Tessian, a email security platform powered by machine learning algorithms, has been named a market leading product by leading cyber-security website Expert Insights. Tessian utilizes powerful technologies to help businesses protect their sensitive data. Tessian works within the inbox, learning communication habits so that it can identify security threats. This means that Tessian offers strong protection against phishing attacks, misdirected emails and data loss. Expert Insights, a B2B IT security review website, has named Tessian a ‘Market leader’ in this area. They state that Tessian gives businesses excellent protection against phishing. They recommend the service highly to businesses looking to protect themselves against misdirected emails and data loss. Misdirected emails are one of the biggest challenges facing businesses. Sensitive emails being sent to the wrong people can have damaging effects on companies. Services such as Tessian offer a unique solution to this problem. By getting to know an individual user’s communication habits, the product can tell when users have misdirected an email. The service will then alert the user and stop the email being sent. This also allows for strong phishing protection from within the inbox, as the service can tell when an email isn’t legitimate and automatically delete it. Tessian’s sophisticated features allow businesses to go beyond traditional email security methods and provide multi-layered protection against data loss. The risks of data loss for business will continue to grow and this product offers an intelligent solution. To learn more about Tessian, contact us here.

  What is Autocomplete? How does Autocomplete work? Autocomplete / auto-fill is a feature which displays suggestions for names and email addresses as you start to type them. These suggestions are possible matches from a list of names and email addresses from the email messages that you have sent. As you start typing a name in the To box, based on the characters you enter, Outlook’s Autocomplete feature displays a list of possible choices. As you enter more characters, Outlook narrows the list. How common are Autocomplete Mistakes? Autocomplete updates its suggested list as quickly as you type each character so it’s very easy to select the wrong email address. Outlook / other mail providers maintain a history of all the email addresses you enter, not just the ones you store in the Address book. Due to this, these names make their way onto the Autocomplete list. Autocomplete mistakes can happen when you’re in a hurry or distracted. For example you may type a name into the ‘To’ box, choose the first option and send — without realizing that Outlook’s Autocomplete feature chose the wrong recipient. Autocomplete is a highly useful and productive feature in a workplace, helping to save time, however it is prone to making mistakes and can cause you to accidentally send emails to the wrong person. Should I switch Autocomplete off? As the risk of misdirected emails is becoming a key issue for leadership, informations security, risk and operating teams, organisations are often taking an impulsive approach to solving this problem. Upon identifying that one of the main culprits for this growing challenge is the auto-complete function over email, the knee-jerk solution by management is to switch the function off, which ends up causing far more problems than it solves. The truth is, Autocomplete is helpful and you shouldn’t disable it. “After identifying the risk of misdirected emails, we explored the option of disabling Autocomplete however it became incredibly clear that this was not the solution. Instead, we needed something that complemented rather than prohibiting work flows, hence we opted for Tessian’s Guardian product” —  David Smith, Partner and Head of Operations, Anthony Gold Solicitors What happens if I disable Autocomplete? There are a number of reasons that firms should strive to keep auto-complete on. It is imperative to take a holistic approach rather than act in what can be perceived in an impetuous manner when dealing with risks such as misdirected emails. Why you shouldn’t disable Autocomplete: 1. Misdelivery risk increases due to manual input 2. Tessian research found that productivity decreases by 30% 3. Increase in non-authorised, non-controlled communication channels to send messages 4. Misaddressed Emails do not decrease 6. Negative experience with technology Tessian’s low user disruption and intelligent predictions have proved to be a sophisticated and risk attractive improvement to disabling autocorrect in Outlook —  Duncan Eadie, IT and Business Services Director at Foot Anstey About Tessian Tessian is building the world’s first Human Layer Security platform to fulfil our mission to keep the world’s most sensitive data and systems private and secure. Using stateful machine learning to analyze historical email data, Tessian’s Parallax Engine can predict for this user, at this point in time, does this email look like a security threat?

As the recent Bupa data breach highlighted, the sending of unauthorized emails – an email that is intentionally sent to an unauthorized recipient, such as an employee’s personal email account – can have a detrimental financial and reputational impact upon an organization. The global insurance and healthcare group’s failure to prevent the exfiltration and attempted sale of over half a million international health insurance customers’ personal information led to a £175,000 fine and a damning evaluation of its negligent security practices.

The loss of consumer data can also result in: • Breaching contracts or non-disclosure agreements • The loss of IP and proprietary research • Breaching data protection regulations • Heavy fines imposed by regulators and clients (GDPR, in particular, will greatly increase fines for all manner of data breaches) Despite such demonstrably damaging ramifications, many organizations do not have sufficiently secure networks and, as a result, lack the necessary visibility over how sensitive data is processed and stored. Before they know it, sensitive data is shared, stolen and sold; the damage is done. For large organizations like Bupa, monitoring thousands of employees and hundreds of thousands of email communications containing millions of pieces of data can seem an insurmountable and relentless task. In 2018, it is estimated that 124.5 billion business emails were sent every day with each employee sending an average of 31 each. These figures are only expected to increase (by at a rate of 3% per annum over the next few years) as corporate email networks grow in size and importance. Organizations that possess large amounts of highly sensitive patient or consumer data like Bupa have a duty to prevent this kind of data breach from happening. If they cannot monitor or control employee behaviour, they must take the necessary steps to find and invest in an approach and solution that can prevent unauthorized emails from being sent. It’s crucial to be proactive – rather than reactive – to address this kind of threat As such, we recommend enterprises employ an email security platform that offers comprehensive protection against the sending of unauthorized emails. Tessian Enforcer, for example, uses machine learning to understand human conversation patterns in order to detect, flag and prevent anomalous emails, which may contain sensitive data, from being sent to unauthorized or personal email accounts.

Organizations often focus their security efforts on threats from outside. But increasingly, it’s people inside the organization who cause data breaches. There was a 47% increase in Insider Threat incidents between 2018 and 2020, including via malicious data exfiltration and accidental data loss. And the comprehensive Verizon 2021 Data Breach Investigations Report suggests that Insiders are directly responsible for around 22% of security incidents. So, what is an insider threat and how can organizations protect themselves from their own people?

Importantly, there are two distinct types of insider threats, and understanding different motives and methods of exfiltration is key for detection and prevention. Types of Insider Threats The Malicious Insider

Malicious Insiders knowingly and intentionally steal data, money, or other assets. For example, an employee or contractor exfiltrating intellectual property, personal information, or financial information for personal gain. What’s in it for the insider? It depends.   Financial Incentives   Data is extremely valuable.Malicious insiders can sell customer’s information on the dark web. There’s a huge market for personal information—research suggests you can steal a person’s identity for around $1,010.   Malicious Insiders can steal leads, intellectual property, or other confidential information for their own financial gain—causing serious damage to an organization in the process.   Competitive Edge Malicious Insiders can steal company data to get a competitive edge in a new venture. This is more common than you might think. For example, a General Electric employee was imprisoned in 2020 for stealing thousands of proprietary files for use in a rival business. Unsurprisingly, stealing data to gain a competitive edge is most common in competitive industries, like finance and entertainment.   The Negligent (or Unaware) Insider 

Negligent Insiders are just “average” employees doing their jobs. Unfortunately, “to err is human”… which means people can—and do—make mistakes.   Sending a misdirected email   Sending an email to the wrong person is one of the most common ways a negligent insider can lose control of company data. Indeed, the UK’s Information Commissioner’s Office reports misdirected emails as the number one cause of data breaches.    And according to Tessian platform data, organizations with over 1,000 employees send around 800 misdirected emails every year. We’ve put together 11 Examples of Data Breaches Caused By Misdirected Emails if you want to see how bad this type of Insider Threat can get.   Phishing attacks   Last year, 66% of organizations worldwide experienced spear phishing attacks. Like all social engineering attacks, phishing involves tricking a person into clicking a link, downloading malware, or taking some other action to compromise a company’s security.   A successful phishing attack requires an employee to fall for it. And practically any of your employees could fall for a sophisticated spear phishing attack.Want to know more about this type of Negligent Insider threat? Read Who Are the Most Likely Targets of Spear Phishing Attacks?   Physical data loss    Whether it’s a phone, laptop, or a paper file, losing devices or hard-copy data can constitute a data breach.Indeed, in June 2021, a member of the public top-secret British military documents in a “soggy heap” behind a bus stop.   Looking for more examples of Insider Threats (both malicious and negligent?) Check out this article: 17 Real-World Examples of Insider Threats   How can I protect against Insider Threats?   As we’ve seen, common Insider Threats are common. So why is so hard to prevent them? Detecting and preventing Insider Threats is such a challenge because it requires full visibility over your data—including who has access to it.   This means fully mapping your company’s data, finding all entry and exit points, and identifying all the employees, contractors, and third parties who have access to it. From there, it comes down to training, monitoring, and security.   Training   While security awareness training isn’t the only measure you need to take to improve security, it is important. Security awareness training can help you work towards legal compliance, build threat awareness, and foster a security culture among your employees. Looking for resources to help train your employees? Check out this blog with a shareable PDF.   Monitoring   Insider Threats can be difficult to detect because insiders normally leverage their legitimate access to data. That’s why it’s important to monitor data for signs of potentially suspicious activity.   Telltale signs of an insider threat include: Large data or file transfers Multiple failed logins (or other unusual login activity) Incorrect software access requests Machine’s take over Abuse by Service Accounts Email Security The vast majority of data exfiltration attempts, accidental data loss incidents, and phishing attacks take place via email. Therefore, the best action you can take to prevent insider threats is to implement an email security solution.   Tessian is a machine learning-powered email security solution that uses anomaly detection, behavioral analysis, and natural language processing to detect data loss.   Tessian Enforcer detects data exfiltration attempts and non-compliant emails Tessian Guardian detects misdirected emails and misattached files Tessian Defender detects and prevents spear phishing attacks How does Tessian detect and prevent Insider Threats? Tessian’s machine learning algorithms analyze your company’s email data. The software learns every employee’s normal communication patterns and maps their trusted email relationships — both inside and outside your organization. Tessian inspects the content and metadata of inbound emails for any signals suggestive of phishing—like suspicious payloads, geophysical locations, IP addresses, email clients—or data exfiltration—like anomalous attachments, content, or sending patterns. Once it detects a threat, Tessian alerts employees and administrators with clear, concise, contextual warnings that reinforce security awareness training