What are you doing when it comes to preventing users from sending emails that could contain corporate data to their personal email addresses? Do you have controls in place or do you strongly discourage it through company policies? Many organizations have to deal with personal email addresses so blocking outbound emails to @gmail or other major players is out of the question. Thanks.

Only retro-actively; if we suspect exfiltration (and this has to be a strong indication), we will go into a user's mailbox and manually search

Anonymous Author
Only retro-actively; if we suspect exfiltration (and this has to be a strong indication), we will go into a user's mailbox and manually search
3 upvotes
Anonymous Author
Unless you turn off everything there will always be a risk. Educating staff constantly is still the biggest defence, coupled with intelligent scanning of traffic to detect unusual behaviours.
3 upvotes
Anonymous Author
We have policies, yearly required training which also points out you could be fired. And we use DLP data loss prevention tools from McAfee and others. We don’t hide that we use the tools but don’t advertise it either. The tools auto notify the manager and one level up
2 upvotes
Anonymous Author
Prohibited in policy, enforced via detective controls and direct follow-up.
3 upvotes