage vulnerabilities in AI-generated code, and are you collaborating with software engineering or other teams using these tools?

What are the challenges and best practices in implementing robust time-sensitive access controls and location-based risk assessments for secure remote work environments?

Considering your organization's use of public cloud infrastructure, do the same technical practitioners manage compute resources as do storage and data management? Or are they different?

What sorts of challenges have you encountered in adapting your governance framework to address AI adoption across business units, and how are you attempting to resolve these?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go