Corporate Counsel Advice: 5 Ways to Prevent Email Leaks


On the heels of several highly publicized email leak debacles, businesses across the nation have placed a renewed focus on employee email management. After all, when a sensitive email finds its way to an unintended reader, it can spell disaster.

To make matters worse, corporate espionage is no longer just the stuff of Hollywood plotlines; it is a very real and growing threat. According to a report by the U.S. Office of the National Counterintelligence Executive, "The pace of foreign economic collection and industrial espionage activities against major U.S. corporations and U.S. government agencies is accelerating." The report identified email as a factor in the leaking of corporate secrets.

In this precarious environment, managing email policies has become an essential aspect of in-house counsel’s responsibilities as well as legal practice management. Legal managers must carefully govern procedures and policies concerning employee emails to avoid the serious damage leaks can cause to the firm or company’s reputation.

Here are five email management tips for corporate legal departments and law firms looking to protect highly sensitive data:

1. Develop a strict email policy.

In-house counsel should work together with the IT department to develop a detailed, stringent email policy all employees are expected to follow. The policy should be concise and easy to understand, spelling out clear rules about email procedures and policies. For example, the policy could describe what constitutes a “sensitive” email and explain how employees must encrypt these types of messages. It could also include step-by-step instructions on email archiving procedures. To deter employees from making careless email mistakes, the policy could also specify penalties for those who violate company rules.

2. Educate employees on email safety.

Many email disasters occur simply because employees aren’t aware of or educated about cyberrisks. Corporate counsel will want to ensure all employees are properly trained on how to steer clear of phishing schemes and other email threats. Whether you choose to bring in a cybersecurity consultant or send employees to offsite technology training, education is an essential step in preventing email leaks and other cyberattacks.

3. Clarify email monitoring policy.

Be open with staff about your firm’s policy to monitor employee emails. This can be a sensitive subject, so you want to be transparent, just as much as you want to protect sensitive data. This will help guarantee employees follow proper email procedures and avoid risky cyber activity.

4. Perform regular email risk assessments.

Whether you work with your IT department or bring in a technology consultant, it’s critical to perform regular risk assessments on your legal office’s email management procedures. These assessments should include any sources of threats, vulnerable networks, negligent employee email activity and ways to improve email safety.

5. Use a data loss prevention tool.

There are a number of email leakage prevention tools on the market these days. These innovative solutions are designed to warn email users about potential email policy violations before they press “send” on a damaging email. These tools can also recall sent email messages and attachments.

According to a docTrackr infographic, the average cost of a data breach for large enterprises is $429,000, and 88 percent of companies have experienced some degree of data loss. Email is to blame for the vast majority of this data loss. To protect your firm or legal department’s confidential data and reputation, it’s critical for corporate counsel to work together with IT to carefully manage email and protect against mounting cyberthreats.

How is your organization dealing with cyberrisks? Share your experience below.