Tim Sadler is the co-founder and CEO of Tessian, an innovative security system that automatically detects and stops security breaches caused by human error. Today, Tessian is the top human layer electronic mail security platform on the market, empowering employees to do their best work in a secured environment.
Companies that deal with confidential information choose to handle their security differently. Some businesses will cut off internet access to individuals with access to sensitive information due to the nature of the work. While this protects against a security breach, it simultaneously limits the employee’s ability to do their job, such as utilizing publicly available forums to troubleshoot problems they encounter.
Sadler founded Tessian back in 2013, striving to combat this problem and create a seamless security system that empowers users to utilize computers without worrying about security breaches. Tessian enables people who aren’t computer experts to feel comfortable using computers. Employees can utilize the most modern systems and access data that help them do their job. Even better, a company is set up for success without countless hours of security training exercises every month. The future of work is transformed with this software, as employees can confidently engage in email conversations and digital transactions without the downside of being hacked and losing information.
The fundamental goal of Tessian is to protect humans from those “oh shit” moments. Sadler helps us understand email security threats and how Tessian provides security using machine learning to predict when emails are sent to the wrong people.
Diverse Background Attributing to A Unique Career
A man of many talents, Sadler is the co-founder of Tessian, an email security startup. Sadler’s innovation in the field of technology can be attributed to his impressive, diverse background. He holds multiple engineering degrees, including a Master of Engineering in Mechanical Engineering and Innovation Design Engineering from the Imperial College of London. While this engineering background provided Sadler with the tools and craft to develop innovations in the technology industry, he is also incredibly creative, as demonstrated by his additional Master of Arts degree in Innovation Design Engineering. This combination of science and art has enabled Sadler to approach technical problems creatively, leading to innovations that have created the top human layer electronic mail security platform on the market.
The first idea for Tessian was born at the beginning of Sadler’s career while he was working in the finance department in one of the world’s largest banks. Although the bank utilized cybersecurity technology and software to secure the organization's network, devices, and endpoints, during his time at the company, Sadler noticed a paradox in the enterprise that he thought needed to be solved. He noticed that even though the company was so large its resources were unlimited in terms of the money they could spend on security products, and its systems lacked the technology that secured people and their interaction with the digital systems in the bank.
Upon this realization, Sadler and his team acknowledged that this problem exists in every business. “People are the gatekeepers to the most sensitive systems and data in the enterprise,” he highlights. “They control how data flows and have the control to wire millions of dollars in a few mouse clicks.” Businesses wouldn’t function without this control left in the hands of human decision, therefore, providing a technology layer that would protect security breaches due to human error would allow people to continue doing their job with the comfort of having underlying software protecting them.
The Idea of A Human Layer Security System: The Problem Is the People
Computers are programmed to be “perfect” – they will always receive an outcome that corresponds with the appropriate input. Nevertheless, companies utilizing computer systems face security breaches all the time. If you step back to investigate why these instances occur, it’s because we’re human.
Human error is when an action fails to achieve the desired outcome or receives negative consequences. This outcome is a natural part of life because humans are fallible creatures who will inevitably make mistakes. Humans are faced with thousands of decisions every day, so when you factor that into how many employees you have in a company, these errors become significant. There are three forms of human error, including when people make mistakes, break the rules, and get tricked, and each of these can lead to email security breaches.
Within a company, employees are constantly making decisions. Some of these decisions may be minor, such as deciding if you should refill your water bottle before or after stopping at the restroom, and some of these decisions may be imperative, such as selecting the correct recipient for an email loaded with confidential information. Many people are more mindful during important tasks where they feel pressured to perform without error, but statistically speaking, humans will eventually get side-tracked and make mistakes. Considering how many employees may work in a company, the risk increases significantly.
Email alone has one of the most significant risks of security breaches because each email requires verification that, yes, this email has come from my CFO. Yes, it does contain the correct wire instructions for the funds. Double-checking will prevent mistakes from occurring, but when thousands of employees are sending tens of emails every single day processing those transactions, it would only take one mistake to result in a terrible scenario. While mindfulness can reduce poor outcomes, it would be foolish to think human decisions alone can prevent security breaches.
Biggest Threats of Email Security
Emailing has been a major form of communication since its establishment in the 1960s, and over time, with an average of over 300 billion emails sent every day throughout the world. Unfortunately, this high presence of use, especially when sending sensitive information, opens the door for mistakes to happen.
The three main email security threats are social engineering and phishing, business email compromise, and misdirected emails. Of course, mindfulness alone cannot guarantee the prevention of a security breach, but if you become aware of these biggest threats of email security, you can significantly improve your company's overall security.
Social engineering, also known as phishing, is the first threat to email security that can be detrimental to a company. Phishing scams aim to trick people into deploying malware or giving them your personal information. There are many forms of phishing scammers, but typically they will send an email containing a malicious hyperlink that fools the reader into signing into one of their accounts – Google accounts are common because they’re so widely used. This threat can be dangerous because their tactics make the message appear to be sent from a person you trust, resulting in you giving away your credentials.
Awareness of these types of scams is the first step in preventing phishing scammers. It helps to research and understand what phishing is, as you can look out for fraudulent messages. Additionally, knowing that some emails and SMS messages are untrustworthy can remind you to evaluate your messages. If the email message surprises you, or you weren’t expecting a message like this from the sender, there is a chance it is a scam.
Another strategy to combat phishing scammers is to enable two-factor authentication on every service. You have likely utilized these security features before, such as when you log into a social media account on a new device requiring an email or text verification. By increasing the number of steps before logging in, you can protect your information from anyone who happens to steal your primary login information. For further protection, you should also use a strong, differentiated password for every service you use.
Business email compromise is the second form of email security threat, also known as email account compromise. This threat can become one of the most devastating security breaches because it exploits the fact that most business is conducted through email, including discussion of financial information. These scams involve a criminal sending an email that appears to come from a known sender, typically making a legitimate request asking you to wire a sum of money in a transaction. For example, this scam could include an email stating their bank details have changed so that the money gets wired into the wrong account or an employer requesting to buy gift cards for the employees and send the serial numbers. These attacks usually target finance departments within organizations that already process a lot of invoices. Since 2016, over $26 billion has been stolen using the business email compromise scam, according to the FBI, which bluntly demonstrates the severity of this threat.
The third main threat of email security is when people send information to the wrong person. People may send these misdirected emails accidentally, where you inadvertently sent sensitive information to the wrong place or disclosed information to another recipient. This threat also applies when identities are supposed to remain confidential and are added to the email CC instead of BCC, allowing all receivers to see their names. When that information is disclosed to the public domain, there is no telling who may gain access and exploit that information.
Why Aren’t These Threats Protected Against More?
Attempts to breach email security have existed for as long as emails have, so over time, large email services have observed trends in phishing attempts to where it is considered a known threat. Some email providers buy lists of malicious URLs and malware that have been reported many times. Their software can compare these URLs to a list of known attachment profiles to put in a spam folder or prevent the email from delivering at all. It is useful when scammers utilize known threats, as the computer software automatically detects malicious behavior and protects the consumer.
What is even more dangerous than a known threat is an unknown threat. If a malicious URL is brand new, it has never been added to a deny list or a known bad list. This sneaky method enables the scammer to slip through the cracks and potentially trick the email receiver into clicking on the URL or exposing sensitive information.
If email security breaches are so dangerous, why aren’t they protected against more? And why aren’t large companies like Microsoft and Google investing in this software? The simple answer is that it is extremely difficult to do. Email security software requires machine learning methods and building algorithms, but it is still hard to inspect content and verify its suitability for a recipient.
Large companies like Microsoft and Google can afford anything, but they still don’t invest in this security technology. These companies can afford anything, but rather than investing millions of dollars to secure their product, they focus on the productivity software they offer to help people manage files and communicate. If large companies secured their product, they would have to offer a secured and unsecured version of it, which inadvertently exposes their vulnerabilities from a research and development and return-on-investment perspectives. For this reason, it is more beneficial on time and resources for companies to rely on a third-party company that specializes in providing security layers to something that is fundamentally already not secure.
There are so many operating systems globally, which makes it more beneficial for businesses to focus their resources to improve their systems to become a competitive differentiator – this is why the cybersecurity industry exists. Even though large corporations have the financial and intellectual backing, they may lack the niche experience and knowledge required to create amazing outcomes in a different industry. As Sadler describes, spreading an organization too thin would lead to “no innovation, no startups, no entrepreneurs, and no venture capital.” He continues, stating, “great ideas are often born outside of these organizations and acquired. This requires craft, passion, and grit.” If a company’s mission is to be a jack-of-all-trades, it can never be the best. At Tessian, they are passionate about protecting people from security threats, which is why they are the top email security platform for human layer security on the market.
How Tessian Human Layer Security Protects Employees
There will always be security threats, but there are strategies to provide a safer work experience for employees. Humans are imperfect and unpredictable, but by embracing the knowledge that it is our nature to make mistakes, we can combat these outcomes with security systems to fall back on. Security breaches are no joke, but when it comes to security, training, and awareness, there is a large disconnect between how much the average person needs to know about how the security software works.
Tessian’s mission is to secure the human layer of data breaches and security threats, allowing workers to feel comfortable working on computers without the stress of security getting in the way. Security software works best when integrated in a way that is the least intrusive – discrete or invisible until it is needed. This concept can seem abstract to understand, but Sadler offers a great analogy comparing Tessian’s software to the safety features on a car. People agree to wear seatbelts and purchase vehicles with airbags, knowing that inevitably a human will make an error and the safety features will be needed to save the day. Additionally, the security systems could be compared to credit card companies that monitor transactions to ensure their legitimacy or detect potential fraud.
Technology is there to abstract the complexity away from the individual employee. However, it is impossible for every employee to 100% understand the security system, so providing an underlying safety feature will act as an invisible layer keeping us safe without bothering you or wasting time.
Tessian – The Future of Human Layer Email Security
Tessian aims to protect employees from themselves, and they have formed their brand to connect with that personable factor by choosing their slogan: Email Security for “OH SHIT” Moments. When it comes to innovative technology, so much of enterprise software and security seems so impersonal, robotic, and serious – even though it is serious. So, Tessian branded itself to connect with the human in all of us, injecting an element of fun into a serious, and somewhat boring, industry.
Historically, the focus of security solutions has been on the machine layer of a company, including the devices and networks. Tessian takes a novel approach, focusing on a common cause of security breaches that are often overlooked: a business’ employees. Human layer security technology considers human behavior, which helps it to adapt to the way you work and prevent security breaches through email.
Sadler’s unique career founded upon engineering and design has created innovations within the cybersecurity industry that have shaped the future of email security. By focusing on the human element of errors, the automated technology allows individuals to stay focused on their work, knowing a hidden layer of security protects them from potential errors. In a world of uncertainty, companies can utilize Tessian’s software to empower employees to work their best every day.