Customer Stories
JTC Group

JTC Mitigates Human-Driven Data Loss With Proofpoint Adaptive Email DLP

The global professional services firm ­prevents misdirected emails, misattached files and sensitive data exfiltration, while maintaining GDPR compliance
The Challenge
  • Protect sensitive customer data
  • Mitigate misdirected emails, ­misattached files and email data exfiltration the existing tools could not address
  • Comply with GDPR requirements
The Solution
  • Proofpoint Adaptive Email DLP
The Results
  • Reliable protection from ­human-centric data loss
  • Reduced false positives keep ­communications flowing
  • Automatic detection and prevention of human-centric data loss
JTC Proofpoint Customer Story
Established in 1987, JTC Group is a global professional services firm specializing in corporate and client services. With more than 1,200 employees across the USA, EMEA and Asia, the company has over $180 billion in assets under administration (AUA) and is listed on the London Stock Exchange and FTSE 250. JTC has been a Proofpoint customer since 2018.

The Challenge

Preventing Accidental and Intentional Data Loss via Email

JTC needed to mitigate human-centric data loss to protect customer data and meet GDPR compliance requirements. Of particular concern were situations where employees could disclose confidential information by sending it to unintended recipients (misdirected email) or unauthorized addresses (email-based data exfiltration) or mistakenly sharing it as an attachment (misattached files).

The firm’s CIO, Adam Jeffries, felt that JTC’s incumbent security stack couldn’t effectively prevent these types of data losses. JTC’s email DLP was rule-based and content-focused, so it could accurately identify sensitive data and stop its sharing via email. This approach worked well when employees did not need to email—as part of their job—confidential information to internal or external parties. But when they did, the blanket restriction on emailing sensitive data had to be lifted.

At this point, the email DLP solution could no longer protect the data because writing rules and policies to cover the multitude of ways in which emails containing sensitive data could be misaddressed and files misattached was virtually impossible. And without rules, email DLP could not distinguish between legitimate, erroneous and malicious data sharing.

Concerned about these email DLP coverage gaps, Jeffries was keen on finding a solution to fill them.

“Proofpoint uses very advanced technology. The traditional way is to use rule-based tools. You have a human being attempting to think of every angle and then setting up rules to combat them. With Proofpoint, this is all done using advanced technology, machine learning, which is far more flexible, targeted and adapted. It allows us to avoid a huge administrative burden and mistakes.”

Adam Jeffries, CIO, JTC Group

The Solution

Proofpoint Adaptive Email DLP Helps JTC Safeguard Customer Data From Human Error and Malicious Intent

Jeffries turned to Proofpoint Adaptive Email DLP as it was designed to prevent the risk of accidental and intentional data loss over email. Adaptive Email DLP uses behavioral AI and machine learning, deep content inspection, and the Proofpoint Nexus® relationship graph to continuously learn and benchmark normal user behavior. This includes who users typically email, how they handle sensitive data, what types of attachments they commonly share, and in what context.

The solution uses this knowledge to intelligently validate email recipients, scan attachments for sensitive data and its relevance to the addressee, and perform contextual analysis to confirm the appropriateness of sharing confidential data with a particular recipient. Adaptive Email DLP also automatically classifies and detects unauthorized email addresses to prevent data exfiltration to personal or unauthorized accounts.

Adaptive Email DLP uncovers deviations from normal behavioral patterns in real time, alerting users about an impending misdirected email, misattached file or email policy violation before an email is sent. Consequently, JTC employees can promptly self-correct errors, lightening the load on the security team and developing awareness of email security risks.

The Results

Reliable Protection Without the Extra Burden on the Security Team

With Proofpoint Adaptive Email DLP, JTC has been successful at preventing misdirected emails, misattached files and sensitive information sent to unauthorized accounts. The information security team even received a thank-you from a senior stakeholder who narrowly avoided sending sensitive content to the wrong recipients.

”Proofpoint Adaptive Email DLP effectively prevents misdirected emails, helps us remain compliant and consistently educates users,” said Jeffries. “It’s staggering, actually, when you first deploy it. You start to ask yourself what was happening in the years and months prior, before implementing Proofpoint.”

With Proofpoint, JTC’s information security team was able to set specific rules within the platform to automatically block employees attempting to send sensitive information to a personal account. JTC reports that Proofpoint’s accuracy of classifying data exfiltration via email has been superb, resulting in just two false positives in over three years.

“Proofpoint uses very advanced technology. The traditional way is to use rule-based tools. You have a human being attempting to think of every angle and then setting up rules to combat them. With Proofpoint, this is all done using advanced technology, machine learning, which is far more flexible, targeted and adapted. It allows us to avoid a huge administrative burden and mistakes,“ said Jeffries.

Download Customer Story