Blog

03 Oct 2019

Compliance, Information Security Michael Roberts 0 comment

A Sensitive Issue: Secure Message Encryption for Large Healthcare Networks

Large regional health authorities can employ thousands of people and have a volunteer network in the thousands or tens of thousands. And, since health authorities send, receive and store so much personal and medical data, secure communications are essential.

Here’s why healthcare organizations are vulnerable to privacy breaches, the consequences of mishandling patient data and how encryption makes secure communications possible for health authorities with a large staff and volunteer base.

Why healthcare organizations are vulnerable to privacy and security breaches

According to a recent report[i], 18 per cent of all cybersecurity breaches happen in healthcare. And internal actors—including employees, former employees, contractors and business associates—cause 59 per cent of the breaches in healthcare.[ii]

Here’s why healthcare organizations including health authorities are vulnerable:

Lack of training for staff and volunteers – The top two patterns in healthcare breaches relate to miscellaneous errors and privilege misuse. Privilege misuse is about employees peeking into patient records that they have access to but shouldn’t be looking at. Training can help build a culture of privacy and security at healthcare organizations and help staff understand the real consequences of snooping. In 2018, for example, The Ottawa Hospital fired an employee for peeking at 30 patient files and the year before, a student intern was fined $25,000 for accessing the personal health information of 139 people (also in Ontario).

Outdated communication tools – Some communication tools simply aren’t secure. This includes old pager systems used to send messages—including patient information, diagnoses and hospital room numbers—over unencrypted radio frequencies. When unencrypted communication methods are the path of least resistance, they’ll continued to be used, despite privacy issues.

Inconsistent mandatory reporting – While mandatory reporting of data breaches is standard across most states and Europe, that’s not the case in Canada. Reporting data breaches isn’t yet mandatory in Manitoba, Quebec or British Columbia. Mandatory reporting is positive because it brings breaches into the public eye—which can encourage organizations to act quickly to resolve security issues.

The consequences of mishandling patient data

In Canada, heath information is protected under the Personal Information Protection and Electronic Documents Act (PIPEDA). When health authorities mishandle patient data, patients lose trust in them, they come under fire from local privacy watchdogs and they can incur significant costs and fines. For example, at Capital Health in Nova Scotia, one employee improperly accessed the private health records of 105 people over six years—which cost Capital Health a $400K settlement.[iii]

For healthcare organizations with a large employee and volunteer base, encryption reduces the likelihood of mishandled patient data while increasing cybersecurity.

What does encryption do?

Encryption converts data and information into a code to prevent unauthorized access to the data while it’s in transit and at rest. It simply means private information is kept private. When choosing an encryption solution, algorithms aren’t the primary differentiators because almost all contemporary security products feature 2048-bit RSA encryption, 256-bit AES encryption and SHA2 signatures.

Instead, the real encryption differentiator is customer experience—how easy is it for patients, employees and volunteers to use the encryption solution? Our OneWorld encryption platform is user-friendly and seamlessly integrates into existing workflows.

5 ways the OneWorld encryption platform makes secure communications possible for health authorities

Enables policy-based encryption – Policy-based encryption allows you to automatically secure communications based on their content. For example, with Echoworx’s OneWorld encryption platform, emails with sensitive information—including protected health information—are automatically identified, securely routed to the OneWorld web portal and encrypted. Encrypted delivery methods include TLS encryption, encrypted PDFs and attachments, certificate encryption and web portal encryption.

Enables reporting and monitoring – In cybersecurity, it’s important to be able to identify and investigate irregular communications. For example, you should be able to see who sent any email you’re reviewing, when it was sent and whether it was opened or not. Reporting and monitoring helps you reduce the risk of internal cyber vulnerabilities.

Increases communications control – With so many employees, volunteers and healthcare partners, it’s easier than ever for sensitive data to leave the safety of your corporate network, either intentionally or accidentally. You can prevent this with communications controls such as preventing email forwarding, setting automatic encryption based on the type of email, keywords, phrases and attachments and enabling a single sign-on solution—to keep sensitive information on your protected network.

Makes encryption the path of least resistance – With a user-friendly encryption platform in place, regional health authorities maintain control over their communications and make security the path of least resistance for their end-users. If an encryption platform makes more work for employees, they won’t adopt it. But when it seamlessly integrates into existing daily tasks, they will. User-friendliness isn’t a nice to have; it’s what makes widespread implementation possible.

Creates a positive return on investment – While encryption is no longer optional, health authorities can save money by investing in the right platform. For example, the Forrester Total Economic Impact™ study revealed that organizations that adopt Echoworx’s OneWorld encryption platform can expect a return on investment of 155 per cent, a payback period of seven months and the unquantified benefits that come with enhanced customer experience and reduced downtime.

Get the full Forrester Total Economic Impact™ study of OneWorld now.

If your regional health authority has thousands of employees and volunteers communicating with patients and other healthcare organizations, choosing the right encryption platform is an essential part of your cybersecurity program.

By: Michael Roberts, VP of Technology, Echoworx

Source:

[i] Cyber Security and Healthcare: An Evolving Understanding of Risk (Symantec)

[ii] Verizon’s 2019 Data Breach Investigations Report

[iii] https://www.cbc.ca/news/canada/nova-scotia/capital-health-privacy-breach-proposed-settlement-1.4858784

25 Sep 2019

communications control in healthcare organizations

Information Security Steve Davis 0 comment

Maintaining Control Over Sensitive Communications in Healthcare

The healthcare industry is becoming increasingly digital – from its adoption of Electronic Health Record (EHR) technology to various online medical appointment booking and prescription systems. And, since healthcare organizations use, send and receive so much personal and medical data, it’s essential that these digital transformation projects incorporate elements of privacy by design —including secure communications.

Here’s why it’s important to maintain control over secure communications and how healthcare organizations can do that.

What is communications control?

Communications control is about setting up a system that allows your organization to oversee, track and review all digital communications. This is typically done by setting up control policies and permissions and using appropriate tools.

Why is control of secure communications essential in healthcare organizations?

Communications control allows you to protect personal and medical data that you collect, use and share as part of business operations. While it’s easy to agree that protecting client data is the right thing to do, there are many more reasons to implement communications control at your organization.

Five reasons for implementing communications control in healthcare organizations:

Clients expect privacy – An EHR includes the most personal details imaginable, from medication lists to medical conditions, and clients trust that you’ll keep this information private and secure.
Bring-your-own-device (BYOD) and remote work culture – It’s now common for companies to allow employees to use their personal cell phones, tablets and laptops for work activities or to operate on company networks. When this happens, sensitive internal information has the potential to travel outside an organization’s digital perimeters —which presents a security risk. The increase in remote employees is one contributor to the popularity of BYOD.
External threats – According to a recent Symantec report, 18 per cent of cybersecurity breaches happen in healthcare. The average cost for a ransomware incident is $76,000 and the average hacking breach costs $2.4M. That’s about 2.4 million reasons to maintain control over sensitive communications!
Insider threats – It’s an uncomfortable truth that data breaches and cyberattacks are often caused by employees—mostly accidentally but sometimes with malicious intent. Learn more about how insider threats happen here.
Client demand for digital solutions – According to McKinsey & Company, consumers prefer digital solutions for many healthcare activities including appointment scheduling, prescription refills, checking personal health information and paying health insurance bills.

The good news is that healthcare organizations can address all these factors with secure communication controls, a user-friendly encryption platform and creating a culture of security.

Five ways healthcare organizations can maintain control of their secure communications

Encryption, encryption, encryption – Encryption is defined as “the process of converting information or data into a code, especially to prevent unauthorized access.” Communicating without encryption is like leaving your front door and filing cabinets unlocked and wide open.
Set external communications policies (aka controls) – With so many modes of communication, it’s easier than ever for sensitive data to leave the safety of your corporate network, either intentionally or accidentally. Secure communications controls can help prevent this from happening. Examples of communications controls include preventing email forwarding, setting automatic encryption based on the type of email, keywords, phrases and attachments and enabling a single sign-on solution—to help ensure sensitive information stays protected.
Set policies for inbound communications – While you can’t control what people send your organization, you can control how you receive it using preset inbound policies, such as automatic encryption. For example, with Echoworx’s OneWorld encryption platform, emails with sensitive information—including protected health information (PHI)—are automatically identified, securely routed to the OneWorld web portal and encrypted. Encrypted delivery methods include TLS encryption, encrypted PDFs and attachments, certificate encryption and web portal encryption.
Enable reporting and monitoring – While you don’t want to set up a “Big Brother” environment, it’s important to be able to identify and investigate irregular communications. For example, you should be able to see who sent any email you’re reviewing, when it was sent and whether it was opened or not. Learn more about taking pre-emptive measures to reduce internal cyber vulnerabilities here.
Act on irregularities – A proper system allows you to act as soon as you identify suspicious communication behaviour. You should be able to modify user permissions, recall messages and revoke access to encrypted messages (even ones that have left your network).

At Echoworx, encryption is all we do. We’re proud to help healthcare organizations take control of their communications and protect their sensitive data with a user-friendly encryption solution that has a demonstrated return on investment. The Forrester Total Economic Impact™ study revealed that organizations that adopt Echoworx’s OneWorld encryption platform can expect a return on investment of 155 per cent, a payback period of seven months and the unquantified benefits that come with enhanced customer experience and reduced downtime.

Get the full Forrester Total Economic Impact™ study of OneWorld now.

By: Steve Davis, Director of Products, Echoworx

13 Sep 2019

Customer Experience, Information Security Michael Roberts 0 comment

Mum’s the Word: Encryption for Group Collaboration

The digital world has opened the seas of technology and revolutionized the way in which we conduct business and serve customers. At the click of a mouse we may apply for mortgages, receive a bank loan or read financial statements. The flow of information has never been more streamlined and customer-centric than it is today.

But what happens when the trappings of contemporary technology outpace our ability to control it?

While your customers embrace the instantaneous nature offered by digital communications, a whole minefield of international privacy regulations, like the EU’s General Data Protection Regulation, demand data protection at every step of the way – privacy by design and privacy in practice.

For those operating in highly regulated business environments, like finance, banking or insurance, these contradictory market demands, dictating an excellent user experience with one hand but airtight algorithms with the other, can disrupt workflow, lead to delays and, ultimately, cause a loss in customer base. Not ideal.

Offering streamlined flexible encryption solutions are one puzzle piece of a greater solution. Without effective secure communication between your staff, their clients and their customers, your organization risks being cut off from the digital world. Here are some ways you can leverage encryption to put your customers first and your brand at the forefront – without interrupting your frictionless collaborative work environment:

Keeping secure communications secure

According to Echoworx data, 80 per cent of customers consider leaving a brand after a breach. Despite this, 69 per cent of customers do not think organizations do enough to protect their data. In a nutshell: You cannot afford to have bad data practices when it comes to exchanging personal data of your customers – even internally.

With five flexible secure methods to send encrypted messages, Echoworx’s OneWorld ensures no sensitive correspondence goes out in the clear. Depending where your colleagues are located, for example, they might favour a more mobile-friendly method of encrypted communication – like sending via secure web portal.

Learn more about OneWorld’s different secure delivery methods.

Offering a consistent user experience

Do your employees work primarily via their mobile devices? Are TLS connections available with your clients? Do your encrypted messages need to be available at-rest for offline working environments? How tech-savvy are your users – both internal and external?

Questions like the above can help you determine an encryption solution which works for your organizational work environment. According to Echoworx research, over half of IT professionals and decision-makers value encryption technology as very important – and yet just 40 per cent say their organizations employ data privacy technology extensively. These figures suggest their current cybersecurity solutions are not applicable to their encryption needs or perhaps offer a poor user experience.

With OneWorld you can make encryption your path of least resistance for your organization. With multiple flexible ways in which to send an encrypted message, and different ways to read and interact with it, you can streamline your collaborative workflow regardless of where users are located.

Learn more about choosing an encryption delivery method which works.

Faster turnaround on important documents

From onboarding a new client to putting something out for deadline, the business world doesn’t forgive cumbersome time-consuming processes. If an important document takes too long, the process is confusing or a deadline is missed, you might lose a customer or, at the very least, make a bad digital impression. The right type of secure document delivery can eliminate these types of snags in favour of a frictionless business process.

In addition to its other flexible delivery methods, OneWorld features the ability to append password-protected encrypted attachments to otherwise normal digital correspondences. This not only allows users to work on a document in its native format, but also eliminates the need for an entire messages to be encrypted. This can improve turnaround on important sensitive documents and streamline collaborative working environments as digital messages can be exchanged in real time.

Learn more about our other secure encryption delivery methods.

Stay compliant, avoid the fines

At the end of the day, the whole point of adopting an encryption strategy is to beef up cyber-defences and avoid costly non-compliance fines. If your organization does not offer a flexible, frictionless and seamless encryption experience, your customers and clients won’t like it and your employees won’t use it. For a collaborative work environment, this presents considerable internal risk for even the most mundane day-to-day workflow.

Learn more about choosing an encryption method which works.

Natural extensions to existing email infrastructure

Our OneWorld encryption platform works seamlessly with existing email infrastructure, like Microsoft Office 365, to offer additional secure delivery methods. These additional options for sending encrypted communications perfectly compliment Office 365 to take your encryption strategy to the next level. From OneWorld’s ability to brand encrypted messages to something as simple, and useful, as being able to track message progress via detailed reports to additional password options, OneWorld helps your organization enhance user experience, add more security and increase work productivity.

Learn more about OneWorld’s natural extensions for OME.

By Michael Roberts, VP Technology at Echoworx

10 Sep 2019

Cybersecurity, Information Security Alex Loo 0 comment

The Risks of Cloud Computing

Cloud computing brings many benefits to enterprise-level organizations but it’s not risk-free. Here’s a quick primer of what cloud computing is, the risks involved and how organizations can minimize the risks of cloud computing.

What is cloud computing?

Simply put: Cloud computing is moving your computing service to the internet using a third-party provider. There are three options: infrastructure, platform and software as a service. The infrastructure option means your organization has the servers onsite, but your provider manages your network virtually. A platform as a service provides infrastructure tools for development that you don’t manage yourself and software as a service (SaaS) is software managed externally. With SaaS, you employ a team of third-party experts to run and manage the solution instead of building in-house. SaaS examples include Echoworx’s OneWorld encryption solution, Office 365 or Salesforce.

The benefits of cloud computing

Using a cloud service lets you rely on your service provider to protect your data from breaches and gives you global access to your data through the internet. Many organizations use cloud computing because they don’t have the expertise to manage the risks and ongoing vulnerability mitigations and resolutions associated with local storage and security.

According to a recent EY Global Information Security Survey, only 8 per cent of organizations have information security functions that fully meet their needs. This same report indicates that 52 per cent of organizations are prioritizing cloud computing for their cybersecurity spending this year.

What are the risks of uploading to the cloud?

There’s a financial risk to uploading data to the cloud when it comes to privacy regulations and breach outcomes. For example, under the General Data Protection Regulation (GDPR), fines for exposing citizen data are hefty—up to €20M or4 per cent of your annual revenue! If your company exposes credit card or other personal information, your entire business could be at risk due to lost consumer trust.

How has the cloud evolved?

Initially, when untested cloud services emerged on the scene, many organizations continued to retain their computer service in-house over security concerns. But, over the last decade, cloud services have evolved into proven and secure platforms – providing effective protection for sensitive data.

Organizations are now comfortable with the cloud infrastructure from a security perspective because certified cloud providers treat data with integrity through privacy, data access controls and auditing.

How can an organization insulate itself from cloud risks?

Although cloud security mostly depends on your service provider, you can minimize risk in two ways. First, select a cloud service which provides management and risk management for you. Make sure any cloud service is audited and certified – with certifications like SOC2 and PCI.

The second way to minimize risk comes from within your organization. You need experts that understand cloud solution architecture and risk management processes and procedures. These experts can help you understand the risk and protect your organization by choosing the right cloud service provider. They can also help you understand whether your cloud computing investment has ROI potential. For example, a recent Forrester Total Economic Impact™ study, revealed that a typical enterprise-level organization using Echoworx’s OneWorld encryption platform can expect an ROI of 155 per cent—with $793K in avoided costs of legacy on-premises solutions. Get the full Forrester Total Economic Impact™ study of OneWorld now.

By: Alex Loo, VP Operations, Echoworx

09 Sep 2019

Cybersecurity, Information Security Brian Au 0 comment

A Lesson in Cybersecurity Simplicity from the Capital One Breach

The lesson from the recent Capital One data breach can be summed up with the KISS principle. Simplicity is hard to beat, even in cybersecurity. Let’s look at why this breach happened and what organizations can do to shore up their cybersecurity defenses with seemingly simple solutions.

Peeking behind the Capital One headlines

The headlines about the Capital One data breach emphasize impact: more than six million Canadians were compromised in this data breach. Over a million Social Insurance Numbers (SIN) were exposed. Victims can receive free credit monitoring and identity theft insurance to reduce the sting of their private information being stolen from their trusted provider.

This is scary stuff, but the most chilling part of the story isn’t even covered in some of these reports: The data was breached due to a vulnerability caused by a misconfigured server. Those two words—misconfigured server—left chief technology officers and chief information security officers around the globe trembling. Server configuration is part of the basic line of defense in cybersecurity.

The lesson from Capital One is about simplicity. Good cybersecurity hygiene matters and it’s the first and best defense against data security breaches. To manage this ongoing and increasing threat, enterprise-level organizations must get serious about mastering the basics.

Getting back to basics: 5 simple ways to boost cybersecurity in your organization

Resource your IT department appropriately – According to the EY Global Information Security Survey,[i] 87 per cent of organizations don’t have enough money in their IT budgets to fund the cybersecurity and resiliency programs they want to implement. And, as we saw with Capital One, missing a basic security protocol can lead to costly and embarrassing outcomes. Dr. Ann Cavoukian, Executive Director of the Privacy by Design Centre for Excellence, told the CBC, “Companies are simply under-resourced. They’re not devoting the resources required for strong security.”[1] Having enough properly trained IT resources means your team can dedicate time to testing and uncovering vulnerabilities and mistakes before it’s too late.

Encrypt your data – Encryption protects private data in transit (such as in email and other communications) and at rest (on your network). It’s important to have a scalable encryption solution that offers multiple delivery options, is easy for employees and clients to use, lets users recall encrypted messages even after they’re opened and is easily integrated with solutions you already use, such as Office 365. In a recent Echoworx survey, 53 per cent of the IT professionals and decision-makers surveyed said encryption technology was very important or critical to their organizations. And yet, only 40 per cent of respondents said their organizations are using data privacy technology extensively. Again, here’s where simplicity triumphs: an encryption solution can only be effective when it’s used.

There are also financial incentives for using encryption. A recent Forrester Total Economic Impact™ study, revealed that a typical enterprise-level organization using Echoworx’s OneWorld encryption platform can expect an ROI of 155 per cent—with upwards of $2.7M in cost-mitigating benefits.

Get the full Forrester Total Economic Impact™ study of OneWorld now.

Know your risks and assets – Cybersecurity efforts are more effective when they’re based on a strategic framework, instead of piecemeal solutions. It’s important to identify (and address) risks such as outdated security protocols, data protection, careless employee behaviour, identity and access management, etc. Identifying key assets and data—and increasing security around them—is another essential part of a strategic cybersecurity infrastructure. Increase support for cybersecurity initiatives by helping your board of directors understand the real risks companies face with inadequate cybersecurity programs and resources.

Use a privacy by design approach – With so many organizations pursuing digital transformation, there’s a perceived need for speed. What’s even more essential is building privacy and data protection into new digital programs and processes. Frédéric Virmont, a cybersecurity industry expert, says, “Security is like quality; it must be from the beginning to the end of the life cycle. If you wait until the end of the product, it’s too late. Once the house is built, it’s too late to add emergency exits.”

Learn more about mitigating internal vulnerabilities.

Train your staff on cybersecurity – A recent PwC reportfound that 32 per cent of respondents consider insider threats more costly and damaging than external incidents. Insider threats can be accidental or intentional, so education and proper security protocols are the first line of defense against them. Educate employees about the importance of using security programs and processes and how to identify and report suspicious incidents. And by choosing effective cybersecurity platforms –encryption for example—that are also easy to use, you make data protection the path of least resistance. Cybercrime, including social engineering and spear phishing, is more sophisticated than ever; wise companies create informed workforces capable of identifying these cyber threats.

With the average cost of data breaches at $141 per breached record (and more than double that for healthcare organizations),[ii] isn’t it time for organizations to keep it simple and master the basics of cybersecurity?

By: Brian Au, IT Specialist, Echoworx

Sources:

[1] https://www.cbc.ca/news/business/capital-one-data-breach-1.5232952

[i] https://assets.ey.com/content/dam/ey-sites/ey-com/en_gl/topics/advisory/GISS-2018-19-low-res.pdf

[ii] https://www.ibm.com/downloads/cas/ZYKLN2E3

25 Jul 2019

Compliance challenges inside and outside of marketing departments are real

Compliance NEYSON LINS 0 comment

Communications Compliance: Why is it Important for Your Marketing Compliance Plan?

Corporate communications, including marketing communications, are subject to enough external regulations and internal controls to make even the most unflappable CCO shudder. Here, we’ll talk about what communications compliance is, the challenges surrounding it and why encryption is now a marketing compliance solution.

What is communications compliance?

Communications compliance is simply ensuring all internal and external communications, including social media postings, meet legal and regulatory standards that govern your industry. These standards are to protect client information and ensure your communications don’t mislead consumers. This is easy to say but gets complicated quickly due to the number of standards your communications must comply with.

For example, regulations and governing bodies that affect corporate communications include:

The General Data Protection Regulation (GDPR).
The Payment Card Industry Data Security Standard (PCI-DSS).
The Financial Industry Regulatory Authority (FINRA).
The Securities and Exchange Commission (SEC).
The Investment Industry Regulatory Organization of Canada (IIROC).
The Markets in Financial Instruments Directive (MiFID II).
The Health Insurance Portability and Accountability Act (HIPAA).
The Sarbanes-Oxley Act (SOX).

And the following bodies also have additional guidelines for social media postings:

The Food and Drug Administration (FDA).
The Federal Financial Institutions Examination Council (FFIEC).
The Federal Trade Commission (FTC).
The American Bankers Association (ABA).
FINRA and SEC, as above.

In social media compliance circles, we’re seeing discussion around professionals who inadvertently violate regulatory agreements on social media. For example, in some jurisdictions, a real estate agent who tweets another agent’s listing may be out of compliance because that tweet suggests an inconsistency with an exclusive-representation agreement. Whatever industry you’re in, you must address compliance issues, and this takes extra diligence in heavily regulated industries like financial services and healthcare.

What are the challenges of communications compliance?

The challenges of communications compliance include:

Compliance is a moving target – With multiple regulatory bodies and guidelines to incorporate, plus the expanding role of compliance management professionals, compliance is continually evolving which makes staying ahead of the game difficult.

Audit requirements – It’s essential that your company can audit your electronic communications which means original copies must be stored properly for the right amount of time. On the other hand, this “paper trail” also highlights any compliance violations which puts you at risk for fines and even class action lawsuits. For example, there’s a class action lawsuit against Bell Canada for its Relevant Advertising Program (RAP) that tracked customer activity to build profiles for third-party advertisers.

So many communications! – Add marketing messages to customer and vendor communications and it’s easy to get overwhelmed by the sheer number of messages that leave your organization each year. Plus, with different types of messages requiring different approaches and protection, compliance gets complicated—especially if the right staff aren’t aware of the regulatory rules.

Solutions reside across multiple business units – Compliance doesn’t belong to the compliance office; instead it resides across the entire business which can make governance more difficult and complex. For example, we see more marketing teams pursuing encryptions solutions for compliance—even though encryption is historically under IT’s purview.

Why compliance matters in marketing

Marketing is on the frontline of consumer protection. Compliance in marketing governs how businesses communicate with clients and prospects, protects personal data from misuse and ensures the principle of honesty in advertising is upheld.

Compliance challenges inside and outside of marketing departments are real, but organizations that address them holistically and consistently stay on the right side of regulations. One piece of the compliance equation is encryption.

Four reasons encryption is a marketing compliance solution:

Data security – Encryption protects personal information used in marketing communications while it’s in transit to and from your customers and partners and while it’s stored on your own network. For example, PCI DIS requires that emails containing cardholder data are encrypted during transmission and protected in storage. This means that sensitive or personal information such as credit card numbers can only be saved on your network if they’re encrypted.

Secure bulk delivery – Sending mass personalized communications securely is essential in many industries including insurance, government and healthcare. For example, if there’s a proposal for natural gas drilling in a specific area, a government might need to send a personalized message about this sensitive topic to all citizens residing in that geographical area. Our Secure Bulk Mail (SBM) delivery method makes this possible.Learn more about SBM.

Digital trust – In digital customer relationships, trust is easy to get but nearly impossible to get back once it’s been lost. Using encryption to secure your client communications protects clients and shows them your organization takes their privacy and security seriously. With our OneWorld encryption platform, you can set language policies or branding attributes to automatically apply to encrypted communications based on sender, brand, locale and receiver attributes which creates a consistent and trustworthy user-experience.Learn more about building digital trust using encryption.

Positive return on investment – Encryption is a compliance tool that saves organizations money. For example, a recent Forrester Total Economic Impact™ study, revealed that a typical enterprise-level organization using Echoworx’s OneWorld encryption platform can expect an ROI of 155 per cent—with upwards of $2.7M in cost-mitigating benefits and a payback period of seven months. Get the full Forrester Total Economic Impact™ study of OneWorld now.

Whether you’re a marketing, IT or compliance professional, encryption can help your organization reduce compliance risks while protecting personal information and securing customer trust. So why wait to integrate encryption into your communications compliance strategy?

By Neyson Lins, Campaign Manager at Echoworx

18 Jul 2019

Accountants play a role in cybersecurity

Cybersecurity Jag Heer 0 comment

Integrating Cybersecurity with Business Strategy

A common problem faced by a growing number of organizations is how to seamlessly integrate cybersecurity into their overall business strategy. As industry and commerce prepare for the next level of cyber-attacks, businesses are increasingly looking to finance professionals for help in developing risk-mitigating cybersecurity strategies that align with the organization’s mission and vision.

Identifying cyber-vulnerabilities starts with getting to know your intangibles

How well do you know your intangibles? This on the face of it seems like a strange question to be putting to an accountant, but it is a very real issue. Intangibles in the accounting world have been grouped as a separate asset class, a kind of catch all for anything that meets the asset definition (a resource that a company controls, and which is expected to produce a future economic benefit), but is not physical in nature. Traditionally, accounting practices only record what things cost, or the resale value if possible. But, based on the difference between reported book and stock values, intangible assets now make up between 60 to 80 per cent of global corporate worth.

The lack of clear definition in identifying the business’s intangible strategic assets, and more importantly the difficulty in assigning an appropriate monetary value to the intangibles, such as intellectual property, internal software upgrades, staff and managerial expertise, customer data insights to name a few, has left organizations exposed to cyber threats, if you haven’t identified the intangible as a strategic asset, then why would you spend resources protecting it. Every business will have its own nuanced set of strategic intangibles. It is predominately these intangibles that a cyber security investment will be safeguarding. Not identifying your intangibles, or not knowing the real value of the intangibles to an organization makes it less likely that an appropriate cyber security defense strategy will be put in place to protect these intangibles. So, get to know all your intangibles!

The second fundamental challenge deals with the ambiguous complexity of cyber threats and understanding the nuances of the different types of current cyber threats posed to their strategic intangible assets. Threats come in all forms and sizes, and not being cognizant on what the current threat landscape looks like in their own industry sector is extremely risky. The goal should not be to create a strategy to overcome a security crisis, although in too many instances it requires a breach for a company to initiate an action. Rather, the goal should be to have a cohesive integrated cyber strategy that protects against current threats and has the flexibility to adapt to future threats.

Understand the underlying prevalent cyber threats that reside in your industry.

Accountants play a role in cybersecurity

Accounting and finance professionals are uniquely placed to help a business develop an appropriate cybersecurity strategy. Finance teams, with their knowledge of an organization’s intangible strategic assets, and expertise in implementing risk management strategies, are well-equipped to identify cyber vulnerabilities, and accountants can be pivotal in closing any security gaps by exploring, evaluating and implementing better tailored security solutions.

There is most definitely not a one-size-fits-all solution when it comes to cybersecurity. In fact, it is very unlikely you find any two large enterprise organizations having similar solutions. Even strategic business units within the same organization often have very different security programs. By thoroughly knowing your intangibles and being versed on the ambiguous complexity of the cyber threats, coupled with knowledge of risk management techniques, accountants can take a leadership role in delivering effective and efficient cyber security strategies. The cyber security strategy within an organization ultimately becomes a competitive advantage to that organization in its own right.

Understanding total economic impact of cybersecurity

Forrester Research recently published a study identifying the challenges of choosing an email encryption solution for enterprise-level organizations – where, without the right support and processes, running an encryption platform became an onerous activity.

The study, entitled “The Total Economic Impact of Echoworx OneWorld Encryption,” is written in a style and language that will be familiar to finance professionals. Both quantified and unquantified benefits of the solution are identified, and the analysis is presented in the form of a post audit investment appraisal using techniques like ROI, NPV and payback.

I recommend CPAs read this report because it demonstrates the holistic view that needs to be considered when undertaking a strategic cybersecurity investment.

See the full Forrester TEI study here.

By Jag Heer CPA, ACMA, CGMA
Finance Director, Echoworx Corporation

10 Jul 2019

Cybersecurity, Information Security Michael Roberts 0 comment

Is Your Company Board of Directors On-Board with Cybersecurity?

Cybersecurity is no longer just an IT issue. Cybersecurity is no longer measured by who has a taller firewall. Cybersecurity is no longer an out-of-the-box one-size-fits-all installable solution. Instead, cybersecurity is now a complex mosaic of solutions, ideas and mindsets which permeates throughout the entire organizational structure of a company – from warehouse to boardroom.

So, at the end of the day, who is responsible for instigating organization-wide cybersecurity initiatives?

While C-suite executives, from CEO to CISO, might be responsible for spurring action toward shoring cyber-defences, an IT department is generally responsible for the implementation and maintenance of new security solutions with existing infrastructure. But, at the end of the day, it is the organizational board of directors who need to be won over. This carefully selected group of individuals, chosen to reflect the interests of company stakeholders in overseeing organizational management, are who even a CEO must answer to – including on issues concerning budget.

For a CISO intent on spending more on cybersecurity solutions, convincing their board of directors can be difficult. And, due to the intangible nature of cybersecurity, with no visible physical benefits, at least initially, emphasizing the importance of investing in said technology is paramount.

Here are some simple probing informational conversations you need to have to convince your board of directors to pay attention to cybersecurity solutions:

How much does your board of directors know about cybersecurity?

Before you launch into the meat and potatoes of your cybersecurity proposal, you need to gage how deep the knowledge base of your board of directors is when comes to this subject matter. Unless they have clear backgrounds in technology or security, it is unlikely they have a deep understanding of how exactly cybersecurity works.

You need to explain what cybersecurity is, in layman’s terms, why it is important and why cybersecurity is no longer just an IT problem – but rather one of organization-wide significance. You might consider throwing out some statistics regarding the negative impact of a data breach – like last year’s massive data breach affecting the healthcare system of the Canadian province of Ontario, for example, which saw the theft of 80,000 unencrypted electronic health records.

Learn about making a business case for encryption here.

How accountable is your board of directors for data protection?

When a data breach occurs within an organization, its devasting effects are felt company-wide – including at the board-level. Aside from the potential for soul-crushing fines from regulatory bodies, like those dished out to violators of the EU’s General Data Protection Regulation (GDPR), for example, mishandling personal data hurts a brand as a whole – with Echoworx data showing 80 per cent of customers consider leaving a brand after a breach.

As the directors of organizational tack, brand reputation is a crucial focus for boards aiming for business success. Investing in cybersecurity solutions, like encryption for communications, is an important step to preserving brand – with some solutions, like encryption, even mandatory to conduct business in some parts of the world.

Emphasizing the monetary advantages of cybersecurity investment

From regulatory fines to brand damage to just cleaning up the mess, data breaches can be like termites into an organization’s finances. Investing in cybersecurity solutions insulates your organization from the detrimental effects both before and after malicious cyber-events – and can even help save money in other supplementary categories.

Take our OneWorld encryption platform, for example. According to a recent Total Economic Impact™ study from Forrester Research, OneWorld shows a return on investment (ROI) of 155 per cent – and upwards of $2.7M in cost-mitigating benefits. These cost-mitigating benefits do not account for the hundreds of thousands (or even millions) of dollars saved by the risk-mitigating features of this flexible encryption platform – offering five different ways to communicate securely with your customer base.

Get the full TEI study of OneWorld by Forrester Research here.

How important is digital trust?

Every business wants their customers to trust them – a trend which transcends the digital world. But gaining digital trust online is different from doing so at brick-and-mortar stores. Unlike their offline counterparts, where brand trust is gained over years (and even generations), digital trust is fairly easy to get. But digital trust is even easier to lose – and impossible to get back.

So a board of directors needs to understand the brand value of protecting customer data as a tool for building digital trust. Nobody wants to work with a company which doesn’t protect their data. And cybersecurity investment is an excellent marketing tool for reassuring customers that your brand does. In today’s customer-centric world, with so many other options online, you simply can’t afford not to put your customers first – and your board needs to understand that.

Learn more about building digital trust with encryption.

By Michael Roberts, VP Technology at Echoworx

02 Jul 2019

Five reasons encryption is essential for healthcare organizations undergoing digital transformation:

Compliance, Customer Experience Steve Davis 0 comment

Facing the Fax: Why Healthcare is Still Offline

Since the business world entered Industry 4.0, organizations have scrambled to digitize physical assets and integrate them into digital ecosystems. Today, we’ll talk about why healthcare organizations are so far behind when it comes to all-things-digital and how a user-friendly and flexible encryption solution can ease the transition to Industry 4.0.

Why healthcare organizations are slow to adopt digital solutions

Even though electronic healthcare records are becoming increasingly common, there are still many healthcare organizations that rely on fax and paper records to do business.

The common barriers to going digital are:

Limited IT resources – Healthcare organizations are dealing with stagnant or declining IT budgets and don’t typically have enough skilled IT security practitioners to keep up with day-to-day demands, let alone enormous digitization projects.

Daunting privacy regulations – From the Health Insurance Portability and Accountability Act (HIPAA) to the General Data Protection Regulation (GDPR), healthcare data is heavily regulated. Healthcare organizations may think it’s easier to stay compliant by keeping patient records tucked into filing cabinets but that’s simply not true.

Fear of privacy breaches – With so many horror stories in the news about data breaches, healthcare organizations are keenly aware of the risks of going digital. Especially because the average cost per breached record is $380 in healthcare—more than double the cross-industry average.

These barriers are real, but they represent the cost of doing business instead of something that can be avoided – or something that can be an advantage. There’s no turning back from digitization in business, including in healthcare.

Three reasons for healthcare organizations to go digital sooner than later:

Increased user demand – Healthcare organizations serve millennials and baby boomers who now have technology in common. Millennials grew up with it and boomers begrudgingly learned to master the technology they now consider indispensable. Clunky, paper-based reports and systems are nearing extinction in the on-demand world people now expect.

The digital ecosystem is no longer optional – Industry 4.0 is digitizing and connecting everything in the supply chain and healthcare organizations can either join in or be left out. Except healthcare organizations don’t operate in a vacuum because they need to communicate with hospitals, labs, insurance agencies and business associates. At some point, it will no longer be possible to operate outside of this digital ecosystem so why not plan for a smooth digital transformation now rather than rush at the last minute?

Reduce churn by increasing digital trust – The Ponemon Institute’s 2017 Cost of Data Breach Study found that health organizations experience a relatively high abnormal churn rate. They also found that when organizations cultivate customer trust around how personal data is protected, churn is reduced.

It’s time for healthcare organizations to embrace Industry 4.0—starting with encryption.

Five reasons encryption is essential for healthcare organizations undergoing digital transformation:

Protects patient data even if other organizations don’t – Encryption keeps your electronic health records secure on your network and while they’re in transit to and from your organization. For example, if you receive unencrypted personal information via email, Echoworx’s One World encryption platform automatically reroutes this sensitive incoming data to an encrypted web portal. This is one way encryption builds digital trust.

Provides flexible delivery methods – Choosing a user-friendly encryption solution with flexible delivery methods allows healthcare organizations to handle multiple business scenarios. This means patient data stays protected whether it’s delivered through secure PDF, web portal access, TLS and encrypted attachments or S/MIME and PGP.

Makes it easy for staff to protect patient data – Unfortunately, healthcare has more breaches due to insider threats than outside malicious agents. Accidental disclosure of personal information happens because of mistakes or when staff bypass a clunky security protocol. Implementing a user-friendly encryption solution with definable policies that control which communications require encryption (and what delivery method to use) greatly reduces the risk of these inadvertent disclosures.

Simplifies compliance – These same definable policies simplify compliance processes and keep healthcare organizations on the right side of privacy regulations. This is useful since HIPPA fines are becoming substantial; in 2018, Anthem Insurance was fined $16M after a 2015 privacy breach.

Delivers a substantial return on investment – A recent Forrester Total Economic Impact™ study found that a typical enterprise-level organization using Echoworx’s OneWorld encryption platform can accelerate the adoption of digital document delivery, save $1 per paper document delivered digitally instead of through the postal system and accumulate a three-year cost savings of $1.5M. The same study indicated that organizations adopting Echoworx’s OneWorld encryption platform can expect a return on investment of 155% and a payback period of seven months. Get the full Forrester Total Economic Impact™ study of OneWorld now.

Healthcare organizations operating in the fax and paper world are using systems that are on borrowed time. There’s a better way and that starts with finding the right encryption solution to fuel your healthcare organization’s digital transformation.

Learn more about how encryption can help you get there.

By Steve Davis, Director Products, Echoworx

26 Jun 2019

Compliance, Information Security Alex Loo 0 comment

Keeping Electronic Health Records Safe in Transit

Electronic health records aren’t stationary documents that remain protected behind a single wall of defence. They travel between healthcare organizations and third-party business associates frequently and each journey carries the risk of security breaches. Today we’ll talk about the type of personal data exchanged in healthcare and how encryption helps keep that data secure.

Personal data exchanged in healthcare

Electronic health records are a treasure trove of sensitive personal information including:

Medical history, medications and immunizations.
Diagnoses and treatment recommendations.
Lab reports including radiology images and test results.

To create a unified electronic health record takes collaboration between multiple parties. This means medical information—including colonoscopy test results—is in transit more than you think and probably more than you are comfortable with.

Electronic health records travel between these organizations in various routes:

Hospitals.
General practitioners.
Specialists.
Laboratories.
Clinics.
Insurance agencies.
Homecare agencies.
Third-party business associates including companies that process claims, administer benefits, transcribe medical reports, store and dispose of documents, etc.

The cost of unprotected digital patient records

Unprotected electronic health records—in transit and otherwise—are a costly disaster waiting to happen. The personal data found in patient records is valuable to nefarious agents—so valuable that breaches are common and costly in healthcare. And the more records that are breached, the more the breach costs. Data breaches cost on average $141 per breached record—except in healthcare where the average cost per breached record is $380.

As you saw from the list above, many organizations receive and send digital patient records as part of business processes. In the summer of 2018, for example, CarePartners, a homecare company and business associate of the Ontario government was hacked, and 80,000 patient records were affected. To add insult to injury, the hackers told the CBC that the data they stole wasn’t even encrypted!

Too many electronic health records are at risk because healthcare organizations are dealing with stagnant or declining IT budgets year-over-year. But deprioritizing cybersecurity is short-sighted because the average cost for a ransomware incident is $76,000 and the average hacking breach costs $2.4M.

But research indicates that implementing an organization-wide encryption solution is a cost-saving initiative. For example, the Ponemon Institute’s 2017 Cost of Data Breach Study suggests that the top three factors that reduce the potential cost of data breaches are having an incidence response team, using encryption extensively and training employees. Additionally, a recent Total Economic Impact™ study conducted by Forrester Research revealed that organizations which adopt Echoworx’s OneWorld encryption platform can expect a return on investment of 155 per cent and a payback period of just seven months.

Get the full Forrester Total Economic Impact™ study of OneWorld now.

How encryption protects electronic health records in transit

To protect the private data in digital patient records in transit, encryption is essential. We recommend implementing a flexible and user-friendly encryption solution – like Echoworx’s OneWorld platform which employs up to five secure encryption delivery methods.

Four ways encryption protects your electronic health records in transit:

Multiple flexible delivery methods – Not every healthcare organization will have the same cybersecurity measures in place so your encryption platform must be able to handle multiple business scenarios. These include Secure PDF (e.g., secure record delivery) and web portal access, TLS and encrypted attachments and support for S/MIME and PGP.

Inbound encryption – When organizations accept inbound emails without encryption, the information is stored in clear text on their network or not accepted at all. Inbound encryption allows organizations to automatically reroute sensitive incoming data to an encrypted web portal.

Secure Bulk Mail (SBM) – This functionality automates the process of emailing mass personalized documents securely. In 2017, the British National Health Service lost 900,000 patient letters—including test results from physicians—which might not have happened if a SBM solution was in place.

Privacy by design – When your encryption platform includes definable policies to control which communications require encryption and how they’re sent, it relieves busy healthcare administrators of the burden of making security decisions while processing patient records. This encryption solution also means organizations stay compliant with regulations like the US’ Health Insurance Portability and Accountability Act (HIPAA), the US’ Health Information Technology for Economic and Clinical Health Act (HITECH) and the EU’s General Data Protection Regulation (GDPR).

Healthcare organizations have an obligation to protect sensitive patient information in electronic healthcare records in three scenarios: when the personal data is on their network, leaving their network and arriving at their network. When healthcare organizations implement a flexible and user-friendly encryption solution, they protect this personal data across all three scenarios. Isn’t it time for your healthcare organization to get encrypted?

By Alex Loo, VP Operations, Echoworx

21 Jun 2019

Customer Experience, Information Security Nicholas Sawarna 0 comment

Encryption in Healthcare Recruitment: Gain an Edge in Your Headhunting

Whether it be higher pay, tax-free incentives or just a chance to see the world, lures for healthcare professionals to relocate internationally are as numerous as they are attractive. And, from nurses to doctors to medical technicians to a whole plethora of crucial background staff, international hospitals and medical organizations require massive amounts of skilled workers to ensure their operations run smooth.

But getting, connecting and sending healthcare professionals overseas is a delicate, personal and often time-sensitive operation with many moving parts – where effective secure communication plays a central role. And, given the international nature of this industry, with its minefield of privacy rules and regulations, combined with massive amounts of sensitive personal data, there is no room for error.

Many recruitment agencies still rely on fax (or snail mail) – a trend even more prominent in the healthcare sector. This can lead to delays, clunky user experiences and, ultimately, applicant drop-offs due to time-constraints or on-boarding processes which ask too much of candidates.

Here are some ways your healthcare recruitment organization can streamline its recruitment processes using secure encrypted lines of communication:

1) Remove the bumf from digital onboarding

Healthcare recruitment organizations are head-hunting experts – dealing with startling amounts of personal data. Depending on where a recruiting hospital or medical organization is located, a candidate might be required to show sensitive health records for visa applications or they might be required to undergo extensive criminal background checks, for examples. Most job application packs also require original scans of education credentials, medical licenses and passports. All this information makes its way to a recruiting hospital or healthcare organization through a recruitment agency or direct from the candidate – with the potential to cross international privacy jurisdictions along the way.

To avoid bureaucratic headaches, missing application deadlines or just to remove unnecessary back-and-forth bumf, a recruiting party can leverage the power of a flexible encryption solution. From the ability to exchange Secure PDFs to enabling secure TLS connections for instantaneous secure communication, there are different ways this can be for a frictionless digital experience– making paper processes a thing of the past.

Take your onboarding processes digital with these secure encryption delivery methods.

2) Maintain your digital brand

Healthcare recruitment is a highly competitive industry, where timing is everything and other options exist for applicants wanting to get the job. But sometimes a combination of speed and strong security can come at the detriment of the applicant – leading to confusion, spam-looking messages and a poor user experience.

With our OneWorld encryption platform, your brand can leverage airtight encryption without losing a full-branded experience. This allows candidates to send their supporting documents to your healthcare recruitment organization without becoming confused, worrying about spam or doubting your ability to protect their sensitive data.

See how large enterprise-level organizations are sending full-branded encrypted messages.

3) Maintain compliance with digital privacy regulations

Whether recruiting candidates, sending their personal data overseas or even keeping sensitive data on your servers, rules regarding privacy, and the jurisdictional laws which apply to it, need to be observed. The brand damage of mishandling candidate information isn’t worth it, and you can’t afford the sharp-toothed fines which are dished out for not respecting the rules.

Take the EU’s General Data Protection Regulation (GDPR), for example. This overarching set of privacy rules, which apply to all EU countries, also applies to all their citizens – regardless of where they reside. This means that a travel nurse from San Diego, who happens to be a German citizen, for example, applying to a nursing job in Toronto is technically protected under GDPR jurisdiction – and armed with its sharp-toothed fines.

But hiding under an offline rock isn’t going to make it all go away! Implementing proactive cybersecurity measures, like applying encryption to sensitive digital communications, allows healthcare recruiters to leverage the real-time convenience of digital communication while staying compliant with privacy regulations – zero fax given.

Here are some of the flexible ways you can send secure messages with encryption.

4) Build digital trust with healthcare candidates

Healthcare recruiters are quite literally dealing with humans – so why wouldn’t you want candidates to trust you with their information? Regulatory-compliance aside, protecting personal information is just good customer service – and maintaining digital trust is the new currency of business online. You need it, they need it – we all need it.

So why take chances with your candidates’ most valued personal info? With other healthcare recruitment options in abundance, including options to apply directly to hiring hospitals and medical organizations, you simply cannot afford to lose the faith of your candidates. And starting to build digital trust with your candidates starts with showing you care about them – by investing in proactive cybersecurity solutions, like encryption, which protects their personal data.

See how encryption can help build digital trust with your candidates.

5) The future of healthcare is digital

From exchanging Electronic Healthcare Records between hospitals to something as simple as booking a doctor’s appointment online, healthcare is slowly uploading to a digital environment. The UK’s National Health Service (NHS), for example, recently announced an organization-wide ban on fax machines – meaning no more business done by fax in the near-future. You need to be ready for a new digital age in healthcare or you risk being left out of the conversation.

Learn more about the flexible ways you can securely send applicant documents with encryption.

By Nicholas Sawarna, Sr. Content Marketing Specialist, Echoworx

14 Jun 2019

Compliance, Cybersecurity Randy Yu 0 comment

Thinking Inside the Box: Addressing Internal Cyber Vulnerabilities

In cybersecurity, it’s easy to become obsessed over external malicious factors and lose sight of the whole picture which includes internal vulnerabilities. When it comes to cybersecurity, the best defense includes shoring up your internal defenses because many critical vulnerabilities are too close to home for comfort.

What is an internal cyber vulnerability?

A vulnerability is a flaw in a system that exposes the system to risk of attack. In cybersecurity, these vulnerabilities can be related to the computer systems and processes and procedures you use. While you may know famous software vulnerabilities like Heartbleed and WannaCry, internal vulnerabilities can be much more mundane. For example, someone leaving the default password on a router or assuming your employees know how to recognize spear phishing attacks can lead to a lot of heartache for a chief information security officer.

As they say in sports, “The best defense is a good offense.” In this case, a good offense includes taking a proactive approach to identifying and fixing vulnerabilities, which we’ll cover next.

How to identify cyber vulnerabilities in enterprise-level organizations

Before you can identify cyber vulnerabilities, you must have a clear idea of your organizational assets, including intellectual property. Frédéric Virmont, a seasoned cybersecurity expert, says, “You have to identify what’s critical for the business: servers, applications, everything. Once you identify those critical assets, then you can make a plan to secure them and ensure they’re maintained with security patches.”

After identifying your critical business assets, you can expose and triage any vulnerabilities through various security tools—and then patch them up.

Put staff on your list of organizational assets as cyber vulnerabilities include accidental and intentional insider attacks by employees.

Six ways to reduce internal cyber vulnerabilities with pre-emptive measures

1) Encrypt data and communications – Protect your data while it’s in transit and at rest with a user-friendly encryption solution. Billions of emails are sent every day and without encryption each one represents a security risk. And in 2018, 4.8 billion records were stolen during breaches and less than three per cent of those records were encrypted.

2) Teach employees about cybersecurity – A recent PwC report in the US found that 32 percent of respondents consider insider threats more costly and damaging than external incidents. Because employees are on the frontline of cybersecurity, it’s essential to educate them about the importance of using security programs and processes and how to identify and report suspicious incidents. Cybercrime is increasingly sophisticated—especially social engineering and spear phishing—which is why regular and effective cybersecurity training is necessary for all staff.

3) Beef up your security policies – Make sure your policies support your security efforts. Some of the best practices include:

Limiting user access through assigning appropriate permissions to non-IT employees
Setting appropriate guidelines for creating strong passwords or enforcing two-factor authentication
Limiting Internet usage by defining or controlling what type of content can be viewed
Defining file storage locations for employees and denying usage of USB drives or personal cloud storage
Choosing policy-based encryption with flexible delivery methods for communications
Effective vetting of third-party vendors

4) Have an up-to-date disaster recovery plan – A disaster recovery plan allows all staff to act swiftly—using prepared strategy—when disaster strikes. This way, organizational efforts can go towards closing the vulnerability and monitoring it, rather than trying to figure out what to do in the middle of a crisis.

5) Don’t migrate vulnerabilities to the cloud – While there are many benefits to offloading on-premise servers and applications to the cloud, organizations must avoid bringing along existing vulnerabilities with them. Implementing security tools prior to cloud migration is essential.

6) Communicate effectively with the board – Since they may not always understand the technical assets, many boards shy away from cybersecurity risk management. Instead of communicating about tech specs, talk to the board about the cost of not implementing security measures, return on investment trends and reputation management with clients. Raphael Narezzi suggests talking to the board of directors like this, “It can be a cost today, but I guarantee you, the scenario we see when a board acts before an event, is a completely different scenario than when they don’t act at all.”

The benefits of closing internal vulnerabilities

Closing internal vulnerabilities takes time, resources and expertise and is now part of the cost of doing business. But there are benefits. As mentioned above, data security results in customer-centric benefits such as building reputation and digital trust and helps pave the way for competitive differentiators.

Closing internal vulnerabilities takes time, resources and expertise and is now part of the cost of doing business. But there are benefits with a solid return on investment. A recent Forrester Total Economic Impact™ study, for example, revealed that a typical enterprise-level organization can expect a seven-month payback period and slash $2.7M off their bottom line by employing our flexible OneWorld encryption solution. Get the full Forrester Total Economic Impact™ study of OneWorld now.

With so much at risk, isn’t it time to shore up your vulnerabilities?

At Echoworx, encryption is all we do. Our OneWorld encryption platform and cloud security services are a natural extension to existing security programs and offer a wide range of flexible options for secure message delivery. You can learn more about the ROI of Echoworx OneWorld encryption here.

By: Randy Yu, Senior Manager Technical Operations & Support, Echoworx

07 Jun 2019

Customer Experience, Information Security Kevin Foxton 0 comment

Holy Ship! Why Digital Transformation is Taking the Shipping Industry by Storm

In Medieval Italy, sea merchants invented the bill of lading to confirm receipt of all goods in a shipment. Hundreds of years later, many international shipping firms still rely on paper bills of lading for this same purpose. But paper-based transactions are falling out of favour in shipping, especially with shipping and logistics start-ups coming onto the scene as digital natives. Today, we want to talk about why digital transformation is taking the shipping industry by storm and the risk and rewards that come with it.

Four reasons the shipping industry is ripe for digital transformation

Paper-based processes are slow – From bills of lading and paying at-sea employees to ship certificates required by the International Maritime Organization, running ships as big as the Empire State Building on paper processes just isn’t efficient. According to a recent article by The Economist, Maersk found that processing one shipment of avocados from India to the Netherlands involved 200 communications across 30 parties! In an era when shipping companies support consumers’ same-day delivery expectations, it’s essential to save time in port and at sea. This means moving away from fax, paper and telephone communications and moving towards digital systems and processes.

Industry 4.0 is transforming the supply chain – Industry 4.0—also known as the fourth industrial revolution—is bringing automation, data and the internet of things to the global supply chain. For this to work effectively, all players must be connected to the digital supply chain. As digitization becomes business as usual across the supply chain, shipping companies that can’t connect to this global infrastructure will be left behind.

There’s increasing pressure on profit margins – Low vessel utilization rates continue to put financial strain on shipping companies. Implementing digitized operations reduce costs by optimizing shipping capacity and routes.

Digital trade-finance platforms are growing – Governments, banks and insurers are working together to create digital trade-finance platforms to digitize trade and financing activities for importers and exporters. This will lower costs and reduce risk of double financing and fraud. Greater adoption of digital trade finance platforms—such as Marco Polo and we.trade—puts pressure on shipping companies to go digital.

Cybersecurity risk in the shipping industry

In 2017, the UK shipping company, Clarkson PLC, fell victim to a massive cyberattack orchestrated through a single compromised user account, which provided access for hackers to a vast trove of sensitive customer details. It goes without saying that with increased digitization comes the increased risk of cybersecurity attacks, data breaches and insider threats. Instead of shying away from digital transformation, shipping companies must simply embrace the cybersecurity risk management and staff education that comes with it. It’s also essential to get the help they need to integrate secure digital processes, communications and a user-friendly encryption solution into their businesses.

The rewards of digital transformation in the shipping industry

Undergoing digital transformation in shipping reduces errors, improves customer satisfaction and trust through increased logistics transparency, speeds up formerly manual processes and increases connectivity for crew and off-ship asset management personnel. Of course, we strongly recommend building privacy by design into any digital transformation projects, including a flexible encryption solution that protects all ship to shore communications (and vice versa).

And while there are costs associated with digital transformation, enterprise-level organizations can recoup some of these costs with a proven encryption solution. For example, a recent Forrester Total Economic Impact™ study, revealed that a typical enterprise-level organization using Echoworx’s OneWorld encryption platform can expect an ROI of 155 per cent—with upwards of $2.7M in cost-mitigating benefits. This same study showed that using the OneWorld platform to replace on-premises legacy encryption solutions meant organizations could save the full software cost of previous solutions and avoid other legacy-related costs for a three-year savings of $793K.

Get the full Forrester Total Economic Impact™ study of OneWorld now.

With encryption as part of your digital transformation project, you can also assure your customers that their goods and containers have more protection than a 15^th century Venetian piece of paper can offer.

By: Kevin Foxton, Technical Operations and Security Team Lead, Echoworx

05 Jun 2019

Customer Experience, Information Security Michael Roberts 0 comment

Securing Silos: The Case for an Omnichannel Approach to Digital Government

What if government worked like a business? What if a bureaucrat in one department could communicate seamlessly and securely with a politician in another? What if departments could work collaboratively on procuring contracts?

When a government embraces a digital first strategy, effective secure communications serve an important function for their system to operate in a streamlined fashion. From frontline citizen-facing tasks, like sending a prescription or a temporary driver’s license, to more complex internal tasks, such as the procurement of a new multi-million-dollar research vessel, the need for flexible, frictionless and secure lines of communication exist at almost every level.

1) Omnichannel is about collaboration

In marketing, an omnichannel approach to sales implies a seamless shopping experience regardless of where a customer is located or what a customer is looking at. For government, an omnichannel experience implies a barrierless collaborative environment between all departments, all ministries and all levels within. In other words: a digital government, which aims to streamline all services, should be striving for an omnichannel environment.

2) Encryption needs to be part of the conversation

From the EU’s General Data Protection Regulation (GDPR) to regional privacy laws in the US, like California’s AB375, privacy continues to be a major driver of policy surrounding all-things-digital. So when it comes to streamlining communications between ministries, the public, third-party vendors, lobby groups or other external organizations, messages containing sensitive personal data need to be secured with airtight encryption to help mitigate the risk of headline-grabbing data breaches.

3) Encryption should enable a digital government – not hinder it

In the private sector, encryption is becoming a competitive differentiator – with customers preferring organizations who value their personal data. This aspect of a customer-first mantra should be no different for digital government. In addition to offering a frictionless encryption experience, both for internal and external users, an effective encryption tool needs to be flexible enough to suit every government use case – from complex government procurement orders to something as simple as a doctor sending a prescription to a patient.

Check out how these enterprise-level organizations are leveraging our OneWorld encryption platform.

4) Good encryption should pay for itself

Since they are bankrolled by the very people they serve, governments need to justify every dollar (and penny) spent. So adopting a robust flexible encryption solution with all the trimmings is usually not top-of-mind in terms of how to allocate their budgets. But, although an effective encryption platform can be expensive, the cost-mitigating benefits should outweigh the overhead.

Take Echoworx’s OneWorld encryption platform, for example. According to a recent Total Economic Impact™ (TEI) study conducted by Forrester Research, implementers of OneWorld can experience a payback period of less than seven months – in addition to both a return-on-investment (ROI) of 155 per cent and upwards of $2.7M in cost-mitigating benefits.

See the full TEI study by Forrester Research here.

Digital is better. Period.

While initial worries might include questions regarding accessibility for those members of the public not comfortable with digital correspondence, or perhaps more abstract questions regarding security, at the end of the day, citizens of any digital government soon appreciate the benefits of encrypted communications over snail mail. The ease of access offered by the instantaneous nature of digital messages, paired with an excellent user experience and secured by airtight algorithms is hard to argue against.

See if Echoworx is right for your government.

By Michael Roberts, VP Technology, Echoworx

04 Jun 2019

Cybersecurity, Information Security Nicholas Sawarna 0 comment

Encryption Mosaic: The New Diverse World of Secure Communications

Dial back the clock several million years and you find a crowded ocean of creatures surrounding lush green lands devoid of any vertebrate activity. Then one fish walked out of the sea and changed our terrestrial course forever. But did this ambitious fish have revolutionary intent? Certainly not – instead focusing on more immediate needs of food and new territory.

The same can be said about contemporary demands for secure digital communications. While digital communications enable transcendence from the world of paper mail, making the sending and receiving of information instantaneous, they inadvertently make our most-precious personal details more exposed and more open. And, with no way to turn back the clock, the case for encryption protection of sensitive information grows – and evolves.

But, as more and more industries migrate online, we are beginning to see that this brave new digital world is not one-size-fits-all – especially when it comes to secure digital communications. From different customers to different jurisdictional regulations protecting them, an encryption solution needs to be as flexible as the diverse array of organizations it serves.

Here are key points to consider in determining the factors affecting secure communications, why needs are so diverse and where exactly you might start placing your organization in the encryption mosaic:

1) Regulatory fines with sharp-teeth

Where an organization is located can influence how much they are expected to protect their data. In Denmark, for example, encryption is now mandatory for all communications containing the personal data of Danish citizens under its jurisdiction, according to its own interpretation of the General Data Protection Regulation (GDPR) affecting EU country members. Failure to comply with the GDPR, and other similar regulatory bodies or laws, like Canada’s recently-updated Personal Information Protection and Electronic Documents Act (PIPEDA), for example, can lead to devastating fines and even more devasting brand damage.

Echoworx recognizes that not all countries protect the personal data and the privacy of their citizens the same. To help prevent prying bureaucratic eyes or to avoid non-compliance with jurisdictional regulations, Echoworx’s cloud-based encryption solutions are available on AWS Cloud in 13 countries. We also have SOC2 and ICO-certified data centres in the US, UK, Germany, Ireland, Mexico and Canada, ensuring all sensitive data stays close to home.

2) Different industries – different business cases

While organizations operating in the banks, financial services and insurance (BFSI) realm were the first wholesale adopters of encrypted communications, the technology is exponentially permeating through to other industries. According to a recent Ponemon study, for example, manufacturing and services organizations are beginning to crack into the encryption market – accounting for 12 and 11 per cent respectively.

And, as new industries begin to implement encrypted secure communications, so does demand rise for a flexible encryption solution to adapt to different business use cases. At Echoworx, for example, we offer a cloud-based scalable encryption solution featuring multiple secure user-friendly delivery methods to fit any business process.

Learn more about the different ways you can send secure information with Echoworx.

3) Users are changing

From mobile banking to Generation Z, how users send information and what exactly they are willing to send is changing at a rapid clip. Today’s users are tech-savvy and quick to provide personal details but even quicker to move on if an organization mishandles their data. They demand instantaneous communication and a streamlined user experience with organizations they work with. To avoid going the way of the dodo bird, you need to go above and beyond to make sure they come first – all while ensuring that their sensitive personal data is protected.

With Echoworx, you can tailor every aspect of your encryption experience to put your customers first – from the way they access a secure message to something as simple as the ability to brand. And, to further avoid any negating situations affecting user experience, Echoworx offers services in 22 languages for all our flexible delivery methods – ensuring nothing is lost in translation.

Explore these different delivery methods here.

4) Encryption isn’t just an IT issue anymore

From headline-grabbing data breaches to something as simple as customer experience, encryption is no longer a backroom IT issue – it’s a business issue. But implementing an encryption program isn’t as simple as adopting a solution and flipping a switch. There needs to be a universal internal change of culture at most organizations. For example, while 50 per cent of CEOs are concerned most about possible detrimental impacts to user experience when adopting a security solution, 88 per cent of IT professionals view encryption as costly, difficult and a constraint on business productivity.

Echoworx works with companies to ensure encryption solutions are as non-intrusive and as streamlined as possible – from deployment to the end user. In our capacity as a third-party encryption provider, we support our clients, reducing the additional strain of user help queries, and, with nearly two-decades’ worth experience in the encryption market, we can adapt to any business case.

Learn more about working with Echoworx.

By Nicholas Sawarna, Sr. Content Marketing Specialist, Echoworx

—

Sources:

Ponemon Global Encryption Trends Study – April 2018

12…9 Next →

Why healthcare organizations are vulnerable to privacy and security breaches

Here’s why healthcare organizations including health authorities are vulnerable:

The consequences of mishandling patient data

What does encryption do?

5 ways the OneWorld encryption platform makes secure communications possible for health authorities

What is communications control?

Why is control of secure communications essential in healthcare organizations?

Five reasons for implementing communications control in healthcare organizations:

Five ways healthcare organizations can maintain control of their secure communications

Keeping secure communications secure

Offering a consistent user experience

Faster turnaround on important documents

Stay compliant, avoid the fines

Natural extensions to existing email infrastructure

What is cloud computing?

The benefits of cloud computing

What are the risks of uploading to the cloud?

How has the cloud evolved?

How can an organization insulate itself from cloud risks?

Peeking behind the Capital One headlines

Getting back to basics: 5 simple ways to boost cybersecurity in your organization

What is communications compliance?

What are the challenges of communications compliance?

Why compliance matters in marketing

Four reasons encryption is a marketing compliance solution:

Identifying cyber-vulnerabilities starts with getting to know your intangibles

Accountants play a role in cybersecurity

Understanding total economic impact of cybersecurity

How much does your board of directors know about cybersecurity?

How accountable is your board of directors for data protection?

Emphasizing the monetary advantages of cybersecurity investment

How important is digital trust?

Why healthcare organizations are slow to adopt digital solutions

The common barriers to going digital are:

Three reasons for healthcare organizations to go digital sooner than later:

Five reasons encryption is essential for healthcare organizations undergoing digital transformation:

Personal data exchanged in healthcare

The cost of unprotected digital patient records

How encryption protects electronic health records in transit

Four ways encryption protects your electronic health records in transit:

1) Remove the bumf from digital onboarding

2) Maintain your digital brand

3) Maintain compliance with digital privacy regulations

4) Build digital trust with healthcare candidates

5) The future of healthcare is digital

What is an internal cyber vulnerability?

How to identify cyber vulnerabilities in enterprise-level organizations

Six ways to reduce internal cyber vulnerabilities with pre-emptive measures

The benefits of closing internal vulnerabilities

Four reasons the shipping industry is ripe for digital transformation

Cybersecurity risk in the shipping industry

The rewards of digital transformation in the shipping industry

1) Omnichannel is about collaboration

2) Encryption needs to be part of the conversation

3) Encryption should enable a digital government – not hinder it

4) Good encryption should pay for itself

Digital is better. Period.

1) Regulatory fines with sharp-teeth

2) Different industries – different business cases

3) Users are changing

4) Encryption isn’t just an IT issue anymore