24 Apr 2019
Five ways to minimize the risk of insider threats

Insider Cyber Threats? Closer to Home than You Think!

For enterprise-level organizations, it’s no longer enough to protect data and systems from nefarious external agents. Organizations must also implement defensive measures to protect themselves from something much closer to home: insider threats.

Internal cyber attacks happen inadvertently or on purpose. We want to share the four types of insider threats and some defensive measures that help organizations reduce the risk of these threats.

Two types of accidental insider attacks

Instead of jumping into a zero-trust environment that’s so restrictive it hampers productivity and user-experience, remember that most of your employees and trusted partners do not have malicious intent. Inadvertent or unintended insider attacks happen because the insider is oblivious or negligent.

An oblivious attack is when someone with access to company information is compromised by an outside agent but doesn’t realize it. This can happen when someone leaves a company device unattended or uses unencrypted Wi-Fi on a company device.

A negligent attack is when someone bypasses a security protocol, often to speed up a work process or because of a lack of knowledge about the security protocol. When employees lack proper security training, they’re more vulnerable to phishing and spear phishing attempts.

Two types of intentional insider attacks

The two primary types of intentional insider attacks come from malicious and professional attackers.

A malicious attack comes from an insider who becomes disgruntled and goes rogue to get even with the company for a real or imagined offense. This could involve stealing data or sabotaging a company network or system.

A professional attack comes from an insider who is a career thief. This involves exploiting system vulnerabilities for profit.

External attacks through the inside

 While blunt force attacks remain a common threat at the gates of any firewall, there are also ways for malicious actors to attack your company through the inside. Called social engineering attacks, a hacker might impersonate someone at an organization via stolen credentials, stolen information or supply chain attack. A smart air conditioning unit, for example, might be connected to an organization network, creating a third-party backdoor vulnerability bypassing frontline defenses.

Five ways to minimize the risk of insider threats

With all these foxes in the hen house, organizations are wise to take a defensive approach to insider threats.

  1. Get the Board on board – Even in 2019, it’s common for boards to not ask about or understand cybersecurity. Rafael Narezzi, a prominent Cyber Security Strategist, suggests that everyone on the Board of Directors must “understand what [cybersecurity] is. Not in deep technical talk but the consequences for the business if they don’t act.” When the Board and senior leadership team understands the cost and consequences of cyber threats, there will be more support for cybersecurity initiatives.This lack of attention is more common than you’d probably guess. PwC’s Global Economic Crime and Fraud Survey 2018[i] found that less than half of surveyed organizations had conducted a cybercrime risk assessment. This is despite cybercrime being one of the top three most reported frauds!

 

  1. Use an effective and user-friendly encryption solution – It’s imperative that organizational data is secured because so many insiders have access to it and sending that sensitive information to clients, vendors and partners is a regular part of doing business.Features to look for in an enterprise-level encryption solution include:
  • Automatic encryption policies that apply encryption under defined circumstances (such as when certain information or keywords appear in an email).
  • Multiple flexible delivery methods for different types of secure encrypted communications that allow the sender to control how a message is sent and whether to include features like a time limit.
  • Easy and frictionless user experience for employees and customers.With a frictionless user experience—for example, with the Echoworx One World encryption platform—employees are less likely to bypass security protocols because they’re built into regular workflows and don’t make security a burden for senders or recipients.In addition to reducing risks to insider threats, there are financial benefits to adopting a flexible, frictionless encryption solution. A recent Forrester Total Economic Impact™ study, for example, revealed that a typical enterprise-level organization can enjoy $2.7M in cost-mitigating benefits through employing our flexible OneWorld encryption solution.  Get the full Forrester Total Economic Impact™ study of OneWorld now.

 

  1. Educate staff on cybersecurity – Even though employees know why they shouldn’t open attachments and click links from strange emails or use “p@ssw0rd” as a password, they’re still vulnerable to attacks because cybercrime is increasingly sophisticated. To change that, make sure all employees take part in regular and effective cybersecurity training that helps them understand why it’s important, how to implement security measures at work and how to spot sophisticated phishing and spear phishing scams.Training can include tests and tricks. A good trick involves sending a fake phishing attempt to staff to reinforce real-world lessons from the cybersecurity training.

 

  1. Build security into all products and processes from the start – Train developer teams to create products that are secure by design. Frédéric Virmont, a cybersecurity industry expert, says, “Security is like quality; it must be from the beginning to the end of the life cycle. For developers, now we have tools where they can code and check security along the way. If you wait until the end of the product, it’s too late. Once the house is built, it’s too late to add emergency exits.”This idea includes permissions architecture. A non-secure design gives all users access to more data than necessary. To be security minded, create a permissions architecture that gives access based on needs and roles. For example, the chief marketing officer wouldn’t have the same permissions as customer service agents.

 

  1. Make cybersecurity the path of least resistance for all users – Like it or not, we do what’s easy. For organizations, this means that overly-complex data security protocols hamper adoption. Because cybersecurity methods only work when staff and customers use them, user-experience must always be considered and prioritized.Going back to the encryption example above, we’ve found that a lot of internal users are reluctant to send encrypted emails because they don’t know how to encrypt them or don’t like the spammy look for their recipient. These are two unnecessary barriers that get in the way of frictionless security and set the stage perfectly for negligent insider attacks.

Insider threats are real and a recent PwC report in the US found that 32 per cent of respondents consider insider threats costlier and more damaging than external incidents.

By taking a security approach that involves a frictionless encryption solution, security by design (and the path of least resistance) and effective education for staff and the Board of Directors, your organization can minimize risks associated with malicious and unintentional insider attacks.

Given all of the above, is why at Echoworx, encryption is all we do. Our OneWorld encryption platform and cloud security services are a natural extension to existing security programs and offers a wide range of flexible options for secure message delivery. You can learn more about the benefits of Echoworx OneWorld encryption here.

By: Brian Au, IT Specialist, Echoworx

————————

[i] https://www.pwc.com/gx/en/services/advisory/forensics/economic-crime-survey.html

21 Apr 2019
healthcare security

Encryption in Healthcare? Improving the Prognosis of Data Security

Healthcare organizations collect, manage and distribute an enormous amount of medical and personal information and they’re constantly at the mercy of budget constraints and cuts, which leaves them vulnerable. On top of that, healthcare is the only industry where more breaches happen because of insider threats than outside malicious agents[i] and it’s tied for first place for the most breaches across all sectors.[ii]

In a nutshell, healthcare is in critical condition when it comes to cybersecurity.

To address this condition, enterprise-level healthcare organizations, hospitals and their third-party business associates can increase data security and reduce risks of breaches by implementing user-friendly and customer-centric encryption services.

Customer-centric encryption is so important in healthcare because many agencies are transforming from paper to digital records while dealing with preventable insider threats (often in the form of delivery errors). This means to get the most out of encryption, healthcare organizations must consider how easy it is for patients, employees and business associates to use and trust the encryption solution.

What customer-centric encryption looks like in healthcare

The customer experience differentiators that healthcare organizations should look for in an encryption solution include:

  • Integration of privacy by design features like definable policies to control which communications require encryption and how they are sent. This takes security decision-making out of the picture for busy healthcare administrators and ensures your organization stays compliant with regulations like the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH) and the General Data Protection Regulation (GDPR).
  • Multiple flexible delivery methods for different types of secure encrypted communications, including secure PDF (e.g., secure record delivery) and web portal access, TLS and encrypted attachments and support for S/MIME and PGP.
  • Easy and frictionless user experience for employees, patients and business associates. This is especially relevant in healthcare organizations that serve an aging population who aren’t as tech-savvy as the general population. The World Health Organization suggests, “primary health care must be accessible and friendly to persons of all ages.”[iii] We agree and believe this applies to accessing patient records too.
  • Secure bulk mail functionality that automates the process of emailing mass personalized documents securely. As the British National Health Service (NHS) can attest from its 2017 experience, losing 900,000 patient letters is no good for patient trust in their system.
  • Multiple brand and language options to give patients the peace of mind that comes with receiving secure messages from a trusted source.
  • Dedicated account support to help organizations understand how email encryption fits into their patient care and business models.

An encryption solution for healthcare organizations should be easy for employees to use. First, because making secure encryption the path of least resistance increases user adoption. And secondly, because data security breaches happen most frequently at the employee level in healthcare. For example, did you know that employees are increasingly exposed to malware hidden in Microsoft Office documents sent through email?[iv]

A matter of trust in healthcare

As we’ve seen in other industries like banking, trust is becoming a new currency and this equally applies  in healthcare because patient data is so personal. Healthcare patients expect that medical transactions—including booking an online appointment, communicating with a medical professional and having health records sent between institutions—are safe and secure, which builds trust. If patients don’t believe your healthcare organization can protect their data, they  lose faith and—when possible—they  leave. A recent Echoworx survey found that 80 per cent of customers consider leaving a brand after a data breach. With so many leaders concerned about organizational reputation—and in an increasingly competitive private healthcare landscape—can you afford an encryption solution that doesn’t give your employees, patients and business associates a frictionless user experience?

How healthcare organizations can achieve cost savings with encryption

In addition to supporting a patient-centred business model and reducing the risks of insider threats, there are financial benefits associated with adopting a flexible and frictionless encryption solution.

A recent Forrester Total Economic Impact™ study, for example, revealed that a typical enterprise-level organization using Echoworx’s OneWorld encryption platform can accelerate the adoption of digital document delivery, save $1 per paper document delivered digitally instead of through the postal system and accumulate a three-year cost savings of $1.5M.  This same study showed that adopting OneWorld’s self-service support options, like automatic password resets, increases call centre productivity, removes the need for additional overhead and can slash nearly $320K off the bottom line of an enterprise-level organization.

Read the full Forrester Total Economic Impact™ study of OneWorld now.

Encryption can save healthcare organizations money on process and system improvements. But that’s not all. Including encryption as part of an overall data security program also helps organizations avoid the cost of security breaches. For example, the average cost for a ransomware incident is $76,000 which sounds like a lot until you see that the average hacking breach costs $2.4M.[v]

With so much at stake in healthcare, isn’t it time to integrate a frictionless encryption solution into your healthcare organization?

This is why at Echoworx, encryption is all we do. Our OneWorld encryption platform and cloud security services are a natural extension to existing security programs and offers a wide range of flexible options for secure message delivery. You can learn more about the ROI of Echoworx OneWorld encryption here.

By Alex Loo, VP of Operations at Echoworx

————

[i] 2018 Data Breach Investigations Report, 11th edition (Verizon)

[ii] Cyber Security and Healthcare: An Evolving Understanding of Risk (Symantec)

[iii] https://www.who.int/ageing/primary_health_care/en/

[iv] 2018 Data Breach Investigations Report, 11th edition (Verizon)

[v] Cyber Security and Healthcare: An Evolving Understanding of Risk (Symantec)

03 Apr 2019
customer centric encryption

Why Customer-Centric Encryption Matters in Financial Services

Before message encryption became mainstream with its incorporation into popular messaging platforms, like WhatsApp, and into deep-reaching, headline-grabbing international privacy regulations, like the EU’s General Data Protection Regulation (GDPR), the financial services industry could usually get away with using overly-complex data security options which were not user friendly. Customers simply didn’t know protecting their data could be seamless and practically invisible.

They know it now and expect customer-centric encryption solutions—especially from the financial services organizations that secure their most sensitive data.

Financial services firms shouldn’t need to choose between security and customer experience. If you look at encryption specs, you’ll notice that algorithms aren’t the primary differentiators of any secure email solution. Almost all contemporary security products feature 2048-bit RSA encryption, 256-bit AES encryption and SHA2 signatures.

The real differentiator is customer experience—how easy is it for customers and employees to use the encryption solution? And do they get the awesome customer experience they’ve come to expect?

Five ways encryption can secure customer-centric innovation

The customer experience differentiators that enterprise-level financial services organizations should look for in an encryption solution include:

  • Definable policies to control which communications require encryption and how they are sent.
  • Multiple flexible delivery methods for different types of secure encrypted communications.
  • Easy and frictionless user experience for employees and customers, no matter how tech-savvy they are (or aren’t).
  • Multiple brand and language options to support brand alignment and customer expectations and to give customers the peace of mind that comes with receiving secure messages from a trusted source.
  • Dedicated account support to help organizations understand how email encryption fits into their business model.

Customer experience is so important because it directly relates to trust—the new currency in banking. Your clients need to trust you with their most personal data and—like it or not—clunky user experiences erode their faith in your ability to protect their data. And when clients lose faith and no longer trust your brand, they will leave. A recent Echoworx survey found that 80 per cent of customers consider leaving a brand after a data breach. With so many CEOs concerned about company reputation, it doesn’t make sense to settle for an encryption solution that can’t support an awesome customer experience—the risk to the brand is just too high.

In addition to benefitting your customer-centric business model, there are added monetary benefits to adopting a flexible frictionless encryption solution. A recent Forrester Total Economic Impact™ study, for example, revealed that a typical enterprise-level organization can slash $2.7M off their bottom line through employing our flexible OneWorld encryption solution.

Get the full Forrester Total Economic Impact™ study of OneWorld here.

Achieving both regulatory compliance and customer-centricity

Like all companies, financial services organizations are subject to privacy regulations like the GDPR. But that’s the tip of the iceberg—and being non-compliant with these privacy laws comes with stiff sharp-toothed penalties.

Regulations financial services companies are subject to[1] or should be aware of include[2]:

  • FINRA guidelines
  • Gramm-Leach-Bliley Act (GLBA)
  • SEC 17A-3 and 17A-4
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Federal Rules of Civil Procedure (FRCP)
  • Sarbanes-Oxley (SOX)
  • EU General Data Protection Regulation (GDPR)
  • Canadian Securities Administrators National Instrument 31-303 (CSA NI)
  • Investment Dealers Association of Canada (IDA29.7)
  • Model Requirements for the Management of Electronic Records (MOREQ)
  • California Consumer Privacy Act (CCPA)
  • New York Department of Financial Services (NYDFS) Cybersecurity Regulation

Since compliance is so integral to the financial services industry, it’s in your organization’s best interest to choose an encryption solution that has privacy by design; this means your secure email platform figures out how to send messages based on the policies you define during your initial service customization. For example, a business partner receives transparent encryption via TLS, a customer receives a monthly statement as a secure PDF attachment and a European bank may require PGP emails because employees have PGP software running on their desktops.

What customer-centric encryption means to your bottom line

In financial services, providing a frictionless and secure customer experience isn’t optional for seamless secure communication. But there are additional monetary benefits to choosing and implementing the right flexible encryption solution. For example, a recent Total Economic Impact™ (TEI) study conducted by Forrester suggests that typical enterprise-level organizations employing Echoworx’s OneWorld encryption platform can slash nearly $320K off their bottom line with the adoption of self-service support options, like automatic password resets – increasing call centre productivity and removing the need for additional overhead.

Customer-centric encryption helps financial services organizations build and keep trust with clients, stay compliant and reduce costs. Isn’t it time to take advantage of this proven competitive differentiator?

The Echoworx Difference

At Echoworx, encryption is all we do. Our OneWorld encryption platform is a natural extension for most existing systems and offers a wide range of flexible, adaptable and dependable encryption delivery methods for use at enterprise-level corporations.

Learn more about the ROI of Echoworx OneWorld encryption here.

By: Christian Peel, VP Engineering at Echoworx

——–

[1] https://www.echoworx.com/project/encryption-technologies-financial-services/

[2] https://www2.deloitte.com/us/en/pages/regulatory/articles/banking-regulatory-outlook.html

22 Mar 2019
dont fear the paperless tiger

Don’t Fear the Paper Tiger: Paperless is Easier than You Think with Encryption

Every year, more than 500 billion bills[i] are sent to customers and that doesn’t even include monthly and quarterly statements for financial and health-related matters. Now, just imagine going to the post office and buying stamps for all those bills and statements.

Many organizations don’t have to imagine the high cost of postage because their processes and systems that depend on paper transactions make this a reality.

But going completely paperless is more complicated than just flipping a switch and turning on a computer – you need a secure environment for your digital documents. When an organization goes paperless, they enter a world of complex privacy regulations, like the EU’s General Data Protection Regulation (GDPR), where non-compliance can trigger massive sharp-toothed fines. This is where having a comprehensive encryption strategy can help – and even plays to an organization’s advantage.

Here’s how you can leverage an encryption solution to go paperless, accelerate your digital transformation and achieve real business value:

The advantages of going paperless

Going paperless saves money – but only when digital documents are sent securely. A recent Total Economic Impact™ (TEI) study conducted by Forrester, for example, suggests that enterprises using OneWorld encryption accelerate the digital transition of their mail delivery by ten percent. Given the average $1 cost-per-page associated with traditional mail, a typical enterprise-level organization using OneWorld can save $1.5M over three years.

Other advantages of going paperless include increased user satisfaction, streamlined processes and easing the burden of compliance with privacy regulations such as the GDPR.

Why organizations are reluctant to go paperless

Going paperless by adopting secure digital document delivery is a significant project that requires time, money, specialized expertise, the capability to integrate legacy data and systems and, sometimes, a change to current processes in how responses are sent and processed. Organizations with already-stretched IT resources are reluctant to take on a paperless project when it’s seen as a cost-driver, instead of a cost-savings initiative.

Paperless communications necessitate secure digital communication which means encryption. Expenses associated with an on-premise encryption solution include physical servers, maintenance staff and customer support resources. These legacy costs can be slashed during a paperless project. For example, by integrating the OneWorld encryption solution, a typical enterprise-level organization mitigates these upkeep costs–and saves about $795K over three years.[ii]

This reluctance to go paperless is based on fear of complexity, effort and security concerns – not facts. In an increasingly competitive marketplace, where digital transformation—including going paperless—is no longer optional for sustainable businesses, and is increasingly becoming a competitive edge with your customers.

Pain-free paperless use case: upgrading a legacy system

Enterprises might be unable to increase their paperless efforts on account of existing on-premise legacy encryption technology being unable to handle additional loads. But, on account of this existing outdated messaging infrastructure, even if the ROI of going paperless is intriguing, they may wonder how painful the project will be. It doesn’t have to be difficult if they pursue the right solution and work with the right people.

Going paperless helps businesses streamline processes, reduce resources and save money. The recent Forrester study, done on behalf of Echoworx, found a strong ROI for implementing the OneWorld encryption solution and a payback period of only about seven months.

We hope this encryption ROI research helps you put the Paper Tiger in its rightful place.

The Echoworx difference

At Echoworx, encryption is all we do. Our OneWorld encryption platform is a natural extension for most existing systems and offers a wide range of flexible, adaptable and dependable encryption delivery methods for use at enterprise-level corporations.

Learn more about the ROI of Echoworx OneWorld encryption here.

By: Christian Peel, VP Engineering at Echoworx

 

——-

[i] https://www.echoworx.com/how-can-we-convert-more-customers-to-paperless-billing/

[ii] https://www.echoworx.com/project/forrester-tei-of-echoworx-oneworld/

11 Mar 2019

Total Economic Impact Study on Echoworx OneWorld Encryption Finds a 155% ROI

TORONTO – Echoworx, an industry leader in encryption solutions, is pleased to announce the release the new commissioned study conducted by Forrester Consulting on behalf of Echoworx quantifying the Total Economic Impact and benefits of the Echoworx OneWorld Encryption Platform. The study finds that, in addition to streamlining internal efficiency, a typical enterprise-level organization leveraging Echoworx OneWorld can expect a return on investment (ROI) of 155 per cent over a three-year period.

“This study is instrumental in showing organizations the real business value proposition presented by encryption – something normally just showing up as another cost,” says Echoworx CEO Michael Ginsberg.

In addition to providing valuable insights into what to expect from a third-party encryption provider, the purpose of this Total Economic Impact study by Forrester is to provide enterprise organizations, from governments to financial services to large-scale manufacturers, the multi-dimensional economic impact of integrating the OneWorld Encryption Platform.

Here are some key findings of this study, based on a typical enterprise-level organization:

  • OneWorld increases digital delivery of secure documents by 10 per cent, mitigating costs by $1.5M.
  • Moving to a Cloud-based encryption environment alleviates nearly-$800K of on-premise legacy system costs.
  • OneWorld reduces email encryption-related call center tickets by 80 per cent, with cost savings of nearly $320K.

About Echoworx

Echoworx is a trusted path to secure communications. As a pure-play encryption solutions provider, Echoworx works with finance, government, healthcare, legal, and compliance professionals to tailor secure communication solutions that don’t impede on customer experience. Our scalable encryption platform, OneWorld, can address multiple uses across an organization. Our encryption experts take pride in transforming chaos into order for leading multi-national enterprises using our SaaS encryption platform. Visit us at www.echoworx.com

09 Mar 2019
Customer Satisfaction

How to stimulate digital engagement with customers

In the offline world, organizations build their customer base slowly over time and these customers generally become and stay loyal to the company—unless there’s a major screw up. But that’s not how it goes in the digital world; though competition is fierce, digital customers are easy to get but hard to keep. Even the smallest user-experience blip can send them packing.

Digital customer engagement—which relies heavily on digital communications—plays an important role in customer experience and satisfaction. Organizations must create an inviting digital environment that encourages engagement and builds digital trust. While digital trust is easy to gain, it’s easier to lose and impossible to get back.

With that in mind, we suggest your digital environment supports these four elements: security, user experience, cost mitigation and compliance. With these in place, it’s easier and safer than ever to stimulate digital engagement with your customers.

Secure communications

Customers expect built-in data security and yet 69 per cent of customers don’t believe organizations do everything they can to protect client data. Your organization can differentiate itself from the competition by delivering on the promise of secure communications. One way to ensure secure communications for all senders and receivers is by using an encryption solution with flexible delivery methods including TLS, S/MIME, PGP and secure web portals. Encryption is a value proposition for businesses that want to gain customer trust while protecting themselves against costly data breaches.

User experience

Customers get a good user experience when data protection is built into the process. Making encryption the default option takes advantage of the human condition—we tend to follow the path of least resistance. Save your customers the trouble of adding an extra step—if they remember or find the time—without leaving encryption to chance. Your choice of encryption can also protect your customers from phishing and spear phishing attacks, where malicious parties mimic your brand via email to steal private information or install malware. Encryption that can support multiple brands with multiple delivery methods in multiple languages assures customers that your secure messages are from a trusted source—not spam.

Cost mitigation

Customer engagement is desirable as part of a streamlined service that helps your clients and supports your business model. But if customer engagement systems chain you to the same old clunky hardware, more IT resources and more customer support staff, the costs can soon outweigh the benefits. The good news is it doesn’t have to be this way. For example, according to a recent study commissioned by Echoworx, moving your PGP system to a cloud-based encryption environment alleviates nearly $800K of on-premise legacy system costs—without any disruption to your customers.

See the full report here.

Compliance

Organizations are subject to multiple privacy regulations—including GDPR, PIPEDA and HIPAA—depending on where they operate and where their customers live. Violating these regulations leads to fines and penalties. For example, GDPR violations can cost up to $20 million or four percent annual turnover (whichever is greater). These regulations also make it mandatory to report any data breach. To give you an idea of how fleeting digital trust is, most digital customers will leave forever once they hear about a breach. When you choose an encryption platform, make sure it includes features to keep you on the right side of compliance—and helps your customers feel secure during their online engagement with you.

It’s harder and more important than ever to maintain digital trust. Set yourself up for success by implementing systems like encryption to support and stimulate your online customer engagement activities.

The Echoworx Difference

At Echoworx, encryption is all we do. Our OneWorld encryption platform is a natural extension for most existing systems and offers a wide range of flexible, adaptable and dependable encryption delivery methods for use at enterprise-level corporations.

Learn more about Echoworx OneWorld encryption delivery methods here.

By Alex Loo, VP of Operations at Echoworx

26 Feb 2019

A Perfect 10? Why Flexible Encryption Matters for Your Business

According to Forrester, “consumers use technologies that support convenience and put a higher value on CX (Customer Experience).[i]” And as banking, financial service, government, healthcare, legal and compliance professionals know, customers expect that experience to include encrypted communications and data protection. If your organization uses an out-of-the-box email security product with built-in email encryption, you’re off to a good start.

But if you’re leading a customer-obsessed organization, a tailored approach to encryption is likely more aligned to your business values than an out-of-the-box solution. Implementing a flexible encryption solution as a natural extension to your existing encryption framework takes your data security and digital trust factor from good to great.

Here are four business reasons for adopting a flexible encryption model:

1 – Increase nimbleness and continual alignment to business processes

Business processes vary across any organization. One group sends millions of e-statements monthly while others send sensitive documents one at a time to internal or external parties. Enabling an encryption platform with flexible controls for every scenario gives you the power to create a customizable user experience for senders and recipients while staying in control of encrypted messages that are in transit and at rest.

2 – Build trust instantly with multiple language and branding options – 

If your organization operates internationally, excellent customer experience includes communications in your client’s preferred language. And it goes without saying, all communications must be aligned to your brand no matter which line of business sends them. With 79 per cent of people taking less than 30 seconds to evaluate the safety of an email, off-brand but legitimate emails from your company can quickly get categorized as spam and cast doubt on your organization’s digital trustworthiness. With Echoworx OneWorld, a natural encryption extension for common enterprise solutions, you can set language policies to automatically apply to encrypted communications based on sender, brand, locale and receiver attributes.

3 – Get ahead of your competition in information security management –

In a recent survey of IT professionals and IT decision-makers, we found that although encryption is a priority for most organizations, less than half the organizations with encryption software use it extensively. This means that in any industry, chances are good that using a flexible encryption solution to secure delivery methods can be a differentiator for your business.And when you choose a user-friendly option, your encryption and data security measures become a customer-centric value proposition. Take mobile and desktop user experiences, for example. With over 80 per cent of emails being initially read on some form of mobile device, any encryption solution should offer a comparable or identical desktop user experience.

4 – Increase long-term performance through proactive risk management –

The 2018 Global State of Information Security Survey report suggests that long-term economic performance is more likely when companies increase risk resilience rather than merely attempt to avoid risk.[ii] This happens because resilient companies—ones with disaster recovery or business continuity plans—can bounce back faster from unfortunate incidents than those without. From a cyber-security point of view, proactive risk management includes encryption that supports multiple secure delivery methods with effective fallback options, secure password encryption procedures and a streamlined user experience that makes using encryption the easy default.

In a customer-obsessed business culture, organizations must be proactive about meeting and exceeding client expectations while keeping client data secure. It’s easier and more necessary than ever to adopt secure encryption across your organization. Securing sensitive data is the right thing to do—and comes with a strong business case.

The Echoworx Difference

At Echoworx, encryption is all we do. Our OneWorld encryption platform is a natural extension for most existing systems and offers a wide range of flexible, adaptable and dependable encryption delivery methods for use at enterprise-level corporations.

Learn more about Echoworx OneWorld encryption delivery methods here.

By Christian Peel, VP Engineering, Echoworx

——-

[i] https://go.forrester.com/blogs/new-leaders-emerge-as-businesses-are-disrupted-more-rapidly/

[ii] https://www.pwc.com/us/en/cybersecurity/assets/pwc-2018-gsiss-strengthening-digital-society-against-cyber-shocks.pdf

24 Feb 2019
YWhat's Your Post-Brexit Plan

Privacy in a Post-GDPR Britain: What’s Your Brexit Plan?

Deal or no deal – Britain is heading for a Brexit. And, while some Britons stockpile everything from pasta to clothing to cat food, British companies are bracing themselves for a digital void of uncertainty. But with the right proactive cybersecurity measures in-place and a little planning, there is no reason for a UK business to be lost at cyber-sea!

Here are some points to consider when constructing your Brexit plan:

  1. The General Data Protection Regulation (GDPR) is not a law

    As its name suggests, the GDPR is not a law – but a regulation. While the GDPR does apply to all member states of the European Economic Area of the European Union, each country is free to interpret the regulation as they see fit. In Denmark, for example, a stricter interpretation of the GDPR has led to mandatory encryption laws being applied to Danish data. As a rule: Be sure to read up on the local GDPR-inspired laws for any EU regions you operate in.

  2. Third-country – not third-class

    Since they all fall under the GDPR, and must theoretically comply with the privacy regulation, organizations operating out of member states of the EEA are free to exchange information across EU borders. But, while so-called ‘Third-Countries,’ referring to nations outside EEA borders, are not likewise given a free pass, they can exchange data once they are vetted as having adequate data protection laws and practices.

    See how Canada is changing its laws to be more GDPR-friendly.

  3. The UK just might be OK

    By the time the Brexit break is made official, Britain will have been under the GDPR for nearly a year. Among other things, this means their Data Protection Act 2018, if left intact, should theoretically comply to GDPR demands. But special attention must be paid to mirror any subsequent changes to the GDPR – like if Denmark’s mandatory encryption laws were to be adopted by other EU nations, for example.

  4. The GDPR is out of UK control

    A post-Britain Brexit no longer has a seat at the EU negotiating table – including for any matters related to the GDPR. This means that, if your British organization is going to do business on the Continent, preparing for unanticipated decisions might be your best course of action. Having proactive data protection features, like end-to-end encryption, for example, can help you navigate any sudden changes.

    See how the NHS is beginning to ramp up their digital defenses.

  5. You can’t hide from the GDPR

    Even after Brexit, countless citizens of EU nations are going to continue working in Britain. In addition to covering nations within the EEA, the GDPR also covers the citizens of those nations – regardless of where they reside. If a Belgian national living in London, for example, provides personal information to your British organization, their data is protected by the GDPR.

    Learn more about the GDPR.

  6. It’s not just about you

    If you intend to navigate the GDPR and continue doing business within the EEA from Britain, you need to consider who you are working with in the UK. Under GDPR regulations, any third-parties working alongside your organization, who might be handling EU personal data, must also be compliant. Before establishing or continuing a third-party relationship post-Brexit, look for cybersecurity audit certifications – here’s why they are important.

Your Post-Brexit Plan:

While the UK continues to battle, outline and hash out its Brexit plan, there are ways your organization can help weather the storm. In addition to adopting proactive data protection policies, like encryption, your organization should consider having a backup plan. Echoworx, for example, has data centres in Ireland and Germany, which allows our clients to securely send GDPR-compliant messages within the EEA.

By Nicholas Sawarna, Sr. Content Marketing Specialist, Echoworx

22 Feb 2019
who controls your encryption experience

Who Controls Your Encryption Experience?

At its core, security is an exercise of control. Security controls how our property is used, who has access to it and keeps it safe. In cybersecurity, this notion generally refers to the protection of an organization’s digital assets– keeping data safe and sound.

But what happens to this secure sense of control when data goes beyond your reach – outside your digital perimeter? You encrypt it.

Here are some points to consider for effective encryption – without relinquishing control:

 

  1. Compliance needs met with encryption

    Under international privacy rules, like the GDPR, non-compliance can lead to massive fines you can’t afford. And, while delivery methods like TLS or PGP are effective for protecting data in transit and end-to-end, they do not accommodate every situation – additional options are needed. If a TLS connection is not available, you may want automatic fallbacks to another secure delivery methods, such as via web portal or as an encrypted attachment – ensuring sensitive data always remains protected.

    Explore the pros and cons of different secure delivery methods.

  2. Proactive policies leave less room for internal error

    Encryption is a feature of any serious cybersecurity design – but real world application still lags, according to Echoworx data. When a platform is not user friendly and encrypting a message is difficult, there is a tendency for senders to favour the path of least resistance – sending sensitive data without protection. Setting proactive encryption policies in motion not only makes encryption mandatory based on pre-set rules, but also improves platform usability by automating a sometimes-confusing process.

    Take inbound encryption policies, for example. When a customer sends an organization sensitive information, like a credit card number, over an open or unrecognized channel, there is a chance existing email filters might flag and block their message for reasons of compliance. By setting inbound encryption policies, incoming emails containing sensitive data are automatically encrypted, before being delivered to a recipient’s inbox – safe, sound and compliant.

  1. Stay in control of encryption controls

    From the choice of email service provider to something as simple as a device-type, there are a variety of ways recipients might be inadvertently controlling their encryption experience. This unintended result can prove detrimental to their user experience – especially if there are better encryption delivery methods for their situation.

    Using proactive policies, your organization can push secure delivery methods tailored to specific customers. You might, for example, set policies which restrict TLS to trusted partners only – or employ attachment-only encryption for secure statement delivery.

    See specific use cases of our OneWorld encryption platform.

  1. Offer a consistent encryption experience

    Part of a true streamlined user experience relies on a consistent user experience – regardless of device, location, location or connectivity. An encrypted message experience, for example, should offer the same user experience regardless of whether the secure message is accessed on a desktop computer or offline via a mobile device – without the need for third-party apps. This same consistent user experience also helps streamline working within collaborative environments.

    Common business scenarios, for example, often involve engaging with a sensitive document across multiple devices and environments. Is the document going to look and act the same offline and online? If working collaboratively on a sensitive encrypted document, is the user experience identical for all parties involved?

    Explore the different delivery methods offered by the Echoworx Oneworld encryption platform.

  1. Be able to recall encrypted messages

    The ability to recall a compromised message even after it has been read, is a simple, yet fundamental feature enabling control of an encryption experience. Whether a message is sent to an unintended recipient or whether a message is no longer safe, control over a message shouldn’t have to be relinquished just by pressing ‘Send.’

  1. Branding is more than changing the colour

    Branding and the separation of brands is crucial to any enterprise conglomerate. The ability to brand, separate and segment customer interactions according to brand can mean anything from how a secure message is received to a desired language. Different brands should also be siloed to prevent eavesdropping from other business units.

    Learn how you can brand your encrypted messages for a more personalized customer experience.

 

By Derek Christiansen, Engagement Manager, Echoworx

21 Feb 2019
NHS goes fully digital

The End of Fax Britannica! Is a New Paperless Age Coming to Britain’s Public Sector?

On January 1, 2019, Britain’s National Health Service (NHS) made a big digital move – no new fax machines. While this might seem insignificant, the underpinning message is deep: a full commitment to digital message channels. And, as the largest public service employer in the UK, with 1.2 million souls, the implications of such a move might run even deeper.

Background

For several years, the NHS has been threatening to go digital, phasing out their snail mail communications and bringing their 70-year-old national healthcare service online – and digital. And, from issues of usability to the more serious, like the loss of 900,000 patient letters in late-2017, the largest NHS blip yet, things have been off to a rocky start.

But, spearheaded by former-Minister of Fun, now Minister of Health, Matt Hancock, ‘The NHS Long-Term Plan’ remains unchanged and unfaltering in its commitment to all things digital. In terms of digital adoption, the 136-page report opens strong: “Virtually every aspect of modern life has been, and will continue to be, radically reshaped by innovation and technology – and healthcare is no exception.”[1]

Zero Fax Given

By 2020, the NHS aims to banish fax machines from their system entirely – with a goal of total phase out by March of next year. Among other things, this means they are shifting their reliance to a purely digital environment – pushing their need for an effective encryption solution to a critical level. Minister Hancock includes the need for encryption into a proposed plan to build an NHS digital architecture which can provide a strong basis for a new generation of digital services.

The savings are big

Going paperless via digital communications offers tremendous value to organizations like the NHS. Between 2013 and 2016, for example, the NHS saved £136M (approx. $178M) with their Electronic Prescription Service (EPS) – a digital communications service currently used by 93 per cent of English GP practices. And something as simple as booking appointments through digital channels is expected to save the NHS a further ₤50M (approx. $65M) per annum.[2]

A second advantage to a digital paperless NHS future is to promote the service as a leading environment for innovative healthcare organizations. As a health-tech hub, NHS users are granted front-row seats to emerging healthcare technology and practices.

Fax machines are just the beginning

In just one decade, by 2029, the NHS aims to be completely paperless – quite an undertaking. But the benefits are huge! By offering paperless healthcare options, patients, medical professionals and NHS employees alike gain access to instantaneous services available anywhere – empowering NHS users to be healthier and stay independent longer.

But with all the sensitive personal information involved in healthcare, robust enterprise-level encryption solutions are needed. And, from TLS to end-to-end encryption solutions, like attachment only encryption, any realistic solution is also going to need to offer flexibility for an excellent, non-confusing and seamless user experience.

See the different ways businesses are leveraging encryption throughout their organizations.

By Christian Peel, VP Engineering, Echoworx

—–

[1] https://www.longtermplan.nhs.uk/wp-content/uploads/2019/01/nhs-long-term-plan.pdf

[2] https://www.longtermplan.nhs.uk/wp-content/uploads/2019/01/nhs-long-term-plan.pdf

15 Feb 2019

Got Danish Data? Email Encryption is Now Mandatory in Denmark

To encrypt or not to encrypt: that is no longer the question in Denmark – where new interpretations of the General Data Protection Regulation (GDPR) are making encryption history. As of January 1, 2019, all organizations working in any capacity with Denmark must now apply acceptable encryption when communicating sensitive data.

Why Denmark?

While the GDPR does apply to all EU members and their citizens, regardless of where they reside, each country has unique interpretations of the specific parts of the regulation. In the case of Denmark, a more literal definition of Section 9 of the GDPR, addressing the ‘processing of special categories of personal data,’ has been adopted. As a result, any sensitive data in transit falling under Danish jurisdiction needs to be protected – meaning mandatory email encryption.

What does this mean for Danish business?

Any organization conducting business in Denmark or involving Danish citizens, including in a third-party capacity, must protect personal data with either secure TLS or end-to-end encryption. But how you employ data protection measures is also important. Opportunistic TLS, for example, where unsuccessful connections fall back to clear text, does not offer adequate protection. Non-abiders to the new rules can face sanctions or, worse, crushing fines in the aftermath of a breach. This new GDPR development is expected to spur similar measures in other EU countries.

Learn more about encryption delivery methods.

What measures can an organization take?

Since the GDPR came into effect last May, the message has been clear and simple from Europe: Protect personal data or do business elsewhere. And, by adopting proactive privacy by design policies, using the GDPR as a baseline, an organization can ensure they are compliant in the EU and anywhere else where similar privacy policies exist. Therefore this newest Danish development should be viewed as a competitive advantage – not a hindrance.

While a closed system theoretically might work for Danish companies who interact solely with Danes, this mindset can cause compatibility problems the second business is conducted abroad. A flexible secure message platform can help avoid compatibility issues and maintaining compliance.

Learn more about the flexible features of Echoworx’s OneWorld encryption platform.

By Christian Peel, VP Engineering, Echoworx

15 Feb 2019
cyber security your competitive advantage

Can cybersecurity be a competitive edge?

In the old days, before organizations became customer-obsessed and held off-site leadership events to drill down on their value proposition, information security was simple. There was the CIO and a few stewards of the air-conditioned server room which was invisible to the non-IT eye. Back then, cybersecurity operated in the shadows and it worked just fine … until it didn’t.

Fast forward to today when cyber security is front and centre for senior leadership, boards, customers and partners. All these stakeholders can tell you what Target is now famous for: a customer data breach that cost the company over $200 million[i] to resolve.

And in an increasingly-competitive business landscape, forward-thinking organizations are integrating information security into business processes to avoid becoming the next cautionary tale on the six o’clock news.

Enough to make organizations WannaCry: Evolving cybersecurity threats

The continuously evolving cybersecurity threats organizations face include malicious security breaches and attacks, accidental breaches initiated from well-intentioned employees and known governmental surveillance. Ironically, as businesses benefit from connected infrastructure networks (think of advances in supply chain management, for example), that connectedness also increases the risk of security threats—because attacks can spread across connected networks so quickly.

CIOs and chief security officers are no longer alone at the table advocating for better privacy and data security measures but there’s still room for improvement. The 2018 Global State of Information Security Survey report found that only 40 per cent of corporate boards participate in their organization’s security strategy.[ii]

But perhaps the biggest threat of all is a lingering notion that cyber security is an IT problem. It’s not an IT problem. It’s a business problem. Unfortunately, most business leaders don’t understand the nuts and bolts of data security and digital threats which can make it more difficult to address the issue.

Security specialists may get more traction at the leadership and board level by framing cybersecurity as a competitive edge. That’s not finessing the facts considering that 92 per cent of organizations surveyed through the EY 2018-19 Global Information Security Survey called their information security insufficient.[iii] 92 per cent!

Four ways cyber security investment helps organizations gain a competitive edge:

  1.  Reduces compliance risks and fines – Legislation such as the GDPR, HIPAA and PIPEDA affects the way companies do business and fines can be substantial. Did you know that GDPR violations can cost up to $20 million or four per cent annual turnover (whichever is greater)?[iv] Since EU citizens are covered under the GDPR even when they’re out of the EU, international companies can stay on the right side of compliance by using proactive policy-based email encryption measures that automatically apply protection to predetermined groups of users (e.g., EU citizens).
  1. Reduces unnecessary cost – The average cost of a single data breach is $3.6 million (USD).[v] But Target’s breach cost 55 times that much which is why a cybersecurity strategy that protects the downside is so valuable. For example, investing in a flexible encryption platform means encryption can be automated to accommodate any business situation and keep data secure—without any hassle.
  1. Protects the company brand – Inadvertently allowing malicious entities or hackers to access your customers’ personal information is a quick way to reduce or eliminate their trust in you. Imagine how long it will take Equifax to win back the trust of 147 million Americans after the 2017 breach. Investing in proactive cybersecurity measures, like encryption, helps you preserve the fragile relationship that is the reality of digital trust.

 

  1. Delivers a value proposition for your customers – Your customers may not be able to keep up with the ever-evolving world of cybersecurity, but they expect protection to be a built-in feature of doing business with you. Proactive cybersecurity measures make conducting online business safer and more reliable which saves customers time, streamlines their experience and delivers real value to them.

 

Quick tip: Make your competitive edge easy to use

An information security program likely has multiple lines of defense, including encryption, authorization and data integrity measures, but these systems and processes only work if people use them. We encourage you to implement cybersecurity systems and processes that are easy for employees and customers to use. Because even when cybersecurity is top of mind, most employees and customers won’t be inconvenienced for the sake of security.

By Alex Loo, VP of Operations at Echoworx

——–

[i] https://www.nbcnews.com/business/business-news/target-settles-2013-hacked-customer-data-breach-18-5-million-n764031

[ii] https://www.pwc.com/us/en/cybersecurity/assets/pwc-2018-gsiss-strengthening-digital-society-against-cyber-shocks.pdf

[iii] https://www.ey.com/Publication/vwLUAssets/ey-global-information-security-survey-2018-19/$FILE/ey-global-information-security-survey-2018-19.pdf

[iv] https://www.echoworx.com/project/encryption-in-the-gdpr/

[v] https://www.ey.com/en_gl/advisory/global-information-security-survey-2018-2019

07 Feb 2019
Encryption is about more than technology— it innovates the way we deliver and safeguard our communications

How Secure is Your Encryption Process?

Encryption – sounds secure doesn’t it? It is. But, like any locked door, chest or vault, some things can be even more secure than others, right? Correct.

While out-of-the-box email security products may offer email encryption as a built-in feature as part of a larger bundle, there are natural extensions you might consider to further protect your brand and customers. And, in today’s customer-centric world, where digital trust is easily won, more easily lost and impossible to get back, you need to take every precaution available to protect even encrypted communications.

Here are some ways to add some more muscle to your encryption efforts:

  1. Flexible controls for every scenario 

    Whether you’re sending millions of e-statements or just sending a sensitive document, not every encrypted message is the same. Look for an encryption platform which offers a customizable user experience for both senders and recipients. This ensures you stay in control of your encrypted message in transit or even at rest.

  2. Multiple language and branding options 

    If your organization operates internationally, there’s a high chance that English might not be the mother tongue of some of your customers. Offering encrypted communications in the language of your users helps eliminate confusion and is just good customer service. With Echoworx OneWorld, for example, you can set language policies which can automatically be applied to encrypted communications based on sender, brand, locale or receiver attributes.

  3. A more streamlined user experience 

    Encryption is hot – application of it is not. Echoworx data finds that only 40 per cent of organizations who have encryption capabilities are actually using them throughout their organizational structure. Making encryption a consistent path of least resistance is a good non-intrusive way of getting your employees and customers to communicate securely.

  4. Multiple delivery methods 

    With traditional secure message delivery, where TLS is used, if a TLS connection isn’t available or supported at the recipient’s end, there are only two outcomes: receiving an error or sending a message unencrypted. Supporting multiple secure delivery methods offers effective fallback options – ensuring sensitive data is always able to be sent and is never sent unprotected.

  5. Better password systems 

    While a one-time-password encryption method is secure, the password itself is only as secure is where it is sent. In other words, if both the one-time-password and the encrypted message are sent to the same mailbox, there’s a lot of trust being put into the security of a recipient’s device or email inbox. A natural solution to this issue would be to send the password to the sender, who can then communicate it as they please to the recipient.

The Echoworx Difference

Echoworx innovates the way we encrypt and deliver secure messages. Our OneWorld encryption platform is a natural extension for most existing systems and offers a wide range of flexible, adaptable and dependable encryption delivery methods for use at enterprise-level corporations.

Learn more about Echoworx OneWorld encryption delivery methods.

By Derek Christiansen, Engagement Manager, Echoworx

23 Jan 2019

ECHOWORX EXPANDS EU REACH WITH NEW GERMAN DATA CENTRE

TORONTO – Echoworx is pleased to announce the opening of their new data centre in Germany. This move further entrenches Echoworx’s presence and competitive edge within the EU region.

Known for its proven manufacturing industries, from automotive to pharmaceutical, established financial core and growing industries, like cybersecurity and tech, Germany is an unofficial economic leader within the EU region. And, with new country-specific regulations spurred by the launch of the General Data Protection Regulation (GDPR) last spring, the timing could not be better.

While the GDPR is a blanket term across the EU region, implementation varies from country to country. And, when it comes to data residency, nearly every German company demands their data remain within German borders. Both domestic and international companies looking to do business in Germany need to have access to German-hosted data centres to effectively compete.

“Knowing where and how data is stored is important when looking for a third-party partnership under new privacy regulations like the GDPR. When data starts to leave a protected zone, for example, the regulations still apply. Having access to a data centre within a target region, like Germany in this case, offers competitive advantages,” says Alex Loo, VP Operations at Echoworx.

To accommodate all business needs, in addition to their new German location, Echoworx currently has data centres in Canada, the US, Mexico, the UK and Ireland. All Echoworx data centres are specifically engineered with the highest standards in-mind to protect data and ensure regulatory compliance is met for specific geographic areas.

Echoworx is dedicated to offering enterprise businesses encryption solutions which work. The Echoworx OneWorld encryption platform features multiple secure delivery methods, a seamless end-to-end encryption experience and multiple branding and language options. The Echoworx system is specifically tailored for conducting international business, whether in Europe or abroad.

 

About Echoworx

Echoworx is a trusted path to secure communications. As a pure-play encryption solutions provider, Echoworx works with finance, government, healthcare, legal, and compliance professionals to tailor secure communication solutions that don’t impede on customer experience. Our scalable encryption platform, OneWorld, can address multiple uses across an organization. Our encryption experts take pride in transforming chaos into order for leading multi-national enterprises using our SaaS encryption platform. Visit us at www.echoworx.com

Echoworx Media Contact:

Lorena Magee
VP Marketing
416-226-8600

18 Jan 2019
Protecting sensitive incoming data

Inbound Encryption: The Why and How

While your organization has systems in place to encrypt outgoing emails, what happens when you receive an email that contains sensitive information? If it’s not already encrypted, do you refuse to accept it? Does it get caught in your compliance filters? If so, what message are you sending by not receiving?

What is inbound encryption?

Inbound encryption is the process by which emails containing sensitive information, such as credit card numbers, are encrypted before they are stored in an organization’s mail servers. Inbound encryption filters scan all emails against a set of established rules, looking at content and attachments, as well as recipients.

Why is inbound encryption needed?

PCI requirements state that emails containing cardholder data must be encrypted during transmission across open, public networks, and that cardholder data must be protected while it is stored. This means that sensitive or personal information such as credit card numbers cannot be saved on your network without being encrypted.

For example, you might run a large retail organization to which customers are sending email queries containing sensitive data – like credit card information. In order to comply with PCI legislation, your email filtering system might be set up to block or delete these types of emails. This, in turn, might lead to customer dissatisfaction as their emails go unanswered – leading to lost business and unintended brand damage.

How does inbound encryption work?

Using a Secure PDF delivery system allows organizations to minimize their PCI risk. Instead of doing the encryption themselves, they employ a third-party service which provides on-the-fly email encryption, triggered by automated policies on a PCI-certified platform. When messages containing sensitive information arrive encrypted and secure, they are less likely to be blocked by existing email filtering services.

Any incoming emails that trigger an encryption policy are automatically encrypted within a Secure PDF, along with any attachments, before being delivered direct to a recipient’s inbox. Upon receiving the email, the recipient simply downloads the encrypted attachments and enters a self-registered passphrase to authenticate, open and read the contents.

What to look for in an effective inbound encryption solution

Providing a secure encryption option for all inbound email doesn’t have to be complicated. Using a Secure PDF delivery system not only guarantees secure storage of sensitive information, it also ensures that your organization will comply with privacy regulations and data security standards.

Learn more about inbound encryption with Echoworx OneWorld.

In addition to Secure PDF delivery, any encryption solution worth its salt needs to offer additional secure delivery methods, from Web Portal, to Secure Attachments, SMIME/PGP and TLS. Although replies and any additional dialogue may be performed via built-in Secure Reply features, your employees might also exercise additional options to communicate securely with their clients.

Learn more about Echoworx OneWorld secure encryption delivery methods.

By Derek Christiansen, Engagement Manager, Echoworx