“When I look at [the] multiple regulations that could point to email security, one key theme is that you have to protect your email data — both at rest, as well as in transit.” Forrester Analyst Heidi Shey recently shared this insight in a live Zix webinar on the cybersecurity requirements of the financial industry.
The webinar dove into the many risks of email, various financial regulations that impact businesses, as well as next steps for protecting email and your organization.
Forrester’s Data Security and Control Framework
In addition to covering the essential capabilities of what email security offers and discussing the types of financial regulations, Heidi shared Forrester’s data security and control framework — a helpful procedure Forrester walks through with their clients on how to think about data security and control.
First, you want to define your data and understand where your data is located. It’s also important to think about what is and what is not sensitive. Once you know this, you can better protect it.
Then you should dissect that data. “This is essentially data about your data. How does it flow? How does it need to flow? How do people use this information?”
Lastly, you must defend that data, whether it’s through security tools, the people who have access to valuable information, etc. Here’s the graph Heidi shared:
One of our key takeaways from Heidi’s presentation is that we have to think holistically. According to Heidi, “While regulations are pretty clear about the types of data they cover, there’s more that we need to protect … We have to start thinking beyond regulatory compliance when it comes to protecting what’s in our email.” It’s no longer just about attachments. We need to think about what’s in the body of those sensitive emails. Financials, usernames, performance improvement plans, passwords, annual reviews, you name it! When not protected with the proper email security, that information can easily slip into the wrong hands.
Here are additional takeaways:
- Threats using email and threats to email are not the same. For example, the phishing email that scammed 108 government employees in LA was a threat using email, while the Ukraine hackers who claimed the huge Kremlin data breach late last year was a threat to email.
- Email Encryption was high on the wish list for data security technologies in 2017. Heidi shared insightful results from a Forrester survey showing that most decision makers want to implement email encryption in 2017.
To learn more, register for the webinar here