Goodbye Algorithms, Hello User Experience

Customer Experience    | April 15, 2020

When searching for an email data protection solution, carefully consider the processes that come with the product and let a user-friendly experience differentiate you from the competition.

If you’re like many leading firms, you are in the process of revamping decades-old debt-heavy data protection technologies and processes to spur digital acceleration. Yet, when it comes to email data protection, even contemporary systems employ the same encryption algorithms and specs, featuring 2048-bit RSA encryption, 256-bit AES encryption and SHA2 signatures. There’s nothing new about that – it should be a given.

Don’t think of it as re-inventing the wheel, think about building a better wheel. This is where user experience scores the winning goal.

Data protection often comes down to user-friendliness

We recently surveyed IT professionals and IT decision-makers and found that, while email data protection is a priority for most organizations, less than half of organizations with encryption software use it extensively. This often comes down to user-friendliness; it’s nearly impossible to roll-out a security feature that doesn’t integrate seamlessly into existing workflows. When searching for an email data protection solution, carefully consider the processes that come with the product and let a user-friendly secure communications experience differentiate you from the competition.

Related: The Importance of a Consistent Email Encryption Experience

Keep email protection simple for everyone

Popular with clients and staff:

• Smooth and simple to use – People tend to take the path of least resistance. Look for a secure communications system which makes protecting data in transit the path of least resistance. A case study by Echoworx, for example, enabled a U.K. bank to instantaneously reach its entire mortgage customer base during a time-sensitive emergency without changing the light look and feel of their regular customer communications. Communications could be sent via email as per usual, but with any sensitive information being packaged into protected secure encrypted attachments.
• Customizable preferences – For international organizations, excellent customer experience includes on-brand communications in your client’s preferred language. Did you know that 79 per cent of people take less than 30 seconds to evaluate the safety of an email? This means off-brand but legitimate secure emails from your company can easily be categorized as spam, decreasing your organization’s digital trustworthiness. Even the most-secure communications should allow you to set language policies to automatically apply to messages based on sender, brand, locale and receiver attributes.
• More ways to send secure email – Not every business use case is the same, so you need to ensure your email data protection solution if flexible enough to adapt to different conditions. While TLS remains a primary secure method of protecting data in transit, what if a TLS connection is not available? In addition to providing fallback options, having access to multiple secure delivery methods gives more choice to both senders and recipients in how they choose to communicate with one another.

Related: Creating a Work-From-Home Business Culture

Popular with administrators and support:

• More control – Definable policies control which communications get protected (and how) based on message content. This is set up during implementation of an email data protection system. It is based on your needs and best practices to be triggered by common message attributes, like subject, keywords, message type or recipient domains. Flexible controls for every scenario allow you to create a customized user experience for senders and recipients and to stay in control of encrypted messages in transit and at rest.
• Recall sensitive email – Whether a document was sent in error, or a secure message is sent to an incorrect address, the ability to recall an email containing sensitive information is an important feature of any best-in-class data protection system. Recipients should also be given the option to reply in a secure manner to any encrypted message.
• Prevent unauthorized access – Modern Two Factor Authentication (2FA) options can accurately verify the identity of users before they are granted access to secure information. For access to a secure message portal, for example, a user can be required to provide a Time-Based One-Time Password (TOTP). TOTP is a random single-use, time-stamped soft token issued from a third-party SaaS app installed on a user’s phone – in addition to a username and password before access is granted.
• Send unlimited email – For large enterprise organizations, mass communications pushed to customer bases can be in the millions. When the contents of these messages contain sensitive information which must be protected, like a bank statement, existing communications infrastructure needs to be able to scale to sudden bursts in activity without being overwhelmed.
• Get full value on investment – With the right secure communications solution, your organization can provide a user-friendly experience—and save money. For example, a recent Forrester study, revealed that a typical enterprise-level organization using Echoworx’s platform can expect an ROI of 155 per cent—with upwards of $2.7M in cost-mitigating benefits and a payback period of seven months.
• Increase organizational use – According to Echoworx data, despite over half of IT professionals and decision-makers identifying email data protection as very important, even critical, to their organizations, only 40 per cent of the same group are using encryption technology extensively. When working with a third-party SaaS provider, you gain access to their team of experts and, paired with a simple interface and clear instructions, this can mean a streamlined UX – meaning less calls to your help desk and more successful and widespread implementation.

Related: Security Shopping Based on the Lowest Bidder

Offer email protection to everyone

While access to secure lines of communications is essential for any business, the reasons for email data protection vary. Verizon’s 2019 Data Breach Investigations Report breaks down security incidents by industry, size and concerns. Here are a few takeaways:

• Financial services and insurance – Use MFA, including 2FA or the European Central Bank (ECB)’s ‘Strong Authentication,’ for all customer-facing applications, train your employees on sensitive data and set up secure communication controls to reduce the risk of insider threats and other communications-related vulnerabilities.
• Healthcare –Ensure healthcare staff can safely send and receive sensitive documents containing patient information, which is protected under regulations like the Health Insurance Portability and Accountability Act (HIPPA).
• Manufacturing – From sensitive data changing hands during an M&A deal to communicating personal details with customers to something as simple as exchanging trade secrets with a trusted partner, there are many instances where manufacturing organizations should be leveraging email data protection solutions.

It’s now a given that every industry has data it needs to protect. But how this data is communicated safely – packaged, sent and received – determines the experience for everyone.

In the end: People want safe communications, not usable cryptographic algorithms.