When Email Security Meets SaaS Security: Uncovering Risky Auto-Forwarding Rules
While intended for convenience and efficient communication, email auto-forwarding rules can inadvertently lead to the unauthorized dissemination of sensitive information to external entities, putting confidential data at risk of exposure to unauthorized parties. Wing Security (Wing), a SaaS security company, announced yesterday that their SaaS shadow IT discovery methods now include a solution that solves for auto-email forwarding as well. While Wing’s shadow IT solution is offered as a free tool that can be onboarded and used as a self-service, users willing to upgrade will be able to enjoy the company’s new Gmail and Outlook integrations, which broaden the company’s discovery capabilities and extend their data security features.
The risks of email auto-forwarding rules
Auto-forwarding emails is a great way to save time on repetitive tasks and are therefore very popular among employees who regularly collaborate and share information with external business partners. Risk examples include:
Automation means no one is checking for sensitive or private information. Emails with a certain word combination in the title, or a specific sender, will automatically be forwarded to an external entity without any oversight. This can lead to PII data leakage, sensitive data leakage and regulatory violations that can compromise an organization’s compliance.
Source: The Hacker News