July 29, 2021

Taking the Guesswork Out of Protecting Sensitive Data in Email


There are an estimated 4.03 billion people around the world who use email. And even considering the advent of multiple other collaboration tools, large portions of the business world are still managed completely—and not always securely—through email communication.

Cyberattacks also often target businesses through email. In 2019, 88 percent of organizations worldwide experienced a spear phishing attempt. One of the largest breaches on record involves 3 billion Yahoo email accounts hacked back in 2013.

Email then becomes a major point of vulnerability for businesses—especially those using email to send sensitive, private, or proprietary information both internally and externally—and a common concern emerges around the control, usage, and sharing of information.

Second-Nature Security

But securing email hasn’t been as easy as it sounds. Many times, users need evaluate the data on their own and determine how the data should be protected. This process must consider who the recipient is, whether they are able to consume protected data, and if so, in what format. Once that is decided, the user must take the appropriate steps to protect the data. This adds additional time and effort to the process of sending information to get a job done. And as our experts discussed in a previous post, if security measures reduce the usability or data, the majority of users will default to ignoring security protocols.

Despite many IT teams simply feeling as if their users “don’t care” about security, the good news is that most employees do actually want to participate in company security programs. They just don’t want those programs to get in the way of their ability to do their jobs. Security training can certainly play a part in making employees more aware of their organization’s security policies so they can make more informed decisions. And making the security strategy transparent can also open the door for feedback, especially when it comes to usability.

Automated Email Redaction Fits the Bill

What businesses then find themselves searching for is the ability to establish policies that can ensure sensitive data sent both internally and externally can be protected in the prescribed manner that complies with corporate policies and/or privacy regulations. In short: transparency of interaction that protects the data rather than interrupting user actions.

At PKWARE, we understand. (After all, we use email too!) And in our latest release of PK Protect, we have expanded on our ability to automatically secure email communications via redaction to remove sensitive content without impacting or affecting the standard sender/recipient workflow associated with general email use. By employing automation, PK Protect ensures that the most sensitive data is always protected without users needing to interact with the security policies—or worse, ignore them.

When a user sends an email, PK Discovery, the automated discovery application included in the PK Protect suite, automatically scans the subject, message body, and all attachments for the existence of sensitive text or image-based data. Any sensitive or private information that is found is then redacted based on policies pre-defined by administrators. Not only does redacting the content render the message no longer sensitive, redaction is also a “one and done” process, which means the information can then be shared with anyone, without concern. There is no longer need to manage or control the sensitive data, as it has already been removed.

Policy Makes It Easy

What may sound like a complicated progression is simplified by being policy driven: The entire process is automated. Users don’t have to manually review all messages and attachments for sensitive data, nor are they required to add additional security. PK Protect’s intelligent email redaction capabilities are set in motion when a user clicks the “send” button. No additional end user decisions or actions are required.

As a result, organizations can establish email policies that ensure sensitive data sent both internally and externally can be protected in the manner that complies with corporate polices and/or privacy regulations. Companies are empowered to more effectively share business-relevant information with employees, partners, and other entities without concerns over security, confidentiality, compliance, or most of all, usability.

Whether you’re a long-time PK Protect user or just starting your search for the right email redaction and security solution, the newest release of PK Protect has what you need. See it in action now with a free, customized demo.

Share on social media
  • Apr'24 Breach Report-01
    PKWARE April 17, 2024
  • Data Retention: Aligning Data Protection Strategies with Compliance Requirements
    Ben Meyers March 13, 2024
  • Data Breach Report: March 2024
    PKWARE March 8, 2024
  • PCI DSS 4.0 Compliance: Safeguarding the Future of Payment Security
    PKWARE February 22, 2024