Care UK is a provider of health and social care services, operating more than 300 facilities across the UK. Its services include running local GPs, out of hours support and residential care homes. It’s hence responsible for safeguarding patient data; and regularly reviews the tools that it has in place to ensure that data is kept as safe as possible. Accidental data leakage is a risk when business communication is so reliant upon email, particularly for a company such as Care UK that stores personal and confidential data. The company was therefore looking to deploy a Data Loss Prevention (DLP) tool, and identified VIPRE SafeSend as a solution.
SafeSend prevents users from sending misaddressed and accidental emails by requiring the user to confirm external recipients and file attachments in Outlook before an email can be sent. Confidential data can be protected as companies can define parameters, including a list of approved domains, that will prompt users with a warning when sending an email to a non-approved domain, for example.
With the solution’s DLP module, SafeSend further scans attachments and email content for sensitive data, allowing for custom rules. Care UK has been able to specify regular expressions within the parameters so that sensitive keywords or data patterns in the email or attachments can be detected, such as confidential patient information or bank account details.
Before, Care UK had basic Microsoft Outlook Exchange tools, to prevent email errors, but felt that they were not sophisticated enough to avert mistakes. Barry Nee, CIO, Care UK says: “The data that we deal with is highly sensitive information and the responsibility of ensuring that data is protected is something that is of paramount importance to us. While we can’t completely eradicate human error, we can do our utmost to train employees and put an additional layer of protection in place, such as SafeSend, to prevent mistakes as much as possible.”
Besides protection against email mistakes, SafeSend can help users spot phishing attacks – such as an email that appears to come from inside the company, but actually has a similar domain name. SafeSend alerts the user to the fact that the email they are about to reply to a non-approved domain.
For organisations that must adhere to compliance and regulatory requirements, such as in healthcare, SafeSend can demonstrate that the company has the right technical controls around DLP, to reinforce compliance credentials, says the product developer VIPRE. As users must acknowledge the pop-up that requires them to confirm the email address is accurate, the attachment is correct and the warning when they are about to send data to a non-approved domain, it’s clear that the company has made steps to prevent confidential data being sent to the wrong person.
Andrea Babbs, Head of Sales, VIPRE SafeSend, pictured, says: “With employee error now the number one cause of data breach or leakage, and increased data protection requirements in place, organisations clearly need robust processes to mitigate the risk of inadvertent data loss. Care UK is a great example of a company taking its responsibility to keep its data secure incredibly seriously, enabling its employees to better manage email and flag potential mistakes – before they hit the send button.”
Barry Nee adds: “SafeSend is an important part of our armoury to help us safeguard patient data and mitigate organisational risk. Human error is natural, but with an automatic reminder to double check and consider whether this information should be sent to this person, and even if the original email is authentic, we have the confidence that data can remain confidential and secure.”
Visit www.vipre.com.
