Why email guards can help prevent data breaches 

July 2016

In recent times we have once again seen media reports of how military data has been released unintentionally into the public domain. In this post I will be looking at how an email guard might have saved the blushes of the armed forces in question.

Data breaches putting military operations at risk

In one recent high profile example, an administrative error led to the accidental leak of a secret NATO document detailing ongoing military exercises.

The document, marked “NATO RESTRICTED” on every one of its 100-plus pages, was accidentally emailed to commercial companies and organisation who were going to be affected by a planned military exercise.

A group of military helicopters - Why email guard can help prevent data breachesThe report apparently contained long lists of email addresses, phone numbers and the location of military facilities, as well as technical details related to the exercises, which included aircraft target areas, code decryption tables, authentication protocols and radio jamming information.

Fortunately, the leak was not sufficiently serious to warrant the cancellation of the exercise, but obviously caused additional risk and unplanned work to rectify the situation. Not what anyone would have wanted.

The solution to stopping data breaches

As with all cyber security the solution requires a well-thought through combination of people, process and technology.

Time after time, data breach surveys show that the human element is the weakest of this triumvirate and the one most likely to fail an organisation.

For example, the 2015 UK Information security breaches survey reported that three-quarters of large organisations suffered a staff-related breach. In fact, half of all organisations attributed the cause of their single worst breach to inadvertent human error.

To help stop this happening, organisations need to ensure that they have appropriate security policies in place and that they are adhered to. To help achieve this, there are technologies available to minimise the risk of human error causing a leak of confidential data.

One of these technologies is an email guard.

What does an email guard do?

An email guard ensures that any data being transferred out a network conforms to the specified security policy.

In order to do this, the email guard has to be able to provide detailed inspection of the data being transferred. The checks that an email guard could perform can be split into three categories:

  • Format checks – the email guards verifies that the data conforms to the expected format;
  • Syntax checks – the email guard validates that the data conforms to the configured security policy so that an administrator can ban fields or portions of data formats that could potentially carry threats such as malware or hidden data leakage;
  • Semantic checks – these ensure that the content of the data whilst valid structurally, is also allowed and includes checks such as prohibited word checking, security label checks, and release authority decisions.

Would an email guard have stopped the data loss in the example above?

Understandably not all the details of the breach I described earlier have been made public, so it’s difficult to categorically state that an email guard would have stopped this breach. However, it may well have done.

A well-built and well-configured guard should have been able to scan the incorrectly attached document; identified the security classification label; and flagged that this document had a restricted audience and so would have prevented the email being released to the commercial organisations.

If this brief example has got your interest, then here are some further places that you can find out more:

Author Bio - Tony Roadknight

Tony RoadknightTony Roadknight is a Certified Information Systems Security Professional (CISSP) and is Lead Technologist at Nexor delivering cyber security solutions to governments, defence and critical national infrastructure organisations.


Be the first to know about developments in secure information exchange