Zivver’s Rick Goud explains that, to optimise email security, it’s critical to strike the the right balance with usability
As countries start to break away from the pandemic’s stranglehold – the UK leading this effort – businesses are hastily adapting their working practices, to thrive in a post-Covid world. Critical considerations for C-Suite leaders and management in this era of digital transformation include optimising the security of personal data; not least to protect customer trust and brand reputation, but also to ensure regulatory compliance.
Acknowledging email’s status as the most popular communication tool (approximately 300 billion emails are sent and received each day), securing the information organisations share in this way – with customers, prospects and third party service providers, as well as with staff – is paramount to the enterprise’s prosperity.
When speaking to IT professionals from a range of sectors about email security, they are often unaware that over 80% of data leaks are caused by employee behaviour.
Also, the UK Information Commissioner’s Office (ICO) data security incident trends show that the number one and two causes of data leaks in Q3 2020-21 were a misaddressed email (or post or fax) and authorised access, mainly due to weak passwords and lack of two-factor authentication, and closely related to employees sharing ad-hoc information via systems like e-mail. So much so, many businesses believe that their email is adequately secured. It is this lack of awareness, combined with the latter misconception, that leaves many organisations vulnerable to a data breach.
Failure to combat human error and fortify email security can specifically result in:
- Diminished reputation: Over 85% of consumers state they won’t work with a company if they have concerns about its security practices.
- Compliance fines: The UK GDPR and DPA 2018 has set a maximum fine of £17.5 million or 4% of annual global turnover – whichever is greater – for infringements of their data privacy legislation.
- Financial loss: The cost of a data breach has risen 12% over the past five years to a global average of £2.8 million.
- A Financial Conduct Authority (FCA) fine or custodial sentence: There has been a steady increase in fines against individual defendants as opposed to firms, in line with the theme of individual accountability. In 2018, for example, the FCA fined the CEO of Barclays £321,000.
Protecting the confidentiality and integrity of email messages
So what can be done to plug these gaps in communication security?
In Gartner’s 2020 Market Guide for Email Security, analysts Mark Harris, Peter Firstbrook and Ravisha Chugh stated in the report, “Email was never designed to be a secure communication medium, and organisations continue to struggle to protect sensitive email content in transit and at rest. Email data protection products [such as Zivver] protect the confidentiality and integrity of email messages by enabling the transmission of sensitive information to intended recipients with the starkly reduced possibility of disclosure or alteration.”
The growing number of businesses using Microsoft 365 (including the cloud-based Outlook app) need also be aware that while the software continues to evolve, certain security vulnerabilities remain. The data loss prevention (DLP) functionalities it offers, for example, can make it particularly prone to accidental data leaks.
Reflecting this point, Gartner analysts Mark Harris, Peter Firstbrook and Ravisha Chugh identified in the above-mentioned report that with Office 365, “clients report dissatisfaction with natively available capabilities and are, therefore, choosing to supplement with third-party products”. Such email data protection products not only provide better protection to businesses by adding a layer of security to their Office apps (including Outlook), but can also save significant costs.
To briefly explain this cost-savings potential; enterprises currently have three choices when it comes to Office 365 packages: E1, E3 and E5 licenses (the E3 license is one of the most popular options for digital-driven businesses). By using Zivver’s integrated platform in combination with an Office 365 E1 or E3 license, organisations will have the added benefits of enhanced security and data protection, at a more cost-effective rate than with an E5 license alone.
The recent Microsoft Exchange email hack serves as an additional reminder that the tech giant’s solutions are not impenetrable. The theft of intellectual property and inbox contents can be highly consequential for a business and the damage long-lasting. Applying several security layers to email systems is, therefore, a necessity to help protect data communications.
Equip employees with the right tools to prevent email data leaks
Today’s best approach to securing business communications is to strike the right balance between security and usability; providing employees with the right tools to prevent human error data leaks. Easy to use security solutions that are intuitive and seamlessly embedded into everyday working lives, will enable even the non-tech savvy employees within an organisation to participate in cybersecurity efforts. Our email data protection technology, for example, adds a security and privacy layer on top of existing email systems, such as Outlook (desktop and Microsoft 365) and Gmail – ensuring that staff don’t have to change their usual way of working.
It all comes down to being an enabler. Companies need to ensure that the digital communication technology they deploy is security compliant, integrates into existing workflows, that it is familiar and intuitive for the people using it, as well as intelligent in helping people to make better and safer decisions.
It is our belief that employees are not risks to be mitigated, but key assets to be enabled. When employees are equipped with the right digital tools and understand how their behaviour impacts the frontline of email security, they become much more efficient at detecting scams, preventing data breaches, and protecting sensitive information.
Rick Goud is the CIO of secure communications company Zivver. Before co-founding Zivver, Rick spent six years as a healthcare consultant for Gupta Strategists. While there, he noticed a wide range of sensitive data – such as patient information, company performance, and legal documents – being frequently handled by employees. He realised there was a strong need for a secure communication solution to safeguard and manage such data (including for GDPR compliance) – and shortly afterwards, Zivver was born.
Main image courtesy of iStockPhoto.com