Email becomes part of our life in both cyber and physical worlds.  We execute actions in physical world based on email context in cyber world.

Email is an example of mixed information classification because the sensitivity is content driven.  Therefore, applying protection per the highest sensitivity requirement will be the one-size-fits-all solution.  Typical email technical controls are S/MIME, TLS, RMS, 2FA etc.

No matter how secure the protections are applied, a negligent but legitimate business user will defeat them all.

Educate the consequence of improper usage will uplift the human awareness, and becoming the first line of defense.

Leave a Reply