So, how to deal with your dilemma, then? Most of the time, problems like yours are handled with a carefully phrased...
disclaimer notice at the bottom of the email. Sure, it's not a technological solution, but disclaimers make it perfectly clear to recipients that they're receiving sensitive information and should treat it as such.
Another option is to avoid sending sensitive information via email altogether. Instead, send your users messages to let them know that your content is available on your Web site, which you can then link to. Depending on the sensitivity of your Web site data, you may want to authenticate your users. If phishing is a concern, you may want to authenticate yourself to your users.
At your Web site, the users could view your data either in HTML or -- if you want to lower the chance of them copying and editing it -- a protected PDF file. Yes, the bad guys can get around all such protections as described above, but at least casual forwarding would be prevented.
There are commercial cryptographic products that minimize the chances of email forwarding, but they can be bypassed in the ways cited earlier. Still, if you are willing to spend some money, you may want to consider a plug-in like Taceo. It may inconvenience users slightly, but it allows employees to better protect sensitive content.
Dig Deeper on Email and Messaging Threats-Information Security Threats
Related Q&A from Ed Skoudis
Learn how social networking sites compound the insider threat risk, and explore how to mitigate the threat with policy, training and technology. Continue Reading
At Black Hat 2006, researcher Joanna Rutkowska unveiled a piece of machine-based malware called the Blue Pill. But is it a serious threat to your ... Continue Reading
Wi-Fi on airplanes seems like it will be unavoidable in the future, but what security risks does it pose? In this security threats expert response, ... Continue Reading