Category: Customer Experience

15 Feb 2019
cyber security your competitive advantage

Can cybersecurity be a competitive edge?

In the old days, before organizations became customer-obsessed and held off-site leadership events to drill down on their value proposition, information security was simple. There was the CIO and a few stewards of the air-conditioned server room which was invisible to the non-IT eye. Back then, cybersecurity operated in the shadows and it worked just fine … until it didn’t.

Fast forward to today when cyber security is front and centre for senior leadership, boards, customers and partners. All these stakeholders can tell you what Target is now famous for: a customer data breach that cost the company over $200 million[i] to resolve.

And in an increasingly-competitive business landscape, forward-thinking organizations are integrating information security into business processes to avoid becoming the next cautionary tale on the six o’clock news.

Enough to make organizations WannaCry: Evolving cybersecurity threats

The continuously evolving cybersecurity threats organizations face include malicious security breaches and attacks, accidental breaches initiated from well-intentioned employees and known governmental surveillance. Ironically, as businesses benefit from connected infrastructure networks (think of advances in supply chain management, for example), that connectedness also increases the risk of security threats—because attacks can spread across connected networks so quickly.

CIOs and chief security officers are no longer alone at the table advocating for better privacy and data security measures but there’s still room for improvement. The 2018 Global State of Information Security Survey report found that only 40 per cent of corporate boards participate in their organization’s security strategy.[ii]

But perhaps the biggest threat of all is a lingering notion that cyber security is an IT problem. It’s not an IT problem. It’s a business problem. Unfortunately, most business leaders don’t understand the nuts and bolts of data security and digital threats which can make it more difficult to address the issue.

Security specialists may get more traction at the leadership and board level by framing cybersecurity as a competitive edge. That’s not finessing the facts considering that 92 per cent of organizations surveyed through the EY 2018-19 Global Information Security Survey called their information security insufficient.[iii] 92 per cent!

Four ways cyber security investment helps organizations gain a competitive edge:

  1.  Reduces compliance risks and fines – Legislation such as the GDPR, HIPAA and PIPEDA affects the way companies do business and fines can be substantial. Did you know that GDPR violations can cost up to $20 million or four per cent annual turnover (whichever is greater)?[iv] Since EU citizens are covered under the GDPR even when they’re out of the EU, international companies can stay on the right side of compliance by using proactive policy-based email encryption measures that automatically apply protection to predetermined groups of users (e.g., EU citizens).
  1. Reduces unnecessary cost – The average cost of a single data breach is $3.6 million (USD).[v] But Target’s breach cost 55 times that much which is why a cybersecurity strategy that protects the downside is so valuable. For example, investing in a flexible encryption platform means encryption can be automated to accommodate any business situation and keep data secure—without any hassle.
  1. Protects the company brand – Inadvertently allowing malicious entities or hackers to access your customers’ personal information is a quick way to reduce or eliminate their trust in you. Imagine how long it will take Equifax to win back the trust of 147 million Americans after the 2017 breach. Investing in proactive cybersecurity measures, like encryption, helps you preserve the fragile relationship that is the reality of digital trust.

 

  1. Delivers a value proposition for your customers – Your customers may not be able to keep up with the ever-evolving world of cybersecurity, but they expect protection to be a built-in feature of doing business with you. Proactive cybersecurity measures make conducting online business safer and more reliable which saves customers time, streamlines their experience and delivers real value to them.

 

Quick tip: Make your competitive edge easy to use

An information security program likely has multiple lines of defense, including encryption, authorization and data integrity measures, but these systems and processes only work if people use them. We encourage you to implement cybersecurity systems and processes that are easy for employees and customers to use. Because even when cybersecurity is top of mind, most employees and customers won’t be inconvenienced for the sake of security.

By Alex Loo, VP of Operations at Echoworx

——–

[i] https://www.nbcnews.com/business/business-news/target-settles-2013-hacked-customer-data-breach-18-5-million-n764031

[ii] https://www.pwc.com/us/en/cybersecurity/assets/pwc-2018-gsiss-strengthening-digital-society-against-cyber-shocks.pdf

[iii] https://www.ey.com/Publication/vwLUAssets/ey-global-information-security-survey-2018-19/$FILE/ey-global-information-security-survey-2018-19.pdf

[iv] https://www.echoworx.com/project/encryption-in-the-gdpr/

[v] https://www.ey.com/en_gl/advisory/global-information-security-survey-2018-2019

07 Feb 2019
Encryption is about more than technology— it innovates the way we deliver and safeguard our communications

How Secure is Your Encryption Process?

Encryption – sounds secure doesn’t it? It is. But, like any locked door, chest or vault, some things can be even more secure than others, right? Correct.

While out-of-the-box email security products may offer email encryption as a built-in feature as part of a larger bundle, there are natural extensions you might consider to further protect your brand and customers. And, in today’s customer-centric world, where digital trust is easily won, more easily lost and impossible to get back, you need to take every precaution available to protect even encrypted communications.

Here are some ways to add some more muscle to your encryption efforts:

  1. Flexible controls for every scenario 

    Whether you’re sending millions of e-statements or just sending a sensitive document, not every encrypted message is the same. Look for an encryption platform which offers a customizable user experience for both senders and recipients. This ensures you stay in control of your encrypted message in transit or even at rest.

  2. Multiple language and branding options 

    If your organization operates internationally, there’s a high chance that English might not be the mother tongue of some of your customers. Offering encrypted communications in the language of your users helps eliminate confusion and is just good customer service. With Echoworx OneWorld, for example, you can set language policies which can automatically be applied to encrypted communications based on sender, brand, locale or receiver attributes.

  3. A more streamlined user experience 

    Encryption is hot – application of it is not. Echoworx data finds that only 40 per cent of organizations who have encryption capabilities are actually using them throughout their organizational structure. Making encryption a consistent path of least resistance is a good non-intrusive way of getting your employees and customers to communicate securely.

  4. Multiple delivery methods 

    With traditional secure message delivery, where TLS is used, if a TLS connection isn’t available or supported at the recipient’s end, there are only two outcomes: receiving an error or sending a message unencrypted. Supporting multiple secure delivery methods offers effective fallback options – ensuring sensitive data is always able to be sent and is never sent unprotected.

  5. Better password systems 

    While a one-time-password encryption method is secure, the password itself is only as secure is where it is sent. In other words, if both the one-time-password and the encrypted message are sent to the same mailbox, there’s a lot of trust being put into the security of a recipient’s device or email inbox. A natural solution to this issue would be to send the password to the sender, who can then communicate it as they please to the recipient.

The Echoworx Difference

Echoworx innovates the way we encrypt and deliver secure messages. Our OneWorld encryption platform is a natural extension for most existing systems and offers a wide range of flexible, adaptable and dependable encryption delivery methods for use at enterprise-level corporations.

Learn more about Echoworx OneWorld encryption delivery methods.

By Derek Christiansen, Engagement Manager, Echoworx

10 Jan 2019
Multiple encryption methods

How do I choose the right encryption method?

Encryption is an important part of any serious proactive cybersecurity plan. You need it. Your customers demand it. And regulators applaud it.

But one does not simply ‘encrypt.’

In fact, algorithms aside, there are multiple ways to successfully encrypt, package and send sensitive information securely online. Each method has unique benefits and choosing a correct method can make all the difference when it comes down to your customer experience.

But how do you choose an encryption method that is right for your customers?

Here are a few questions to consider:

  1. Why do I need encryption?

    Before choosing a correct method of encryption, you need to determine why you need to encrypt in the first place. What sort of sensitive information are you sending or collecting? In what format? Who are your recipients? What privacy regulations do you need to be aware of? Do your messages need to be encrypted in transit? At rest? Or both? These are just a few questions which can help you begin your encryption journey.

  2. Who are your customers?

    Are your customers tech-savvy? Where are your customers located geographically? Are your customers protected under region-specific privacy regulations? What devices do they operate on? In order to understand which encryption method is right for your customers, you need to determine what exactly is required for communicating securely with them or if further encryption options are needed. If your recipients do not have a TLS connection, for example, multiple secure encryption delivery options are needed to ensure no sensitive information is sent over open channels.

  3. Who are your employees?

    In today’s customer-centric world, you need to ensure all proactive cybersecurity details put your customers first. While this might sound solely like an end-user issue, good customer experience also involves your employees who are interacting with them. You need to ensure encryption is the path of least resistance for any employees sending sensitive customer information – whether internal or to customers direct.

  4. What industry do you operate in?

    When it comes to encryption: One size doesn’t fit all. Different industries have different encryption needs. A large bank, for example, has considerably different demands than a large manufacturer – needing to send millions of secure statements a day as opposed to needing secure communications to collect customer payment information. This needs to be reflected in your decision-making process when choosing an appropriate method of encryption.

  5. What are some common encryption solutions?

    When deciding how to best encrypt a message or document, determine what exact aspect of your message needs to be protected in transit and how you want it to be received by your end user. Here are some common solutions used by different industries:

    B2B Communications: Since it is easy-to-use and effective, provided a connection is available, TLS (Transport Layer Security) is the industry standard for delivering secure emails within B2B environments. In a nutshell, TLS encrypts the connection between two parties, like an encrypted tunnel, enabling secure messages to be sent without additional steps required for the end user.

    Learn more about TLS encryption.

    Banking and Financial Services: Since they send emails frequently that contain confidential financial information, banking and financial services organizations need robust encryption to provide data security and access controls in the event of a cyber-attack. The right encryption solution can also give different departments within the organization better access to and management of sensitive financial data and messages. The PCI DSS standard requires that personal account numbers be encrypted even before emails are sent, so encrypted attachments are a good option here.

    Attachment Encryption is where an attachment is encrypted, as opposed to the entire message body. This type of secure delivery works for one-way messaging, like sending an e-statement, where all the sensitive material can be encapsulated in its native format within a secure encrypted attachment. This type of encryption delivery eliminates the need to convert or download files from different formats – creating a more streamlined user experience.

    Learn more about attachment encryption delivery methods.

    Healthcare Services: Personal information, like patient records, must be exchanged in real-time between healthcare providers, administrators, insurance companies and patients. But, in addition to being a fast and seamless experience, exchanging healthcare information needs to be a secure experience. On account of its portable nature and excellent mobile experience, where recipients are simply sent a notification prompting them to sign in to a secure online portal, without the need for any special software or infrastructure, web portal encryption is popular with many health care providers.

    Learn more about web portal encryption

  6. Seek partnerships which put your customers first

    You just can’t take chances when it comes to handling sensitive personal information online. But, from new privacy regulations with teeth, like the GDPR, to increasingly creative malicious actors online to security-investing competition, staying on top of a cybersecurity program can be challenging for many organizations. But the consequences of falling behind or suffering a breach can cost you time, money and, ultimately, your customers.

 

When you partner with Echoworx, you’re partnering with a full-time team of dedicated encryption specialists. Our job is to make ensure your data stays secure, compliant and that your encryption experience is seamless end-to-end – because good customer service doesn’t end when you press ‘send.’

Learn more about our array of secure encryption delivery methods.

02 Jan 2019
Generation Z, Personal Data and Digital Trust: Unlike Any Before

Generation Z, Personal Data and Digital Trust: Unlike Any Before

Solve this riddle: I am always connected – but avoid social situations. I demonstrate a firm attention to detail – but have the attention span of a goldfish. I freely give out personal information – but demand it be protected. I distrust corporations – but communicate to them as if they were family.

Who am I?

If you guessed a Millennial, you’re on the right track. But these characteristics are more appropriately attributed to members of Generation Z – the first generation of digital natives, born beginning in the mid-90s through the 2000s, set to bloom into the consumer market. And, given that they are to make up a whopping 40 per cent of all consumers by 2020, [1] with $44B in buying power,[2] this is one group your organization needs to prepare for – especially when it comes to data protection.

How does Generation Z share digital information?

As digital natives, Gen Z’s do not know life without being connected to the digital world. And, since most of their life is already online, some even making their first digital selfie appearance via an uploaded ultrasound from the womb, they are much more comfortable with having even their most intimate details available at the click of a mouse. They are ‘always on,’ with some members of Generation Z checking their social media a hundred times a day or more, and this is reflected in how they share digital information.

According to Echoworx data, the level of comfort which Generation Z share personal information online is at-par with or even exceeding those same metrics for Millennials. For example, 56 per cent of Generation Z are not opposed to publishing their credit score on social media. This same metric is considerably lower for Millennials, with 44 per cent being comfortable, and continues to decline through older generations.

Are Generation Z gullible? Or just faster?

The average attention span of a member of Generation Z is 8 seconds, according to data from the Digital Marketing Institute. And, as digital natives, they crave instant gratification for the price of personal data – without much consideration for long-term consequences or questioning what their details are being used for. But, on account of their low attention spans, Gen Z’s are experts at filtering and retaining information presented to them.[3]

So, are they gullible? No. But this doesn’t necessarily mean they are responsible. And their lightning quick digital speed can lead to sloppy practices when it comes to protecting their data. For example, according to Echoworx data, nearly half of Gen Z’s change their digital passwords regularly. Compare this same figure to Millennials, where nearly three quarters of them regularly update their online login credentials.

Are Generation Z reckless with their personal digital data?

In order to understand the point of view of a Gen Z, you need to look at things from their perspective. For example, would you trust your parents with your SIN? Would you ask your sister for advice on the best way to peel an apple? If you answered yes, simply substitute your family member with an online influencer or one of your favourite brands. If you are always on, you live online.

And you trust people you care about to point you in the right direction. This is why Gen Z’s are so comfortable providing details for or taking advice from brands or influencers.

When you look at it from this perspective, readily divulging personal information online is not as crazy as it sounds to older generations.

And older generations are not perfect either. According to a recent Gallup Poll, nearly a quarter of Americans were victims of cybercrime in 2018.[4] This is despite the claim of 71 per cent of poll respondents who worry about cyber crime and the two thirds of Americans, according to data from the American Bankers Association (ABA), who are taking measures to protect sensitive data.[5]

Digital trust is a fragile game to play

Unlike its offline equivalents, digital trust carries its own hubris of sorts in that if it is easy to get, it’s even easier to lose and nearly impossible to get back. In fact, according to Echoworx data, over three quarters of Generation Z consider leaving brands after a data breach. So how do you play the game?

Easy. You protect them.

According to Deloitte, consumer expectations online are at an all-time high and your customers demand control over their personal data. And a full 69 per cent of customers do not believe organizations are doing everything they can to protect their data.[6] But, according to data from the ABA, nearly half of Americans continue to trust traditional industries, like banks and healthcare.[7]

While some might view this newfound fascination with personal data collection to be detrimental to conducting business – your organization should view it as a competitive differentiator. If your brand goes all-out in a quest to protect customer data, employing best proactive practices, such as a personalized and cusotmer focused encryption experience for sensitive documents in transit, your customers will take notice.

Learn more about maintaining the digital trust of your customers.

By Nicholas Sawarna, Sr. Content Marketing Specialist, Echoworx

——

[1] https://digitalmarketinginstitute.com/en-ca/the-insider-3987498273498375892/19-10-16-is-your-business-ready-for-the-rise-of-generation-z?blog

[2] https://www.forbes.com/sites/kristinwestcottgrant/2018/05/09/data-privacy-social-media-visual-content-adobe-through-the-lens-of-generation-z/#5c812c243a9c

[3] https://digitalmarketinginstitute.com/en-ca/the-insider-3987498273498375892/19-10-16-is-your-business-ready-for-the-rise-of-generation-z?blog

[4] https://bankingjournal.aba.com/2018/12/gallup-poll-quarter-of-americans-victimized-by-cybercrime/

[5] https://bankingjournal.aba.com/2018/12/survey-data-privacy-growing-as-concern-banks-seen-as-trusted/

[6] https://www2.deloitte.com/insights/us/en/industry/technology/digital-media-trends-consumption-habits-survey.html

[7] https://bankingjournal.aba.com/2018/12/survey-data-privacy-growing-as-concern-banks-seen-as-trusted/

18 Dec 2018
Digital Onboarding

Accelerating Your Customer Onboarding Through Digital Adoption

With so many digital choices to choose from, traditional client onboarding, which can take weeks, even months to complete is certainly a poor customer experience. Many processes are still manual, time-consuming, expensive and ineffective. And, with fintech snapping at your heels, if you fail to onboard your customers quickly, they might start to consider other more-nimble options.

But moving to digital can carry regulatory risks – especially if your organization is not taking proper privacy precautions with client data. Here’s how you can onboard new clients safely, quickly and, most-importantly, digitally:

Why bother going digital?

In every industry, including finance and banking, customer interactions are increasingly moving to purely digital channels. In order to stay relevant, even large banking and financial service providers must do the same. While technologies such as mobile and digital banking were first adopted by millennials, they are now widely used, by customers of all ages.

In a nutshell: Digital onboarding lets customers choose how, where and when they wish to join your bank.

And, for banks, where customer centricity is paramount, employing digital channels brings personalization and engagement for all their banking customers. The transition to digital also lowers costs and it is easier to measure effectiveness. In fact, according to a recent eMarketer report, the importance of increasing the use of digital channels, among financial institutions, is rapidly outpacing other business objectives, seeing a year-over-year increase of 15 per cent in importance from 2016 to 2017[1]

The importance of protecting customers

A recent Echoworx survey shows that most customers take less than 30 seconds to assess the safety of an email. Yet only 40 per cent of organizations that have encryption technology use it to protect sensitive data. In these instances, fully one third of emails that should be encrypted, are sent in the clear.

Our research shows that 64 per cent of customers are more concerned about their online privacy than a year ago. And 62 per cent don’t trust that their Internet activity is private. Given the number of data breaches in recent months, these figures shouldn’t be a surprise.

Yet customers assume your organization is protecting their interests, and their data. Your customers must be able to trust that their information is secure in your hands. The stakes are high: 80 per cent of customers will consider leaving your organization after a breach.

Additional digital perks for your customers

Implementing digital channels and enabling faster onboarding will also bring other benefits for financial institutions:

  • Reducing the onboarding touch points to complete onboarding faster and more easily. Customers want to complete their onboarding and application journey with the minimum of interactions before they can access services.
  • Faster onboarding means it is less likely that new customers will develop negative impressions about their financial institution.
  • Establishing rapport quickly to provide products and services. Customers are more satisfied when the relationship is put into place immediately.

 

A Scottish case study

The challenge with digital onboarding is to strike the right balance: the process must be easy to use, but document security must be maintained.

One of Scotland’s largest banks came to us with this challenge and the results have been favourable.

After implementing our solution, all their application forms for accounts, loans, mortgages and investments are now emailed as secure PDFs. The customer then fills out the documents and emails them back, also securely. Because the process is digital and uses secured encryption, onboarding can be completed in a few days.

The bank estimates they are reducing the time to onboard new customers by over a week. As a bonus, they have also drastically reduced the postage costs associated with the old onboarding process. Everyone benefits: customers find the onboarding experience easy to navigate, and the bank can trust in the security and integrity of the process.

The Echoworx difference

The Scottish bank example discussed above is just one of the unique ways your financial institution can leverage the power of our OneWorld encryption platform to help streamline your client onboarding processes. With multiple delivery methods and the ability to send millions of secure documents at the click of a mouse, in addition to other perks, like being able to brand your secure communications, OneWorld speeds up your onboarding process, reduces confusing clutter and keeps your banking institution airtight in the eyes of regulators.

Learn more about how we can help your client onboarding process.

By Derek Christiansen, Engagement Manager, Echoworx

———–

[1] https://www.digitalbankingreport.com/trends/2017-account-opening-and-onboarding/

16 Nov 2018
TLS encrypted delivery

Is TLS good enough for secure email?

When it comes to collecting sensitive customer data, you simply cannot afford to take any chances. Your customers trust you and you need to protect them – and their most-personal details. But, while protecting your digital perimeter is important, your organization also needs to ensure sensitive data stays secure during transit.

One way to do this is to leverage a TLS encryption solution. But what exactly is TLS? How does it work? And when is it good enough for secure email?

Here’s what you need to know about TLS:

What is TLS?

In layman’s terms, TLS, short for ‘Transport Layer Security, is a method of encrypting the connection between two parties communicating over the Internet – think of an encrypted tunnel. TLS can be applied to email to prevent unwanted eyes from viewing messages in transit – or from accessing data transmitted between a user and a website. The ease of this type of message encryption makes it one of the more popular types of delivery methods.

When is more message security needed?

TLS is one of the most primary and simple methods of delivering secure messages. But is it secure enough? It depends – you tell us.

Do you have access to alternative encryption methods if a TLS connection is not available? What exactly are your security needs? Are you worried about third-parties, like Google via Gmail, scanning your correspondence? Are you worried about man-in-the-middle attacks, where a secure connection is compromised? These are just a few of the questions you need to address when determining whether TLS is secure enough for you.

How do you get more message security?

While regular TLS-encrypted messages do have their benefits, this delivery method doesn’t always meet every one of your customers’ needs. That’s why Echoworx OneWorld goes further, automatically offering more encryption delivery methods. OneWorld also offers flexibility within the TLS environment – with the ability to create specific policies for using TLS and branded email footers highlighting that a message was delivered securely.

Are there secure alternatives to TLS?

In instances where TLS is not desireable you need to have other options – to ensure no message goes out unencrypted or to a compromised environment. And there are a variety of other secure delivery options available, from public key encryption methods, like S/MIME and PGP, to Secure Web Portals.

Echoworx’s OneWorld encryption platform offers all these options, as well as encrypted attachments. And, since OneWorld checks to see if TLS is available before transit, sensitive messages are never sent unencrypted.

See more secure message delivery methods.

By Christian Peel, VP Engineering, Echoworx

09 Nov 2018
Encryption shouldnt be cryptic

Encryption Shouldn’t Be a Cryptic Experience!

Encryption, encryption and more encryption – the security buzz word on the tip of everyone’s tongue. In an increasingly treacherous digital landscape, protecting your data with airtight algorithms seems like a logical strategy, yes?

Absolutely.

But making the decision to encrypt confidential emails that are leaving your secure network is about more than just encryption.  The algorithms are not the differentiator when comparing various secure email solutions.  You can find 2048-bit RSA encryption, 256-bit AES encryption, in SHA2 signatures in almost all modern security products.

The component of the solution that does the encryption and decryption is (most of the time at least) solid and predictable.  But sitting on top of that core security is the more interesting topic.  Controlling which emails need encryption, the different types of delivery, the simplicity of registration, the look and feel (known as “branding”) of the emails and web site, are the real differentiators of a 1st class secure email solution.

As Director of Client Engagement at Echoworx, a recognized leader in secure digital communication, it is my job to help enterprise-level organizations understand how email encryption fits into their business model. And for me, this starts with helping them create a seamless end-to-end experience for their clients.

When I work with a new enterprise, a little time is always necessary to cover the basic security aspects of the platform.  However, you may be surprised to learn that much more time is spent on fine-tuning the customer experience to align with the enterprises goals and expectations.  Secure email becomes an integral part of the communications strategy for the entire business.  It needs to look authentic, and use phrases and terminology that match the company’s web site and advertising.

Also important to consider is how varied the recipients of secure email will be.  A grandmother at home with minimal computer experience who needs everything explained in detail, versus a tech-savvy millennial that expects efficiency and automation.  The same secure email experience is used for both, so it had better not alienate anyone!

Your clients are unique, but they all need to trust you with their most personal data, and they will leave you if you lose it. A recent Echoworx survey, for example, found a full 80 per cent of customers consider leaving a brand after a data breach. That’s no small figure.

So how do we achieve this perfect blend of secure email that is still easy to read and send?

For the employees of your company, they don’t want any extra steps or separate systems.  If it’s inconvenient, they won’t use it.  Fortunately, your corporate network is already secure with firewalls, access controls, and native security in your mail server.  So let the encryption happen as the email is about to leave your network (commonly called the “gateway” or “boundary”).

It is the recipient who needs to work with the encrypted version of that email, and the best way to make them happy is to send it in the format they understand. A business partner should receive transparent encryption (called TLS); while a customer receiving a monthly statement should have a secure PDF attachment.  A European bank may demand PGP emails since the employees have PGP software running on their desktops.  The secure email platform should figure this out based on policies you define during initial customization of the service.

If you’re doing business internationally, you also want to be aware of local jurisdictional laws and regulations. In our post-GDPR world, you know where and how you store your clients’ data matters. But don’t forget to consider how your communications will reach people in many non-English speaking countries.  Here’s another example of that usability layer that lives above the actual encryption.

You want your clients to feel at home with you and comfortable sending sensitive information through encrypted channels. A confused customer is likely to second guess the validity of a secure message and may be more susceptible to scams. Investing in data privacy is not only good for your brand – it’s good customer service.

When done right, it’s “plain and simple!”

By Sarah Happé, Director of Client Engagement, Echoworx

25 Oct 2018
Moving PGP to the cloud

Moving Your PGP to the Cloud? Here’s What You Need to Know

Is PGP encryption part of your secure messaging strategy? Are you currently hosting this system on-premise? Ever thought about moving your PGP email encryption to the cloud? It may sound daunting, but, with the right tools and services, moving to the cloud is an investment to consider for you and your customers.

An on-premise PGP system is resource intensive, and requires software installed on your workstation and servers. The demand on your IT department can be considerable – migrating it to the cloud can take a lot of strain off your staff.

Here are a few points to consider if you are thinking of making the move:

Email encryption should be more than just adequate

We have a responsibility to protect the sensitive messages that we send, and we need to do it in a way that doesn’t get in the way of doing business.

An effective email encryption solution has five main qualities:

  • It is easy to implement
  • It can scale to keep up with growing demands and sudden bursts in email volumes
  • It is feature rich, standards-based and current, supporting encryption technologies widely used today
  • It is jurisdictionally aware, so messages sent from the EU, for example, aren’t stored in or sent through the U.S. or other jurisdictions which might compromise compliance with GDPR rules
  • It is operated securely by a trusted vendor which is dedicated to security

Legacy systems shouldn’t stop you moving to the cloud

Moving an on-premise PGP system to the cloud is not only possible, these legacy systems can actually be migrated without disruption, a critical business consideration if your organization sends large numbers of secure messages daily. And you gain access to additional secure delivery methods, like the ability to send messages via web portal, and additional features, like the ability to custom brand encrypted messages.

Key management without the management

According to the thirteenth encryption study commissioned by Thales to the Ponemon Institute, key management continues to be a major pain-point for 57 per cent of organizations. And many of these organizations report they continue to manually manage their key process. This is not a new stat. In fact, key management has remained a consistent pain-point year over year! Moving to the cloud allows you to simplify your key management process – and automate it.

Why use Security as a Service?

In today’s climate, businesses must scale quickly to meet everchanging demands. Security threats are always evolving, and technology continues to transform at a rapid pace. New developments such as mobile computing, the Internet of Things, Software as a Service and Infrastructure as a Service are leading to fundamental changes in the way businesses operate.

Working with a cloud Security as a Service provider can bring many benefits. Sheila Jordan, CIO at Symantec, for example, points out that while IT and technology investments can be used to operate and grow a company, the list of tasks to be performed will always be greater than the resources and funds available. IT is often seen as an easy place to cut costs, and in response, CIOs “must prioritize the demands that most directly affect the profitability and financial goals of the company.” CIOs are responsible not only for protecting data, but also for helping companies use that data to generate actionable insights. Moving to the cloud lets organizations track and report in real time.[1]

Thinking about Security as a Service? Here are some questions to consider:

  • What is your risk profile?
  • Is there a specific crisis you’re responding to?
  • Do you have a clear plan in place?

 

Once the decision to move to the cloud has been made, choose your vendor carefully. Don’t look for a single point solution: if you do, you might find that the solution you’ve chosen has quickly become obsolete or is not the sole focus of a bigger product. Look to your new partner to educate and train your teams and guide your company through the process. Most importantly, get to know the team you’ll be working with, as good relationships can make the difference when dealing with a crisis.

Sheila Jordan from Symantec puts it best: “When you work with a partner that understands your business and where you are headed, they can offer global support and solutions that will grow with your organization. The right partners will always be customer-focused, doing everything in their power to drive your company forward.”

See how easy it is to migrate your PGP to the cloud.

By Christian Peel, VP Engineering, Echoworx

———

[1] Sheila Jordan, “Security as a Service,” in Canadian Cybersecurity 2018: An Anthology of CIO/CISO Enterprise-Level Perspectives, ed. Ajay K. Sood (Toronto: CLX Forum, 2018), 23-45.

12 Jun 2018
privacy protection

One Hot Mess: Encryption, Dating and the Betterment of Privacy Protection

Would you feel comfortable sending personal information over email without encryption? Feel shy answering ‘Yes?’ You’re not alone. In fact, nearly 50 per cent of people choose to share sensitive personal information online. And our trust on the people and companies we send them to is often taken for granted.

You might be surprised to learn just how exposed your customers really are.

In a recent survey of IT professionals and IT decision-makers, conducted by Echoworx, a clear vein of importance attributed to encryption emerged, with 75 per cent of respondents answering ‘yes’ to whether their organization has an encryption strategy. But, as less than half these same respondents answered in the affirmative that their organizations are indeed using encryption extensively, the actual application of it is questionable.

In other words: That personal information your customers are providing to a whole motley crew of banks, healthcare professionals and government bodies? There’s a chance their recipients, who might even be your own staff, are storing it unfiltered, accessible, and unprotected on their servers.

Barriers that are Preventing More Extensive Use of EncryptionShocking, right?

To help understand the other side of the coin, we posed questions to consumers on their willingness to provide personal information both digitally and on first dates. The results were startling – with respondents more than willing to provide personal info, from their full name to their SIN card in both situations.

Encryption is hot infograph
What the findings from our Encryption Survey reveal
about our perspective on data privacy. Learn more.

So what?

When blended together, we are left with two narratives telling a tale of two cities. And it’s messy, but not as cryptic as it seems. Rather there appears to be more a disconnect between our willingness to adopt encryption and our actual application of it in our working lives.

Over half the IT professionals surveyed, for example, responded favourably to adopting encryption – outlining the privacy technology as very important or crucial to their organizations. And nearly three quarters of this group indicated that are actively building encryption strategies. Seems progressive?

And then the reality hits: only half of them are in it for the betterment of information privacy. The other half, almost a clear-cut 50 per cent, admit they advocate for encryption to satisfy privacy regulations and avoid expensive breaches – not because they are actually concerned about protecting sensitive customer data.

The lack of enthusiasm for encryption application permeates through their entire organizations – with only 40 per cent of organizations using their existing encryption technology extensively. And the area they do emphasize encryption, in external communications, is seemingly not enough given that many organizations are now moving their email servers to the cloud – which makes even internal communications external in nature.

And yet customers continue to trust you without encryption

While three quarters of customers know what encryption means and why it exists, 45 per cent of them continue to send personal details via open email – and they put a lot of trust into the people they send them to. Take the safety of an email, for example. Despite the rise in spear phishing, and other email-related attacks mining for personal data, the average person evaluates the safety of an email in under thirty seconds.

Would you give up your personal data to someone in the street in under 30 seconds? Sounds crazy, but according to survey data, the average person might. Did you know, for example, that nearly a quarter of people are likely to share their real birth date, email address, full name and phone number on the first date? And these concerning figures are even more pronounced with men – 12 per cent of whom are just as likely to disclose their SIN card number on a first date as they are to brag about their salary.

And it doesn’t stop there.

When it comes to online forms, over three quarters of your customers admit to providing sensitive personal information. And, considering they take half a minute to inspect the safety of an online form, the amount of details they provide is startling.

Did you know, for example, that over 10 per cent of your customers are comfortable providing their bank PIN number through an online form? Or that a further 34 per cent of them have given their SIN card number? And that a small, but more trusting, 5 per cent willingly disclose their passport number when prompted by faceless forms?

But, at the end of the day, why does this matter to your business?

Data breaches are expensive messes to clean up and they happen more often than you think – with nearly a quarter of people admitting to having had their personal information stolen. In addition to massive fines pushing into the tens of millions of dollars, and drawn out class action lawsuits, a high-profile breach can cause irreparable damage to your brand trust.

Providing your customers and employees with a concise yet complex high-performing encryption solution can help alleviate some privacy woes in your organization – especially for mobile. Newer encryption platforms integrate easily with existing IT systems and offer multiple flexible methods of protecting information in transit.

In summary, encryption matters, and IT professionals get this – even if their reasons lie primarily in the bottom line of compliancy. But actually applying encryption throughout your organization is a different issue altogether and relies on making your privacy process more streamlined and less of a hassle for users. But the payoffs of preparing for privacy are huge – and your efforts will be noticed.

Check out some of the creative ways organizations are using our Echoworx OneWorld encryption platform to help ensure the safe transit of everything from bulk delivery of millions of e-statements to sensitive onboarding documents for new clients. The proactive applications of encryption are endless, and can be automated, for when your employees’ behaviour can’t be.

By Nicholas Sawarna, ‎Sr. Content Marketing Specialist, Echoworx

23 Nov 2017
Echoworx | Email Encryption Solutions | Trust Me: Be the Good Bank 2

Trust Me: Be the Good Bank

Hey banks, millennials have trust issues. Yup, these sophisticated, well-travelled, highly educated people have conflicted relationships with personal information.

A new OnePoll survey commissioned by Echoworx revealed that millennials are more careful with romantic partners than they are with financial institutions. Almost 50 percent of respondents age 18 to 35 would not give a partner their home address until after at least five dates. Yet, 56 percent had shared sensitive information by email with their bankers and brokers, not realizing that email can be easily hacked and sifted to steal identities and key information. And not to put too fine a point on it, but less than 60 percent of the surveyed millennials could accurately define “encryption.”

All of your customers expect you to treat them well, so your ability to make them trust you lies in how well you do it. And a big part of that is having strong cybersecurity so they don’t have to worry about having their data lost or stolen.

Information culture shift

Millennials’ contradictions around personal information make sense when you think about how human interactions have changed. Today, dating isn’t only about meeting someone through hobbies, work or friends – you can do it through apps, too. But with apps, the community relationships aren’t there, so millennials are naturally careful about revealing their home addresses. On the other hand, they’re so used to the continued refinement of tech, especially in business, that they trust it to work for them.

People born in the 1980s and ‘90s grew up as handheld devices morphed into the multimedia portals that they are now. They take digital convenience for granted in the same way they take their own hands and feet for granted, and because of that, they don’t have their parents’ suspicion of devices and software. But they also don’t have the media-savviness of the generation following them, who started learning about privacy and internet safety as early as grade school.

The good, the bad and the non-committal

Millennials expect financial institutions to integrate their processes seamlessly into mobile, and that’s created a classic battle between good and evil.

On the evil side, there are people doing whatever they can to steal information. On the good side are businesses who use the highest security protocols in all their communications. But between good and evil, you’ll find others who are simply hoping they won’t get burned when things go wrong.

Millennials are now your primary workforce and client base, and the bad side will exploit every opportunity you leave open. All workplace communications are targets, so strong encryption is critical for front-lines, back-end and all internal media tools.

Business relationships, like romantic relationships, thrive on trust, and it’s much harder to rebuild than it is to behave responsibly from the get-go. Be the good side –secure communications, encrypt everything at the highest level, and don’t ever ask for info through unsecured email or apps.

22 Aug 2017
Echoworx | Email Encryption Solutions | Method-Agnostic Encryption Delivery

Method-Agnostic Encryption Delivery

Encryption until very recently was considered as a niche market with an inconsequential prospect to emerge as a global industry. There was a time when small and medium-sized data security service providers around the world started using homegrown cryptographic systems to encrypt emails and secure vulnerable information. As more solution providers surfaced with varied styles of cryptographic systems, the data security space began to clutter, causing incongruity in encryption delivery formats and user interfaces even within the same organization. Comprehending this predicament early, and looking to break siloed cryptographic systems, Echoworx developed OneWorld, a method-agnostic email encryption platform designed to decipher the unique encryption requirements of a company and offer an appropriate solution.

What sets OneWorld apart from its peers in the market, is its flexible delivery approach for policy-based encryption. The platform can automatically utilize up to six push encryption methods (TLS, PGP, S/MIME, Encrypted PDF, and Encrypted ZIP) or web portal pull encryption method based on the sensitivity of the content. OneWorld allows administrators to effortlessly define and facilitate email policies to reduce the risk of data loss. “We don’t believe in maintaining a particular style of encryption, and our flexible platform intelligently deciphers the requirements of the clients and molds itself to suit their specific needs,” says Mike Ginsberg, CEO of Echoworx. The firm has penetrated deep into the dynamics of the software to build a platform that is agnostic to any particular style or delivery method.

Ginsberg explains how a top global banking institution found it cumbersome to support multiple data security service platforms to achieve different encryption delivery methods in their enterprise. The diversity of UIs and UXs coming from the various providers also brought inconsistency to the overall standard of the financial institution. More so, the legacy solutions were capable of encrypting only an approximate 1.5 million messages a month. After implementing Echoworx’s OneWorld, the bank instantaneously stepped up their delivery to 100,000 encryptions in less than an hour. Echoworx’s global presence also helped the banking institution to provide the solution in 22 different languages to suit their customers’ specific needs.

When it comes to data protection, however, the tenets go far beyond just providing a software solution; an organization has to ensure that the software complies with the data protection laws or the privacy legislation system of the country it is operating under. To ensure protection from territorial leakage of sensitive information, such as financial statements, credit card data, or personal information, Echoworx has set up multiple data centers in various geographic locations worldwide. “When we started working for a bank in Mexico, the client made it clear that none of their data should leave the periphery of the country, and hence we had to establish a data center in that location,” states Ginsberg. Likewise, Echoworx has two data centers in Canada, one each in the U.S. and UK, and two facilities in Dublin. The firm’s SaaS solution can easily migrate databases to another data center, making it possible to setup in any geographic location in a very short deadline. With the help of Echoworx’s global cloud solutions, one of the world’s largest insurers was able to start its operation in a ne w country overnight.

Echoworx has plans to add authentication services, such as biometric scanning, face and voice recognition, etc. to its suite of offerings in the future. Apart from product expansion, the firm has sights to expand geographically to Asia within 12 months. Echoworx has already established substantial grounds for encryption in the banking and healthcare industries and intends to broaden its horizon to include the airline industry in the years to come.

In fact, Echoworx was selected by CIOReview as one of this year’s Top 20 Most Promising
Banking Technology Solutions Providers
.

“We are glad to announce Echoworx in our annual ranking list of 20 Most Promising Banking Technology Solution Providers 2017,” said Jeevan George, Managing Editor of CIOReview  “The company’s encryption platform is designed to address the diverse secure communication requirements of the banking and financial services industry.

Echoworx will be demonstrating it’s solution to the industry in Miami, Florida – at the largest Latin America technology and innovation event – the 17th Annual CL@B 2017 Conference. You can get the details here:  https://www.felabanclab.com/

This article originally appeared in CIOReview Banking Technology Special

16 Jun 2017
Echoworx | Email Encryption Solutions | If You’re Not the Customer, You’re the Product

If You’re Not the Customer, You’re the Product

Does anybody actually care?!

Last month, we had the chance to speak with security and privacy expert Bruce Schneier on mass surveillance and the hidden battles happening behind the scenes to collect our data  …  all kinds of data!

Wasting no time, Bruce jump started the conversation reminding us all that everything we do that involves a computer, creates a transactional record of what we did.  And I do mean ‘everything’ . Browsing the Internet, carrying a cellphone, making a purchase, using any IoT sensor, or passing a security camera creates data about us. Any socializing we do online – phone calls, emails, text messages, online chats, creates data about us.

A lot of this data that’s being produced and stored is called metadata, basically it’s data about the data. Bruce’s explanation really put it into context for me: I make a cellphone call – the data would be the conversation that we’re having and the metadata would be my cell number, your cell number, the date, time, duration, and location of our call.

Following is a teaser of part one of our thought provoking discussion on:
The Business of Surveillance.

In many contexts, metadata is actually much more important than conversation data. Metadata tracks our relationships and associations, it captures what we’re interested in, what’s important to us – metadata reveals who we are. As Bruce so vividly pointed out, we’re living under constant surveillance and this surveillance is incidental. It’s a side effect of using all those computerized services that we have become so dependent on. It’s covert.

When we browse the internet, we don’t see the dozens of companies silently tracking us. It’s not like there are 12 people behind us looking over our shoulder. We don’t see the cookies. We don’t see most of the security cameras. It’s hard to avoid them because we have to use things like a credit card, we have to have an email address. Sure we can choose to not have a GMail account if we don’t want Google to store all of our emails but Google would still get our email because while we don’t use GMail somebody else that we know does. It’s what Bruce called ubiquitous surveillance. What makes ubiquitous surveillance different – why should we care? Here’s a great example. It’s not follow that car- it’s follow every car. And when you can follow every car, there are things you can now do that you couldn’t have done otherwise.

What was most interesting to me is that, this data, is also collected and used by corporations of all sizes. There are corporate systems built to basically spy on us in exchange for our services. How and why did this come about? Blame it on the Internet. With no obvious way for companies to charge for the many things on the Internet and people expecting the Internet to be free, advertising as a business model was all that remained. All this data web sites collect on us is sliced and diced by agencies into small targeted segments that companies can then buy and use at a premium price

Remember the title of this : If you’re not the customer, you’re the product. So I ask, “do you care?”

17 May 2017
Echoworx | Email Encryption Solutions | Healthcare Security in Critical Condition

Healthcare Security in Critical Condition

Are healthcare organizations more vulnerable to data breaches than other industries?

Healthcare organizations (69 percent) and their third-party business associate (BA) partners (63 percent) certainly seem to feel they have a target on their backs, according to Ponemon’s Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data.  However, knowledge hasn’t necessarily led to preventative action in many healthcare firms or the BAs that support them. Data breaches in healthcare continue to put patient data at risk and are becoming increasingly costly and frequent. According to Ponemon estimates, data breaches could have already costed the healthcare industry $6.2 billion.

Patients at risk for financial identity theft

While many of the breaches reported by survey respondents were small, containing fewer than 500 records, nearly 90 percent of healthcare organizations taking part in the study reported they were victim to a data breach over the past two years, and 45 percent had more than five data breaches during that same period. Ponemon estimates that the average cost of a data breach for healthcare organizations over the past two years was more than $2.2 million, while the costs to BAs was more than $1 million. The top stolen files: medical files, billing and insurance records, and payment details, putting patients not only at risk for exposing personal details, but also for financial identity theft.

Employee negligence, cause for concern

What’s evident from the data is that employee negligence and mishandling of sensitive patient data is still a huge cause for concern; according to Verizon’s Data Breach Digest, 23 percent of data beaches reported in healthcare are from inside privilege and misuses. In the Ponemon report, 69 percent of health organization respondents cited “negligent or careless employees” as the type of security incident that worries them the most, compared with 45 percent for cyber attackers and 30 percent for insecure mobile devices.

At BAs, negligent or careless employees was cited by 53 percent of respondents as their most feared security incident. Healthcare organizations may be overly worried, as only 36 percent of healthcare organizations named unintentional employee action as a breach cause.  However, the numbers aligned as well for BAs, as 55 percent of BAs named unintentional employee action as a breach cause.

Health data, least encrypted

According to a second report from Ponemon and Thales, which tracked extensive usage of encryption solutions for 10 industry sectors over three years, healthcare and pharmaceutical organizations have seen the largest jump in use of encryption solutions, with 40 percent of organizations now reporting encryption use. However, the same report also shows that the least likely data type organizations overall encrypt (at 21 percent) is health-related information, quite a surprising result given the regulatory requirements, sensitivity of the data, and the recent high-profile data breaches in healthcare.

Fingers point to funding and resources

Despite the increased frequency of breaches, and the rising costs to deal with the aftermath, half of these organizations still feel they lack the funding and resources to manage data breaches. The intent is there, as most companies have reevaluated their security practices and have implemented policies and procedures designed to curtail breaches. Those practices—however well intentioned—seem to be doing little to stop breaches from occurring.

For many organizations, it comes down to budget restraints; the majority of both healthcare organizations and BAs feel their organization:

  • Has not invested in the technologies necessary to mitigate a data breach
  • Has not hired enough skilled IT security practitioners
  • Has not adequately funded or provided resources for the incident response process

Healthcare organizations report budgets have decreased since last year (10 percent of respondents) or stayed the same (52 percent). The scenario is similar for BAs: 11 percent reported decreases and 50 percent the budget stayed the same.

Healthcare security is in critical condition

Based on these reports, healthcare security is in critical condition. Breaches are happening frequently and are costing both healthcare organizations and BAs more. According to the Ponemon report, accountability for the data breach incident response process is dispersed throughout the organization, however, both healthcare organizations (30 percent) and business associates (41 percent) say IT is the function most accountable for the data breach response process. But who is responsible for stopping these breaches before a response is required?

CIOs and CISOs need to continue to push the envelope in their organization on breach prevention, escalating it to become a key business priority. They can start by putting their policies and procedures under a microscope, and locating where the black hole is when it comes to putting those policies and procedures into practice with employees. The next step is investing in encryption technology to prevent breaches, not just in insurance policies for when they occur.

 

By Chris Peel, ‎VP Customer Engineering, Echoworx

16 May 2017
Echoworx | Email Encryption Solutions | What Role Does Privacy Play in Your Digital Transformation Strategy?

What Role Does Privacy Play in Your Digital Transformation Strategy?

If you are a senior leader in an organization, I am sure you have been asked the question – “What is your digital strategy?” You may also be getting tired of people telling you that new market entrants (especially millennials) are disrupting traditional business models and are forcing you to redefine the end to end customer experience. And here is another good one- “Have you hired a digital transformation executive yet?”  While I make light of all the digital hype, this transformation is not a joke – it is a survival necessity.

In my view, there are two approaches that an organization can take to modernize digitally – ‘internal business process out’ or ‘customer experience in.’ While it is beneficial to do both, prioritizing one is pragmatic. If you are one of those esteemed organizations which have prioritized their digital presence around customer experience, you must have thought how you can protect the privacy of your customers or you are thinking about it right now.

Tracking and analyzing customer data and behaviour is a vital part of any digital strategy. It reveals possible opportunities by providing customer experience insights and helps maintain rapport with your client base. You can obtain information about your customers from many sources apart from the traditional online or mobile interaction. You can collect sensor data from homes, cars, wearables, and potentially implants as well.  But how will this data be used?  Will it be shared?  I am going to assume that customer data will be shared within and outside the organization- be it driving patterns tracked by P&C Insurance companies, health data procured by Life Insurance Companies and investment patterns followed by Wealth Management firms. Currently, the easiest way to communicate or share information is to use existing and familiar tools such as email or text messaging applications. When using these applications to send/share customer information, how are you ensuring it is kept confidential? I will come back to this later, but first, let’s consider the consequences of leaked client information and the possible opportunities that exist if customer privacy is properly managed.

Making privacy, priority

As customer interaction with organizations becomes more digital, the risk of sensitive information ending up in the wrong hands has dramatically increased.  We have seen a myriad of brand names in the news around privacy breaches where customer information was compromised. What does this do to the relationship you have with your customers that are affected, as well as prospective clients?  When confidence is lost between an organization and its customers, there is a direct negative impact on profitability and reputation. Alternatively, if your customers understand that you are making their privacy a top priority, there is a new level of affinity resulting and in turn a positive impact on profitability can be realized. A reliable relationship makes it much easier to increase one’s wallet share of existing customers and capture new customers through word of mouth – I’m showing my age – I should have said through social media!

Let’s come back to the question of how to ensure that customer data stays confidential when sending this information with traditional communication tools.  Most tech savvy people would say “that’s easy – encrypt it.”  The problem is, it’s not easy. We face complex interaction between user experience, manageable infrastructure, and security. If you are a large organization, consider the myriad of encryption delivery methods- TLS, SMIME, PGP, Portal, ZIP, PDF and the list goes on. Each method has its own value depending on the use. Also, the recipients you are communicating to and the local privacy standards must be taken into account. Alas, it’s tough to simplify your infrastructure when dealing with the multiple flavours of encryption delivery alternatives. It doesn’t stop there – this complexity tends to expose itself to the user or recipient. This causes problems when a big part of your digital strategy is based on simplifying processes and the entire user experience.  Why do so many organizations have one or more encryption solutions and none is used to the extent it should or must be? Complexity of the solution!  And who wants to invest in on-premise infrastructure and the resources to manage this encryption complexity. This problem cannot be ignored, although many try to do just that.

Securing, Mobile experience

Another issue that must be addressed as part of a digital strategy is the mobile experience. How do you ensure mobile users enjoy a risk-free experience while sending and receiving secure information using encryption technology? Some might say through Javascript or an external app. But who wants another mobile app? The mobile experience must be natively inherent in the solution you deploy.

I would say that there are only a few solutions that can enable you to share sensitive information in a simple way that will enhance the effectiveness of your digital transformation strategy. Even fewer that can in turn alleviate infrastructure complexity, enable you to confidently manage privacy, allow you to deal easily with numerous encrypted messaging alternatives, enable a seamless mobile experience and ensure the ability to create unique branding based on a business unit or market segment.

Email communication makes it easy for your customers and partners to receive and send information and is a key element of digital communications. It’s time for a solution that makes it simple to secure confidential information through this pervasive communications mechanism.

Reach out to the experts at Echoworx for further insights and visit the links below to additional content that may be of interest.

By Randy Lenaghan, VP Sales, Echoworx

This article originally appeared in InfoSecurity Magazine

28 Apr 2017
Echoworx | Email Encryption Solutions | How to Protect Company Email From Attacks

How to Protect Company Email From Attacks

Email is one of the most common ways attackers use to infiltrate an organization’s systems and gain access to sensitive data. Email is built into smart phones, tablets, gaming devices and desktop computers … yet not designed to protect privacy or security.

Without protections in place, “email is a postcard, not a sealed letter,” cautions Jacob Ginsberg, senior director of products for Echoworx. He says people often don’t understand the permanence of data and how it can exist on servers long after they’ve forgotten about it.

“Email is one of the most common ways hackers infiltrate a company’s system,” says Sam Elsharif, vice president of software development at Echoworx. “They often use phishing scams, sending out emails that appear to come from a legitimate source that ask recipients to click on a link that directs them to provide credit card or password information.”

How can you protect your email communications?
Ginsberg says encryption is a logical solution and provides effective protection. Even small and medium size businesses should consider encryption, especially if they deal with data such as intellectual property and customer credit card information.

“There are old holdover misconceptions about encryption – it must be difficult to use, only IT experts can understand it, it slow things down – but those are no longer valid,” says Ginsberg. “The tools are simple to use and I strongly encourage encryption.”

Ginsberg says with encryption only users and intended recipients can see the data. For added security – and a tool that addresses phishing – users might want to add a digital signature (a coded message associated with a specific person).

Educating staff about email use is critical.
Hold regular training to make employees aware of the rules and practices surrounding email, suggests Elsharif. Do your due diligence: research threats and solutions, and review how your organization stores data, how you email data and how you deal with credit card information. Ensure your company is complying with current regulations.

Elsharif says to consult more than one vendor, depending on your needs. “Everyone needs firewalls and anti-virus software. Do you allow employees to access your network from the outside? You may have to look at a VPN (Virtual Private Network). Don’t be afraid to check with multiple providers. No one company can do it all.”

Technology can be effective in mitigating email threats, but don’t rely solely on it.

“Nothing beats human common sense,” Elsharif says. “As a user, try to follow best practices and don’t be sloppy when dealing with your data.”

Seeing is Believing
See for yourself how our latest encryption technology is easy to install, highly customizable and, most essential, simple for anyone to use.

By Greg Aligiannis, Senior Director Security, Echoworx