Category: Customer Experience

05 Jun 2020

Email Data Protection, The What and Why, and How to Select Yours

Organizations continue to place too much focus on feature and function when evaluating security technology. At a time of fierce digital transformation, the distance between technical promise and business impact continues to widen as over 124.5 billion business emails are sent and received each day.

When COVID-19 first emerged, many organizations scrambled to find quick-fix security solutions to prop up their now-remote workforces for a business delay expected to last a couple of weeks. Add to the mix the acceleration of long-term working from home and shifting attitudes to digital privacy.

“This is a wake-up call for organizations that have placed too much focus on daily operational needs at the expense of investing in digital business and long-term resilience,” says Sandy Shen, Senior Director Analyst at Gartner. “Businesses that can shift technology capacity and investments to digital platforms will mitigate the impact of the outbreak and keep their companies running smoothly now, and over the long term.”

But simply buying an encryption product, to protect your data being sent in emails, does not guarantee long term organizational value.

According to a survey from encryption technology experts Echoworx, 81 per cent of organizations prioritized encryption for protecting data sent in email as important, even critical, to their technology stack, but only 40 per cent are using email encryption throughout their business.

To end this disconnect, we argue that organizations need to start thinking differently about their email data protection strategy and the way they evaluate and select solutions and vendors.

Technology alone delivers no value

The fact that the technical “experts” believe a technology or product will work for the business is not a guarantee that the business will actually use it. Through our years of experience, we have heard these three email encryption misconceptions repeated over and over.

Misconception #1: “We invest in encryption tools because it is mandatory”
Reality: Investment in an encryption tool should address specific business needs.

Misconception #2: “We have encryption, we are safe. It’s good enough.”
Reality: Protecting data sent through email is less dependent on technology than you think.

Misconception #3: “Data protection is all about compliance”
Reality: The ability to protect data is just as important as the ability to use and move data.

Why do you need a particular product? How well do you know the business and their needs? And, how well will this product meet those needs? If you don’t know the answer to these questions, with total clarity, you don’t understand the business and you won’t be able to add real value.

One bank, for example, wanted to easily recall emails and customer documentation so that they could reduce implicating the Chief Data Officer and eliminate lengthy audit processes. That’s what the business needed. What the business got was an onerous multi-step approach, requiring physical actions from multiple staff, external individuals, organizations, and 3rd party email providers to confirm emails and attachments have been deleted from all backups and archives.

In another example, an insurance company wanted their customers to be able to simply respond to an email so that they could return sensitive documentation easily to a centralized mailbox. That’s what the business wanted. What the business got was a time-consuming multi-step approach, requiring the resources of multiple staff, sending instructional emails to customers, requiring registration to an encrypted email service – before being able to access and return requested documents safely.

The list goes on.

Ask better questions, align technology to business needs

Instead of arming yourself with a checklist of features and functions, prepare questions that will help you evaluate the fit of an email data encryption solution to your business needs. Here’s how …

To learn: How well the offering meets your business need.
Ask. Why do you need this particular security product? Why now?

To learn: What does success look like for the business.
Ask. How well does this offering resolve your specific need?

To learn: How end users will use this solution.
Ask. How well does the offering fit into your existing way of working?

To learn: Can this meet the business needs today and the bigger picture needs tomorrow.
Ask. How well the offering integrates with your other systems and technologies? Could the way you use this solution change over time?

01 Jun 2020

Multilingual Interfaces Drive Growth, Says Research

For decades, businesses have internationalized their global operations by adopting English. The gains from this have been real, but recent research suggests they could be even bigger if paired with language preference.

Global enterprises need to operate in English. It’s the primary language of technology, finance, regulators, and other major stakeholders. Firms with global operations need to have a unified language for communication and English-first policies have taken hold in many corporate headquarters and regional offices.

There are advantages to this, such as being able to communicate between offices in Mumbai, Shanghai and Sao Paulo. But even in economies with a high level of English-language skills – including tech hotspots such as the Nordics, Israel and Singapore – the use of non-native languages can cause confusion, miscommunication, and unnecessary risk.

Increasingly, firms and researchers are realizing that while the trend toward global English has brought benefits, there may be even more upside to having multilingual capabilities.

Here are some key recent findings and observations:

Multilingual businesses can embrace multiple ways of thinking

The World Economic Forum has recognized that the language people use can change the way they think, sometimes in surprising ways . For instance, Chinese speakers tend to take more gambling risks when they receive positive feedback in their native language, but they became more risk averse when the same feedback is given in English. “Reduced impulsiveness when dealing in a second language can be seen as a positive thing, [but] the picture is potentially much darker when it comes to human interactions,” the WEF noted. “In a second language, research has found that speakers are also likely to be less emotional and show less empathy and consideration for the emotional state of others.”

The WEF suggests firms embrace multilingualism even while having an “official” language. “A balanced exchange of ideas, as well as consideration for others’ emotional states and beliefs, requires a proficient knowledge of each other’s native language. In other words, we need truly bilingual exchanges.”

New technologies increase the need for native-language precision

Second languages are difficult to master in writing, and far more challenging to learn to speak. With the world’s largest technology firms promoting voice commands, the demand for better native-language interfaces is rapidly increasing.

The mobile-first world is changing the way we interact with our devices – Oracle Industry Strategy Director, William Bariselli

The mobile-first world is changing the way we interact with our devices, and we’re currently seeing a shift back to an older method of communication: speech. Users are increasingly starting to type using voice inputs rather than using the keyboards,” says William Bariselli, Industry strategy director at Oracle.  He notes that around 60% of mobile phone users already speak to their device daily, with higher rates among younger generations.

As anyone who has responded to voice prompts on a customer-service line or received a nonsensical response from Siri or Alexa can tell you, speech recognition is far from perfect. But with Google, Apple, Microsoft and Amazon making massive investments in natural language processing and including voice features in virtually all hardware and software, it is certain that the trend toward voice will accelerate.

English is the language of cyber crime

English is the global language of both business and cyber crime. Consumer anti-virus firms Symantec and Kapersky consistently note that email phishing and extortion scams almost always start in English before being adapted into other languages.

Scammers will use poor English deliberately to target people with lower-level reading skills

Scammers will use poor English deliberately to target people with lower-level reading skills – both less-educated native speakers and those who use English as a second language. Consultant and author Joseph Steinberg says this targeting of people with poor English skills is intentional and strategic. “As the vast majority of people simply do not write their emails with The King’s English, to put it mildly. A bogus email impersonating one from the head of corporate computer support is likely more believable with minor errors in it, than if it were written as well as most articles in the New York Times or the Wall Street Journal.”

Native-languages may be a legal requirement

Multilingual operations are often a requirement rather than a choice. Many jurisdictions have regulations that mandate bi- or multi-lingual services. Financial firms in Canada, for instance, must have both English and French content and interfaces for employees and clients. Similarly, Europe’s General Data Protection Regulations obliges firms to provide native-language services when dealing with third parties.

Even if multinationals are not required to adopt a local language by law, they will have to communicate and service with institutions that must do so – such as financial and government institutions, particularly when it comes to official and sensitive communications.

Enterprises can’t afford to have any vital instructions lost in translation when communicating sensitive data and private information – Echoworx Senior Director Market Intelligence, Jacob Ginsberg

“Enterprises can’t afford to have any vital instructions lost in translation when communicating sensitive data and private information,” said Jacob Ginsberg, Senior Director Market Intelligence with email data encryption leader Echoworx. “To avoid confusion, miscommunication or something as simple as a poor customer user experience, secure message notifications and instructions need to be clearly understood by those who receive them.”

Native language capabilities reduce costs

With local language capabilities, employees and customers can fully understand and interact with systems and software, improving their ability to use a product and learn its functionalities. “Only if all buttons, menu lists, commands, messages and notifications are clear, will your customers be able recognize all advantages of using your application,” said Dorota Pawlak , owner of DP Translation Services, which localizes software for Polish market. “Localization … ensures readability and preserves the original functionality to help your users understand your product, which in turn ensures better customer experience.” This lowers unnecessary queries to customer service reps, lowering support costs and freeing money for other activities.

Local language capabilities increase employee retention

Harvard Business School professor Tsedal Neeley sees many advantages of English as a global business language, but notes that forcing employees to adopt foreign language can hurt performance, job satisfaction and retention.”When my colleagues and I interviewed 164 employees at GlobalTech [a pseudonym for a multinational] two years after the company’s English-only policy had been implemented, we found that nearly 70% of employees continued to experience frustration with it. At FrenchCo [another pseudonym], 56% of medium-fluency English speakers and 42% of low-fluency speakers reported worrying about job advancement because of their relatively limited English skills.”

People are more precise on their native language

English is essential to advance in sectors like technology and finance, but English as it is spoken in business is not the same as how it is spoken naturally and has serious limitations. “Phonetically, [business English] has almost nothing to do with American or UK English. They say it is ‘BBC English,’ but actually it is not. It is a phonetically simplified English that uses UK English grammar,” said Salvatore Sanfilippo, an Italian computer programmer with a U.S. cloud services firm. While this allows people from around the world to communicate easily, it has nothing to do with the real English spoken in UK, US, Canada, and other countries where English is a native language,” says Sanfilippo.

A person’s first language will be their first preference

The most obvious reason for language localization is that a vast majority of people prefer to speak their first languages.

The Globalization and Localization Association, a global non-profit, notes a wealth of studies on language preference: 56.2% percent of consumers say that the ability to obtain information in their own language is more important than price,65% of multinationals believe localization results in higher revenues, 95% of Chinese consumers are more comfortable with websites in their language. The ability to communicate in multiple languages can even be a critical factor the success of cross-border merger and acquisition deals.

56.2% percent of consumers say that the ability to obtain information in their own language is more important than price – The Globalization and Localization Association

Similarly Common Sense Advisory  polled 3,002 consumers in 10 countries finding a substantial consumer preference for native tongues, noting that people who lack confidence tend “to avoid English-language websites, spend less time during their visits, and not buy products that lack instructions or post-sales customer support in their language.”

21 May 2020

Security Shopping Based on the Lowest Bidder

Bang-for-buck is less about cost and more about strategic fit and operational value when it comes to email security

Overnight digital transformations in the wake of COVID-19 are pushing organizations to the brink of what their infrastructure can handle. In the case of large enterprises, with thousands of employees and offices around the world, actions as simple as sending an email can quickly become overwhelming – requiring new hardware, software and the IT staff to run it all. Consequentially, many organizations have had to rapidly upgrade and evaluate new technologies, in a cost-driven manner, to help bridge the gaps.

Yet, a new study by Echoworx reveals a disconnect between the immediate rewards of low initial price tags to actual long-term value amid growing security breaches and brand distrust. While cost remains a primary driver behind the decision-making process for information security shoppers, there is an alarming lack of other factors contributing to ultimate assessments of value.

Prepare for the next GDPR, align to the goals of business leaders

Meeting immediate business requirements is tempting for organizations operating under time constraints – it’s human nature. But focusing evaluation criteria for data protection on cost and business compliance, often results in adopting solutions that meet a narrow checklist of requirements or immediate needs. Theoretically this approach ensures the organization can maintain compliance, with minimal impact to their bottom lines, while preserving their ability to compete in their new digital world.

But it is not that simple.

Adopting a checklist strategy for protecting data sent through email does not anticipate unexpected turns or developments down the road. Regulations, or other security demands, are known to change without warning – suddenly adding more boxes needing to be checked off. While a low-price tag might create initial attraction to a security solution, organizations need to ensure it is flexible enough to accommodate new demands and the impact it can have on innovation and their strategic vision.

Introduced in the spring of 2018, the General Data Protection Regulation (GDPR) of the EU, for example, revolutionized the way organizations were able to capture, store and exchange the personal digital data of the citizens of affected European nations. Yet, less than a year later, in January 2019, Denmark introduced more literal interpretations of the new GDPR, making encryption mandatory for all sensitive data overnight – including data sent in emails. For organizations not set up to accommodate this new Danish development, conducting business in Denmark became incredibly difficult.

Opt for value optimization instead of short-term cost impact

More than 50 per cent of CIOs from banks and insurers operate their IT environments in a cost-inefficient way, according to Gartner’s cost value matrix. Another report by Forrester found that cost is, by far, the highest consideration of decision-makers shopping for an email security solution. But respondent also touched on other considerations seemingly unrelated to cost, with unquantifiable benefits, like customer impact, listed as important determining factors. This suggests that the actual business value of email protection is not set solely by the lowest possible initial investment – and is instead a value-for-money equation.

And this value equation can be played out in various scenarios.

According to Siddharth Deshpande, former-Research Director at Gartner, organizations continue to see the additional value brought by security solutions – in addition to the security they provide. “Security leaders are striving to help their organizations securely use technology platforms to become more competitive and drive growth for the business,” says Deshpande, as reported by Forbes.

If the solution is chosen on account of cost, without consideration being paid to a mix of business needs, the result may meet the tactical requirements set by IT but could be detrimental to the business on account of a poor or overly rigid customer experience, for example.

Digitalization will lead to the value-for-money

We need to remember that any digital tool on the market is designed to replace a clunky offline process – email data protection tools are no exception. Decision-makers need to keep business use cases top-of-mind when shopping for email security tools that help with digital transformations. Cost means nothing if a tool does not do what it’s supposed to do or proves detrimental to business flow.

A bank, for example, might need to send millions of secure financial statements to their customers at the end of each month. While this might normally be done using post, requiring reams of paper and expensive postage, an email data protection solution can enable them to send digital copies to customers faster and at substantially lower costs. Checkbox marked. But the true cost-efficiency is only realized if the same solution can handle the intensive demands and mass distribution of virtually unlimited encrypted documents – not hinder it.

And our new digital world appears to be here to stay, with 74 per cent of CFOs toying with the idea of increasing remote work capabilities after the current global pandemic passes. While others, like Twitter, already publicly stating, “If our employees are in a role and situation that enables them to work from home and they want to continue to do so forever, we will make that happen.”  But ensuring that these workers can do all their work from home, requires security. Analysts are predicting further investment into IT solutions to accommodate this increased demand for remote work.

Reap the benefits of digital transformation by smarter spending

Initial costs of an email data protection solution can be misleading if their business value over time is not considered. If the technology is effective at adapting to various business use cases and securing vulnerabilities, without detrimental impacts to customer experience, initial monetary investment can quickly become irrelevant.

Even a higher initial investment into encryption technology can be offset by less investments into maintenance, hardware, or software upgrades. This can lead to substantially shorter payback periods and allows for valuable IT resources to be allocated to other projects.

Further supplementary cost savings can also work over a period to make the solution more valuable. A more valuable security tool, for example, might grant access for users to self-help resources or access to third-party specialists to help navigate any user confusion. Mitigating the costs of email related help desk queries alone can save organizations hundreds of thousands of dollars.

An investment in email data protection, based on stakeholder needs and strategic fit, will lead organizations into value-for-money.

08 May 2020

New Streamlined Ways of Authenticating People Quickly Proving Their Value

Traditional ways of gaining access to an account or information, think usernames and passwords, remain common, but their shortcomings pose liabilities.

How do you confirm that people requesting access to your system and files are who they say they are? One way is to ask them to confirm their identity multiple times before granting access – otherwise known as Multi-Factor Authentication (MFA). Chastised in the past for awkward or clunky user experiences, new streamlined ways of authenticating people are quickly proving their value.

Bad password habits pose vulnerabilities

As the saying goes: A chain is only as strong as its weakest link. The same mantra may be applied to a cybersecurity program, where a single weak lock can pose a critical vulnerability to an entire company’s network. In the case of authentication, internal employee slipups can render even the strongest digital locks obsolete. Passwords were responsible for 81 per cent of breaches in 2017.

From weak or easy-to-guess passwords, like ‘p@ssword,’ to password reuse across multiple accounts, people cannot be trusted to create keys granting access to digital assets. But if multiple digital locks are created, each requiring a unique authenticating factor to grant access, it is theoretically harder to force access. That is what makes MFA systems so effective at protecting valuable data.

Address inherent vulnerabilities: authenticate beyond username and password

MFA helps mitigate the vulnerabilities presented by weak password habits by requiring additional authenticating ‘factors’ before granting access. These factors can vary in terms of complexity but are usually something unique or known only to the individual. This ensures that if a single factor is compromised, guessed or lost, like a password or PIN, other factors, maybe a birth date, remain to accurately verify the identity of who or what is trying to gain access.

“Imagine somebody is trying to hack an account and they correctly guess a user’s password,” says Chris Peel, VP Customer Engineering at Echoworx. “With MFA, they may try to log in, but the owner of the account gets a pop-up on their mobile device notifying them that someone is attempting to login. Access can then be denied by the person – using this second factor of authentication.”

Advocate for user friendly MFA

There is no ‘one way’ of conducting MFA. The term is loose and can be applied to a variety of authentication systems – from so-called ‘Strong Authentication,’ a variant of Two-Factor Authentication now a requirement for transactions over €30 in Europe, to hard-token MFA, where a physical token is required to gain access. These systems vary in the amount of security they provide – with some even deliberately hindering user experience to emphasize the importance of the access they provide.

“People won’t accept more security than they think they need.” – Google’s Mark Risher

But new digital variants help make MFA a relatively frictionless experience – with little to no impact on user experience. A bank portal, for example, might ask a banking customer for a password as one factor, or way, of authenticating their identity. But, as a second factor of authentication, the bank may also demand a Time-Based One-Time Password (TOTP) – a single-use and time-stamped random code – issued from an app installed on the customer’s mobile phone. This additional verification is completed by the customer without leaving their mobile phone. The key, you must keep it simple. Mark Risher, who manages Google’s identity systems says, “People won’t accept more security than they think they need.”

Adequate authentication, not an option

When it comes to protecting customers and the digital infrastructure of an organization, adequate authentication should not be an option – and it does not have to be. According to a report conducted by the Global Information Assurance Certification (GIAC), 87 per cent of respondents were favourable of having to authenticate themselves after being told what it was for.

The GIAC study illustrates that, while MFA might be initially viewed as security overkill by people, the same people view it favourably once they are made aware of what it is, and the protection benefits it provides them. Today most service organizations got the message: consumers want two-factor. If you do not offer it, they’ll find the service that does.

Authentication is an integral part of digital business

If digital trust is the new currency of customer experience, MFA is one of the locks holding everything in-place. The average user assesses the safety of an email in just 30 seconds before replying with personal information, says Echoworx in a survey they conducted.  Yet, more than three quarters of people will leave a company who mishandles their data. If people cannot be trusted to safeguard access to their own data, organizations need to ensure a single digital slip-up doesn’t enable fraudulent access.

To make sure that right people enter and access the right information, MFA assures organizations that their entire network won’t be compromised by a single person – helping solidify levels of digital trust.

The future does not include more complex passwords

While not uniformly mandatory under any regulation, MFA is quickly becoming a recommended default. For example, as per the European Central Bank (ECB)’s European Payment Services Directive (PSD2), transactions conducted over €30 must feature ‘Strong Authentication,’ to comply with their ‘Strong Customer Authentication (SCA)’ practice. In the wake of this regulatory development, 84 per cent of affected organizations outline MFA as a priority investment. For independent bodies, this trend continues, with certification bodies, like the PCI Security Standards Council, which is responsible for managing PCI DSS, highly recommending MFA for any future developments.

05 May 2020

A Realistic Look at Email Security

Like any locked door, chest or vault, some things can be more secure than others. Enterprises need to know where and how to apply email encryption for maximum data protection. 

While some email data security products may offer a built-in encryption feature as part of a larger bundle, there are extensions you should consider that further protect your brand, business and customers.

Here are some ways to add some more muscle to your email data protection efforts:

Covers every scenario

Whether you’re sending millions of e-statements or just sending a sensitive document, not every encrypted message is the same. Look for an encryption platform which offers a customizable user experience for both senders and recipients. People do not come in a one-size-fits-all version.

Personalization

If your organization operates internationally, there’s a high chance that English might not be the mother tongue of some of your customers. Offering encrypted communications in the language of your users helps eliminate confusion and is just good customer service. With Echoworx OneWorld, for example, you can set language policies which can automatically be applied to encrypted communications based on sender, brand, locale or receiver attributes.

Keep email protection simple

Encryption may be hot but the use of it still isn’t. Echoworx found that only 40 per cent of organizations who have encryption capabilities are actually using them throughout their organization. Making data protection in email a consistent path of least resistance is a good non-intrusive way of getting everyone, inside and outside, to communicate securely.

More secure ways to send emails

With traditional secure message delivery, where TLS is used, if a TLS connection isn’t available or supported at the receiving end, there are only two outcomes: receiving an error or sending a message unprotected. Supporting multiple secure delivery methods offers effective fallback options – ensuring sensitive information is always able to be sent and is never sent unprotected.

Prevent unauthorized access

While a one-time-password encryption method is secure, the password itself is only as secure is where it is sent. In other words, if both the one-time-password and the encrypted message are sent to the same mailbox, there’s a lot of trust being put into the security of a recipient’s device or email inbox. A natural solution to this issue would be to send the password to the sender, who can then communicate it as they please to the recipient.

By Derek Christiansen, Engagement Manager, Echoworx

01 May 2020

Who Controls Your Encryption?

Security controls how our property is used, who has access to it and keeps it safe. But what happens to this secure sense of control when property and data goes beyond your reach – outside your digital perimeter?

Here are some points to consider when evaluating encryption options for email data protection – without relinquishing control:

Meets compliance needs 

Under international privacy rules, like the GDPR, non-compliance can lead to massive fines you can’t afford. And, while delivery methods like TLS or PGP are effective for protecting data in transit and end-to-end, they do not accommodate every situation – additional options are needed. If a TLS connection is not available, you may want automatic fallbacks to another secure delivery methods, such as via web portal or as an encrypted attachment – ensuring sensitive data always remains protected.

Automates processes

Encryption is a feature of any serious cybersecurity design – but real world application still lags, according to Echoworx data. When a platform is not user friendly and encrypting a message is difficult, there is a tendency for senders to favour the path of least resistance – sending sensitive data without protection. Setting proactive encryption policies in motion not only makes encryption mandatory based on pre-set rules, but also improves platform usability by automating a sometimes-confusing process. Take inbound encryption policies, for example. When a customer sends an organization sensitive information, like a credit card number, over an open or unrecognized channel, there is a chance existing email filters might flag and block their message for reasons of compliance. By setting inbound encryption policies, incoming emails containing sensitive data are automatically encrypted, before being delivered to a recipient’s inbox – safe, sound and compliant.

More secure ways to email

From the choice of email service provider to something as simple as a device-type, there are a variety of ways recipients might be inadvertently controlling their encryption experience. This unintended result can prove detrimental to their user experience – especially if there are better encryption delivery methods for their situation. Using proactive policies, your organization can push secure delivery methods tailored to specific customers. You might, for example, set policies which restrict TLS to trusted partners only – or employ attachment-only encryption for secure statement delivery.

Consistent experience for everyone

Part of a true streamlined user experience relies on a consistent user experience – regardless of device, location, location or connectivity. An encrypted message experience, for example, should offer the same user experience regardless of whether the secure message is accessed on a desktop computer or offline via a mobile device – without the need for third-party apps. This same consistent user experience also helps streamline working within collaborative environments. Common business scenarios, for example, often involve engaging with a sensitive document across multiple devices and environments. Is the document going to look and act the same offline and online? If working collaboratively on a sensitive encrypted document, is the user experience identical for all parties involved?

Recall email when needed

The ability to recall a compromised message even after it has been read, is a simple, yet fundamental feature enabling control of an encryption experience. Whether a message is sent to an unintended recipient or whether a message is no longer safe, control over a message shouldn’t have to be relinquished just by pressing ‘Send.’

Brand Safeguards

Branding and the separation of brands is crucial to any enterprise. The ability to brand, separate and segment customer interactions according to brand can mean anything from how a secure message is received to a preferred language. Different brands should also be siloed to prevent eavesdropping from other business units.

By Derek Christiansen, Engagement Manager, Echoworx

01 May 2020

The Importance of a Consistent Encryption Experience

 The adoption of new technologies only truly takes hold when people actually use them – particularly when it comes to cybersecurity solutions.

The cybersecurity benefits that come with encryption can only be realized when the encryption experience is consistent—for your employees, your customers and your partners.

Protection needs to reflect your digital workplace realities

In many organizations, today’s digital workforce include employees scattered across the globe, working from anywhere at any time and with any device.

  • Mobile employees, who expect to work from anywhere via any device
  • Evolving security demands of clients, partners and vendors
  • Zero trust policies for business risk and disruption
  • Controlling data after it leaves the organization, while ensuring it only reaches intended recipients
  • Cybersecurity threats – both of internal and external origin
  • International privacy laws, such as the General Data Protection Regulation (GDPR), which dictate business processes.

 

At any given time, employees are accessing secure information from their desktop and mobile devices, on or off the company network. Even the reality of business travelers accessing secure documents—while on the road, without reliable access to the Internet —presents a data protection problem.

This new digital workforce makes it difficult to implement a consistent email data encryption experience because there are many user types, each with different needs. A one-size-fits-all solution may sound like heaven but is unlikely to provide a friendly experience when offered to real people in real world situations.

Must-have security extensions for encryption 

Security administrators must balance user-experience with airtight data protection and—much like a tightrope walker—when these features are unbalanced, the risk increases exponentially.

While an included encryption solution might seem simple, it doesn’t always provide the right balance of security and usability. An bad user experience can lead to frustration and open the door to workarounds. A recent Echoworx survey found that only 40 per cent of organizations that have encryption capabilities actually use them across the business.

Pairing your current solution with encryption extensions gives you the opportunity to innovative – offering consistent data protection that reflects your workforce realities.

Look for an encryption extension that:

  • Has a flexible platform that can quickly integrate and adapt to any environment.
  • Provides policy-based support of multiple brands and languages, based on organization, sender and recipient attributes.
  • Keeps email protection simple for people who are not heavy technology users which promotes adoption for senders and recipients.
  • Is designed for high volume messaging capabilities—to meet enterprise-level demands.
  • Offers a variety of secure delivery options, including fallback options, so that all messages are protected.
  • Provides full value for investment.

 

It’s all about the customer experience

An organization with offices around the world can use Echoworx’s OneWorld encryption platform to deliver a consistent brand, domain and user experience regardless of where the sender or recipient is located.

You may wonder how this works. The platform supports 26 languages and uses organizational attributes to personalize and dynamically brand outgoing encrypted messages by logo, division or location. These rules are set up during implementation and based on business use cases.

If you take advantage of branding and language preferences, your clients will consistently see that the secure message originated from a reputable source — your organization—and that it isn’t spam. This approach helps you build trust with customers. Encryption is so intertwined with client trust, satisfaction and retention, it’s now a business necessity.

But it’s a business necessity that pays for itself.

At Echoworx, protecting email is all we do, and we do it consistently. Our OneWorld encryption platform and cloud security services are an extension to existing security programs, providing a wide range of communication options.

By Derek Christiansen, Engagement Manager, Echoworx

27 Apr 2020

Multi-Factor Authentication Is Redefining Digital Business

Why risk everything on someone’s poor password habits? Multi-Factor Authentication (MFA) is quickly becoming the new norm for verifying people are who they say they are before granting access to digital assets.

Yet there remains a certain reluctance to implement MFA on account of its supposed detrimental impact on the user experience. But MFA has come a long way from its clunky beginnings two decades ago – making it easy for everyone except attackers.

Easy to use

When people think of MFA, they usually think of the authentication system in its most extreme form – requiring a combination of disconnected physical tokens, location-based factors or USB keys which must always be carried on your person. Some of these more-severe MFA systems are designed to be difficult so that organizations can be sure, without a doubt, that users requesting access are who they say they are. While these factors are still used at organizations requiring more robust security protocols for their digital access points, today there are frictionless factors available for a streamlined user experience.

An organizational portal, for example, designed to grant access to sensitive communications, can be set up to require as password for a first factor and a Time-Based One-Time Password (TOTP) – a single-use, soft-token and time-stamped random code – issued from a third-party SaaS app installed on the user’s mobile device as a second factor before access is granted. With the app-issued TOTP, an additional authenticating factor is added with little change to the user experience.

Hard to compromise

A password is only as strong as it is complex – and even the most complex password can be cracked. But people are notorious for choosing weak passwords, reusing old ones, and even using the same passwords for multiple points of access regardless of sensitivity. According to Verizon, 81 per cent of breaches in 2017 were due to weak or stolen passwords. By asking for additional factors of authentication, MFA ensures that even if a weak password is compromised, access is still denied.

In this way, MFA also acts as an effective deterrent to malicious actors. Consider, for example, that half a per cent of Azure Active Directory accounts used by Office 365 are compromised every month – that amounts to a yearly total of 600 compromised users at an enterprise composed of 10,000 accounts. Gartner says an organization which adopts MFA can see a figure like this drop 50 per cent by the end of 2020.

Works well with others: the case of Maersk

Large enterprises undergoing digital transformations are investing in cloud-based SaaS providers to help them bridge gaps in their massive tech stacks. Take Maersk of Denmark, for example, the world’s largest shipping empire, who’s ‘cloud-first’ policy means they outsource tasks and services which are not directly tied in with their product.

Rasmus Hald, Head of Cloud Center of Excellence at A. P. Moller – Maersk, told Computer Weekly, “Why in the world would I run an email system in the year 2019? You might have constraints, like legal requirements [that stop you], but if you don’t, why would you have the hassle of running an email service when you can buy great services off the Internet that probably give you a better service than you would every be able to provide yourself? [Our philosophy at Maersk is to] buy other people’s software as a service and then focus our efforts on building great software for our users, [and] for our customers.”

But with more third-party connections come more opportunities for malicious agents to gain access to organizational networks. This is what makes MFA such an important feature to look for when choosing a SaaS partnership. If MFA mechanisms are in-place, then a higher degree of security can help mitigate any authorization vulnerabilities outweighing the benefits of the service provided.

Perimeterless

Digital transformations enable organizations to be available anywhere and anytime to better serve customer bases across the planet. For an organizational leader, this customer-centric digital world is good for business. But for someone in charge of internal organizational IT infrastructure, a fully digital connected cloud-based environment, where sensitive data is flowing, SaaS providers are plugged in and users are mobile, can be a nightmare without help – especially for sensitive processes like authentication.

MFA can help an organization prepare itself for perimeterless cybersecurity postures in a zero-trust world – where every user needs to be vetted before access is granted. Gartner says, as digital organizations continue their digital transformations, they are going to begin relying less on traditional digital security tools, like VPNs, firewalls and hardware, and focus more budget on securing users outside their digital environment. With its ability to authenticate users more accurately according to various digital factors, MFA is going to play an important role in perimeterless security solutions.

By Alex Loo, VP Operations at Echoworx

24 Apr 2020

Spotlight on Email Security

People transitioned to remote work overnight, sending information like bids, intellectual property, medical records and personal customer data all through their emails. Protecting this data is vital.

You’re doing a great job protecting against inbound email attacks (spam, phishing, malware) but what about the email leaving your organization? Here are five of the most important factors to consider when looking for more ways to protect data being sent through emails:

1. Easy to use

Can a person easily send secure email without any extra steps? Sending an email is a behavior all of us do automatically; introducing encryption shouldn’t hinder this process. Likewise, the person receiving it should easily be able to open the encrypted email. Good solutions will take these behaviors into account and keep them quick and efficient. Organizations can easily adopt encryption as long as their workflow doesn’t change.

2. Easy to send

Does the solution support multiple delivery methods? If you’re communicating with other businesses, they may have an encryption method already set up. Your solution should support multiple delivery methods, like TLS, PGP and third party S/MIME to take advantage of this. A good solution should also support delivery methods that make it easy for anybody to pick up messages, through encrypted PDF/ZIP or a secure web and mobile web portal. Enterprise administrators should be able to select the delivery methods that best meet their business needs.

3. Easy to access

As organizations are increasingly adopting cloud based solutions, shouldn’t your encryption decision follow the same strategy? Can the solution run completely in the cloud, so you don’t have to run any software or hardware on premise? Cloud implementations save you deployment time and resources, and allow the encryption solution to grow with the company.

4. Easy to automate

Does the solution allow you to easily set scanning policies to inspect email subject lines, body, attachments, and take action accordingly? You may only want to encrypt emails that contain certain keywords or regular expressions like credit card numbers or other customer information. A good solution will use a robust policy engine to allow you to create and edit policies to determine what should be encrypted and how.

5. Easy to get approval for

Is the solution easy to integrate and manage across the organization? Can it adapt to your changing policy and regulatory requirements without impacting everyone? You can never predict where a security leak will come from. A cost effective solution will be adaptive and scalable to meet a wide spectrum of business requirements; protecting all sensitive information from going out in the clear, not just executives or specific departments.

It’s time we all get serious about securing email.

By Jacob Ginsberg, Senior Director Market Intelligence at Echoworx

15 Apr 2020

Goodbye Algorithms, Hello User Experience

Leading firms are revamping decades-old debt-heavy data protection technologies and processes to provide more productive experiences.

Most email data protection systems use the same encryption algorithms and specs; almost all contemporary email security products feature 2048-bit RSA encryption, 256-bit AES encryption and SHA2 signatures. There’s nothing new about that – it should be a given.

But not all solutions designed to protect data sent though email are easy for everyone to use – and that’s where user experience scores the winning goal.

Data protection only works if we put people first

We recently surveyed IT professionals and IT decision-makers and found that, while email data protection is a priority for most organizations, less than half of organizations with encryption software use it extensively. This often comes down to user-friendliness; it’s nearly impossible to roll-out a security feature that doesn’t integrate seamlessly into existing workflows. When searching for an email data protection solution, carefully consider the processes that come with the product and let a user-friendly secure communications experience differentiate you from the competition.

Keep email protection simple for everyone

Enterprises today are focused on flexible integration and customization – to provide more access across their entire business.

Popular with clients and staff:

  • Smooth and simple to use – Customers and employees tend to take the path of least resistance. Look for a secure communications system which makes protecting data in transit the path of least resistance. A recent case study by Echoworx, for example, enabled a U.K. bank to instantaneously reach its entire mortgage customer base during a time-sensitive emergency without changing the light look and feel of their regular customer communications. Communications could be sent via email as per usual, but with any sensitive information being packaged into protected secure encrypted attachments.
  • Customizable preferences – For international organizations, excellent customer experience includes on-brand communications in your client’s preferred language. Did you know that 79 per cent of people take less than 30 seconds to evaluate the safety of an email? This means off-brand but legitimate secure emails from your company can easily be categorized as spam, decreasing your organization’s digital trustworthiness. Even the most-secure communications should allow you to set language policies to automatically apply to secure communications based on sender, brand, locale and receiver attributes.
  • More ways to send secure email – Not every business use case is the same, so you need to ensure your email data protection solution if flexible enough to adapt to different conditions. While TLS remains a primary secure method of protecting data in transit, for example, what if a TLS connection is not available? In addition to providing fallback options, ensuring no sensitive message goes undeliverable or, worse, is sent in the clear, having access to multiple secure delivery methods gives more choice to both senders and recipients in how they choose to communicate with one another.

 

Popular with administrators and support:

  • More control over email security – Definable policies control which communications get protected (and how) based on message content. This is set up during implementation of an email data protection system—based on your needs and best practices—to be triggered by common message attributes, like subject, keywords, message type or recipient domains, for examples. Flexible controls for every scenario allow you to create a customized user experience for senders and recipients and stay in control of encrypted messages in transit and at rest.
  • Recall sensitive email – Whether a recipient is compromised, or a secure message is sent to an incorrect address, the ability to recall an email containing sensitive information is an important feature of any best-in-class email data protection system. Recipients should also be given the option to reply in a secure manner to any encrypted message.
  • Prevent unauthorized access Modern non-invasive Two Factor Authentication (2FA) options can accurately verify the identity of users before they are granted access to secure information. For access to a secure message portal, for example, a user can be required to provide a Time-Based One-Time Password (TOTP) – a random single-use, time-stamped soft token issued from a third-party SaaS app installed on a user’s phone – in addition to a username and password before access is granted.
  • Send unlimited email – For large enterprise organizations, numbers of recipients for mass communications pushed to customer bases can be in the millions. When the contents of these messages contain sensitive information which must be protected, like a bank statement, existing communications infrastructure needs to be able to scale to sudden bursts in activity without being overwhelmed.
  • Get full value on investment – With the right secure communications solution, your organization can provide a user-friendly experience—and save money. For example, a recent Forrester study, revealed that a typical enterprise-level organization using Echoworx’s OneWorld email data protection platform can expect an ROI of 155 per cent—with upwards of $2.7M in cost-mitigating benefits and a payback period of seven months.
  • Increase organizational use – According to Echoworx data, despite over half of IT professionals and decision-makers identifying email data protection as very important, even critical, to their organizations, only 40 per cent of the same group are using encryption technology extensively. When working with a third-party SaaS provider, you gain access to their team of experts and, paired with a simple interface and clear instructions, this can mean a streamlined UX – meaning less calls to your help desk and more successful and widespread implementation.

 

Offer email protection to everyone

While access to secure lines of communications is essential for any business, the reasons for email data protection vary. Verizon’s 2019 Data Breach Investigations Report[1] breaks down security incidents by industry, size and concerns. Here are a few takeaways:

  • Financial services and insurance – Use MFA, including 2FA or the European Central Bank (ECB)’s ‘Strong Authentication,’ for all customer-facing applications, train your employees on how to risky exchanges of sensitive data and set up secure communication controls to reduce the risk of insider threats and other communications-related vulnerabilities.
  • Healthcare –Ensure healthcare staff can safely send and receive sensitive documents containing patient information, which is protected under regulations like the Health Insurance Portability and Accountability Act (HIPPA).
  • Manufacturing – From sensitive data changing hands during an M&A deal to communicating personal details with customers to something as simple as exchanging trade secrets with a trusted partner, there are many instances where manufacturing organizations should be leveraging email data protection solutions.

It’s now a given that every industry has data it needs to protect. But how this data is communicated safely – packaged, sent and received – determines the experience for everyone.

In the end: People want safe communications, not usable cryptographic algorithms.

By Michael Roberts, VP Technology at Echoworx

[1] https://enterprise.verizon.com/resources/reports/dbir/

22 Nov 2019

Still Selling ‘Risk Acceptance’ to Your Customers?

As organizations continue their digital migrations, the list of cyber-threats, risks and vulnerabilities grows exponentially. From a more connected workplace to new laws and regulations governing privacy and data protection, keeping up on our ever-expanding digital world can be challenging and expensive.

One method to confront cyber-risk is to adopt a laissez-faire risk acceptance approach – where the costs of prevention seemingly outweigh the consequences of doing nothing at all. In this scenario, a bank or business takes a gamble that a cyber-security incident won’t happen or that they can just pay a nominal one-time fee if it does. In other words: Instead of protecting customer data, investing in streamlined cybersecurity solutions or sealing off a vulnerability, an organization simply opts to leave the door open with the hope that no one comes knocking.

The economics of risk acceptance in cybersecurity

Is risk acceptance the most-economical mindset in the short run? Assuming an organization is not the target of a particularly devastating attack, they might come out unscathed from the initial breach, with nominal fines or nothing at all. For example, if a cybersecurity solution is going to cost $250,000 to protect a $50,000 problem – it might not make initial sense to invest. But when you factor in brand damage, changes in regulations, emerging technology, and subsequent fines and class action lawsuits there are different angles to consider – especially when something big hits.

During the 2017 Equifax acquisition, for example, when a massive breach compromised the personal information of over 140M Americans, or nearly half the country, the Equifax brand suffered irreparable damage and has been ordered to pay up to $700M in fines. This all stemmed from their “failure to take reasonable steps to secure their network.” This breach is one of the worst to ever have happened in the US and, with 13 major breaches affecting mergers and acquisitions deals between 2014 and 2018, it was hardly the only one.

Do you think it was worth it? We don’t.

Customers won’t buy risk acceptance

Issues of brand damage come to the forefront of any risk acceptance plan once a breach occurs – regardless of size. Any customer-centric organization worth its salt knows that customers care about their personal data and do not reward businesses who do not value it enough to protect it. In fact, according to Echoworx data, 80 per cent of customers consider leaving a brand after a breach.

In a nutshell: You can’t afford to sell risk acceptance to your customers.

Instead of gambling with customer data, a true proactive choice involves taking every precaution to protect them with risk-mitigating defenses. Since digital trust and loyalty of customers is rooted in user experience and demonstrated brand assurance of safety, you need to offer flexible and streamlined cybersecurity solutions that work.

With our OneWorld encryption platform, for example, you can protect customer data in transit without affecting customer experience. With support for 22 languages, multiple branding options and configurable sets of encryption policies, our streamlined encryption experience ensures nothing is left to chance – including your customers.

Start selling risk mitigating encryption now.

Risk acceptance doesn’t cut it across borders

If you are an international brand, with offices all around the world, you might be boxed out of local markets if you can’t protect your customers. But investing in the bare minimum isn’t good enough either. In order to comply with different privacy jurisdictions, avoiding the potential for hammering fines or being excluded from a market completely, an organization needs to invest in flexible, streamlined and easy-to-understand proactive cybersecurity solutions.

Picture this scenario, for example: You are an organization based in the US which does business in the EU and is looking to break into APEC. From Europe’s General Data Protection Regulation (GDPR) to South Korea’s Personal Information Protection Act (PIPA) to California’s Consumer Privacy Act (CCPA) closer to home, for examples, you are now navigating a whole patchwork of privacy laws. How do you exchange your daily flow of sensitive data between offices?

Until recently, a company might be able to fly under the regulatory radar without encrypting sensitive communications. But more severe interpretations of these laws, like those regarding the GDPR in Denmark, now mean you can’t legally do business in some of these countries without an encryption solution flexible enough to accommodate different jurisdictional demands. That throws a pretty major wrench in any international business plan.

Enable your cross-border communications now.

Risk acceptance jeopardizes your digital future

As the saying goes: Ignoring the problem doesn’t make it go away. In the case of cybersecurity, inadequate investment in data-protecting technology can make current vulnerabilities larger, as business grows, or render an organization unable to adequately deal with future issues. And, in the case of mergers and acquisitions, not being flexible enough or set up to move with the technological tide can stall, cancel or, at the very least, lower the value of the deal.

In other words: In a world of every-changing regulations, which are not going away, and new technology, which demands flexibility, if you adopt a culture of risk acceptance, you risk being left in the dust.

As a cloud-based Software-as-a-Service (SaaS) provider, Echoworx provides flexible solutions for organizations looking to update legacy message encryption technology. Many organizations, for example, need to reduce the complexity of their existing legacy solutions, like a legacy PGP system, into a single consolidated cloud-based platform. As a fully managed, infinitely scalable and geo-redundant encryption solution, our OneWorld encryption platform helps organizations get up to speed with secure communications and be prepared for whatever changes are around the corner.

Upgrade your legacy encryption system to the cloud now.

Risk mitigation is simple – yet effective

Investing in comprehensive data-protecting cybersecurity solutions for risk mitigation, as opposed to acceptance, is not a compromise for today’s customer – it’s an expectation. They expect airtight security for their valuable personal data – something they can get with or without your brand. The solution is easy: you don’t gamble with them; you protect them before something happens.

Protecting your secure communications with encryption is an effective way to ensure data in transit stays safe, you can easily adapt to new regulations and you can protect your own valuable company data and secrets. As a tool of risk mitigation, applying encryption to sensitive messages means you do not take chances when it comes to the safety of your data. This is an integral keystone of any merger or acquisition process – something that can affect the ultimate value of your deal.

A path to secure communications with OneWorld

Our OneWorld encryption platform is an important risk-mitigating addition to any customer-centric cybersecurity suite. With multiple flexible delivery methods, available in 22 languages, full reporting and with extensive options to support multiple brands, OneWorld assures your customers that you do indeed value their business and data at every point of their customer journey. And its streamlined user-friendly interface and definable customizable set of encryption policies ensures data protection occupies a central part of any organizational business policy.

Protect your communications now.

By Nicholas Sawarna, Sr. Content Marketing Specialist, Echoworx

13 Sep 2019
encryption for group collaboration

Mum’s the Word: Encryption for Group Collaboration

The digital world has opened the seas of technology and revolutionized the way in which we conduct business and serve customers. At the click of a mouse we may apply for mortgages, receive a bank loan or read financial statements. The flow of information has never been more streamlined and customer-centric than it is today.

But what happens when the trappings of contemporary technology outpace our ability to control it?

While your customers embrace the instantaneous nature offered by digital communications, a whole minefield of international privacy regulations, like the EU’s General Data Protection Regulation, demand data protection at every step of the way – privacy by design and privacy in practice.

For those operating in highly regulated business environments, like finance, banking or insurance, these contradictory market demands, dictating an excellent user experience with one hand but airtight algorithms with the other, can disrupt workflow, lead to delays and, ultimately, cause a loss in customer base. Not ideal.

Offering streamlined flexible encryption solutions are one puzzle piece of a greater solution. Without effective secure communication between your staff, their clients and their customers, your organization risks being cut off from the digital world. Here are some ways you can leverage encryption to put your customers first and your brand at the forefront – without interrupting your frictionless collaborative work environment:

  1. Keeping secure communications secure

According to Echoworx data, 80 per cent of customers consider leaving a brand after a breach. Despite this, 69 per cent of customers do not think organizations do enough to protect their data. In a nutshell: You cannot afford to have bad data practices when it comes to exchanging personal data of your customers – even internally.

With five flexible secure methods to send encrypted messages, Echoworx’s OneWorld ensures no sensitive correspondence goes out in the clear. Depending where your colleagues are located, for example, they might favour a more mobile-friendly method of encrypted communication – like sending via secure web portal.

Learn more about OneWorld’s different secure delivery methods.

  1. Offering a consistent user experience

Do your employees work primarily via their mobile devices? Are TLS connections available with your clients? Do your encrypted messages need to be available at-rest for offline working environments? How tech-savvy are your users – both internal and external?

Questions like the above can help you determine an encryption solution which works for your organizational work environment. According to Echoworx research, over half of IT professionals and decision-makers value encryption technology as very important – and yet just 40 per cent say their organizations employ data privacy technology extensively. These figures suggest their current cybersecurity solutions are not applicable to their encryption needs or perhaps offer a poor user experience.

With OneWorld you can make encryption your path of least resistance for your organization. With multiple flexible ways in which to send an encrypted message, and different ways to read and interact with it, you can streamline your collaborative workflow regardless of where users are located.

Learn more about choosing an encryption delivery method which works.

  1. Faster turnaround on important documents

From onboarding a new client to putting something out for deadline, the business world doesn’t forgive cumbersome time-consuming processes. If an important document takes too long, the process is confusing or a deadline is missed, you might lose a customer or, at the very least, make a bad digital impression. The right type of secure document delivery can eliminate these types of snags in favour of a frictionless business process.

In addition to its other flexible delivery methods, OneWorld features the ability to append password-protected encrypted attachments to otherwise normal digital correspondences. This not only allows users to work on a document in its native format, but also eliminates the need for an entire messages to be encrypted. This can improve turnaround on important sensitive documents and streamline collaborative working environments as digital messages can be exchanged in real time.

Learn more about our other secure encryption delivery methods.

  1. Stay compliant, avoid the fines

At the end of the day, the whole point of adopting an encryption strategy is to beef up cyber-defences and avoid costly non-compliance fines. If your organization does not offer a flexible, frictionless and seamless encryption experience, your customers and clients won’t like it and your employees won’t use it. For a collaborative work environment, this presents considerable internal risk for even the most mundane day-to-day workflow.

Learn more about choosing an encryption method which works.

  1. Natural extensions to existing email infrastructure

Our OneWorld encryption platform works seamlessly with existing email infrastructure, like Microsoft Office 365, to offer additional secure delivery methods. These additional options for sending encrypted communications perfectly compliment Office 365 to take your encryption strategy to the next level. From OneWorld’s ability to brand encrypted messages to something as simple, and useful, as being able to track message progress via detailed reports to additional password options, OneWorld helps your organization enhance user experience, add more security and increase work productivity.

Learn more about OneWorld’s natural extensions for OME.

By Michael Roberts, VP Technology at Echoworx

02 Jul 2019
Five reasons encryption is essential for healthcare organizations undergoing digital transformation:

Facing the Fax: Why Healthcare is Still Offline

Since the business world entered Industry 4.0, organizations have scrambled to digitize physical assets and integrate them into digital ecosystems. Today, we’ll talk about why healthcare organizations are so far behind when it comes to all-things-digital and how a user-friendly and flexible encryption solution can ease the transition to Industry 4.0.

Why healthcare organizations are slow to adopt digital solutions

Even though electronic healthcare records are becoming increasingly common, there are still many healthcare organizations that rely on fax and paper records to do business.

The common barriers to going digital are:

  • Limited IT resources – Healthcare organizations are dealing with stagnant or declining IT budgets and don’t typically have enough skilled IT security practitioners to keep up with day-to-day demands, let alone enormous digitization projects.
  • Daunting privacy regulations – From the Health Insurance Portability and Accountability Act (HIPAA) to the General Data Protection Regulation (GDPR), healthcare data is heavily regulated. Healthcare organizations may think it’s easier to stay compliant by keeping patient records tucked into filing cabinets but that’s simply not true.
  • Fear of privacy breaches – With so many horror stories in the news about data breaches, healthcare organizations are keenly aware of the risks of going digital. Especially because the average cost per breached record is $380 in healthcare—more than double the cross-industry average.

These barriers are real, but they represent the cost of doing business instead of something that can be avoided – or something that can be an advantage. There’s no turning back from digitization in business, including in healthcare.

Three reasons for healthcare organizations to go digital sooner than later:

  • Increased user demand – Healthcare organizations serve millennials and baby boomers who now have technology in common. Millennials grew up with it and boomers begrudgingly learned to master the technology they now consider indispensable. Clunky, paper-based reports and systems are nearing extinction in the on-demand world people now expect.
  • The digital ecosystem is no longer optional – Industry 4.0 is digitizing and connecting everything in the supply chain and healthcare organizations can either join in or be left out. Except healthcare organizations don’t operate in a vacuum because they need to communicate with hospitals, labs, insurance agencies and business associates. At some point, it will no longer be possible to operate outside of this digital ecosystem so why not plan for a smooth digital transformation now rather than rush at the last minute?
  • Reduce churn by increasing digital trust – The Ponemon Institute’s 2017 Cost of Data Breach Study found that health organizations experience a relatively high abnormal churn rate. They also found that when organizations cultivate customer trust around how personal data is protected, churn is reduced.

It’s time for healthcare organizations to embrace Industry 4.0—starting with encryption.

Five reasons encryption is essential for healthcare organizations undergoing digital transformation:

  • Protects patient data even if other organizations don’t – Encryption keeps your electronic health records secure on your network and while they’re in transit to and from your organization. For example, if you receive unencrypted personal information via email, Echoworx’s One World encryption platform automatically reroutes this sensitive incoming data to an encrypted web portal. This is one way encryption builds digital trust.
  • Provides flexible delivery methods – Choosing a user-friendly encryption solution with flexible delivery methods allows healthcare organizations to handle multiple business scenarios. This means patient data stays protected whether it’s delivered through secure PDF, web portal access, TLS and encrypted attachments or S/MIME and PGP.
  • Makes it easy for staff to protect patient data – Unfortunately, healthcare has more breaches due to insider threats than outside malicious agents. Accidental disclosure of personal information happens because of mistakes or when staff bypass a clunky security protocol. Implementing a user-friendly encryption solution with definable policies that control which communications require encryption (and what delivery method to use) greatly reduces the risk of these inadvertent disclosures.
  • Simplifies compliance – These same definable policies simplify compliance processes and keep healthcare organizations on the right side of privacy regulations. This is useful since HIPPA fines are becoming substantial; in 2018, Anthem Insurance was fined $16M after a 2015 privacy breach.
  • Delivers a substantial return on investment – A recent Forrester Total Economic Impact™ study found that a typical enterprise-level organization using Echoworx’s OneWorld encryption platform can accelerate the adoption of digital document delivery, save $1 per paper document delivered digitally instead of through the postal system and accumulate a three-year cost savings of $1.5M. The same study indicated that organizations adopting Echoworx’s OneWorld encryption platform can expect a return on investment of 155% and a payback period of seven months. Get the full Forrester Total Economic Impact™ study of OneWorld now.

Healthcare organizations operating in the fax and paper world are using systems that are on borrowed time. There’s a better way and that starts with finding the right encryption solution to fuel your healthcare organization’s digital transformation.

Learn more about how encryption can help you get there.

By Steve Davis, Director Products, Echoworx

21 Jun 2019

Encryption in Healthcare Recruitment: Gain an Edge in Your Headhunting

Whether it be higher pay, tax-free incentives or just a chance to see the world, lures for healthcare professionals to relocate internationally are as numerous as they are attractive. And, from nurses to doctors to medical technicians to a whole plethora of crucial background staff, international hospitals and medical organizations require massive amounts of skilled workers to ensure their operations run smooth.

But getting, connecting and sending healthcare professionals overseas is a delicate, personal and often time-sensitive operation with many moving parts – where effective secure communication plays a central role. And, given the international nature of this industry, with its minefield of privacy rules and regulations, combined with massive amounts of sensitive personal data, there is no room for error.

Many recruitment agencies still rely on fax (or snail mail) – a trend even more prominent in the healthcare sector. This can lead to delays, clunky user experiences and, ultimately, applicant drop-offs due to time-constraints or on-boarding processes which ask too much of candidates.

Here are some ways your healthcare recruitment organization can streamline its recruitment processes using secure encrypted lines of communication:

1) Remove the bumf from digital onboarding

Healthcare recruitment organizations are head-hunting experts – dealing with startling amounts of personal data. Depending on where a recruiting hospital or medical organization is located, a candidate might be required to show sensitive health records for visa applications or they might be required to undergo extensive criminal background checks, for examples. Most job application packs also require original scans of education credentials, medical licenses and passports. All this information makes its way to a recruiting hospital or healthcare organization through a recruitment agency or direct from the candidate – with the potential to cross international privacy jurisdictions along the way.

To avoid bureaucratic headaches, missing application deadlines or just to remove unnecessary back-and-forth bumf, a recruiting party can leverage the power of a flexible encryption solution. From the ability to exchange Secure PDFs to enabling secure TLS connections for instantaneous secure communication, there are different ways this can be for a frictionless digital experience– making paper processes a thing of the past.

Take your onboarding processes digital with these secure encryption delivery methods.

2) Maintain your digital brand

Healthcare recruitment is a highly competitive industry, where timing is everything and other options exist for applicants wanting to get the job. But sometimes a combination of speed and strong security can come at the detriment of the applicant – leading to confusion, spam-looking messages and a poor user experience.

With our OneWorld encryption platform, your brand can leverage airtight encryption without losing a full-branded experience. This allows candidates to send their supporting documents to your healthcare recruitment organization without becoming confused, worrying about spam or doubting your ability to protect their sensitive data.

See how large enterprise-level organizations are sending full-branded encrypted messages.

3) Maintain compliance with digital privacy regulations

Whether recruiting candidates, sending their personal data overseas or even keeping sensitive data on your servers, rules regarding privacy, and the jurisdictional laws which apply to it, need to be observed. The brand damage of mishandling candidate information isn’t worth it, and you can’t afford the sharp-toothed fines which are dished out for not respecting the rules.

Take the EU’s General Data Protection Regulation (GDPR), for example. This overarching set of privacy rules, which apply to all EU countries, also applies to all their citizens – regardless of where they reside. This means that a travel nurse from San Diego, who happens to be a German citizen, for example, applying to a nursing job in Toronto is technically protected under GDPR jurisdiction – and armed with its sharp-toothed fines.

But hiding under an offline rock isn’t going to make it all go away! Implementing proactive cybersecurity measures, like applying encryption to sensitive digital communications, allows healthcare recruiters to leverage the real-time convenience of digital communication while staying compliant with privacy regulations – zero fax given.

Here are some of the flexible ways you can send secure messages with encryption.

4) Build digital trust with healthcare candidates

Healthcare recruiters are quite literally dealing with humans – so why wouldn’t you want candidates to trust you with their information? Regulatory-compliance aside, protecting personal information is just good customer service – and maintaining digital trust is the new currency of business online. You need it, they need it – we all need it.

So why take chances with your candidates’ most valued personal info? With other healthcare recruitment options in abundance, including options to apply directly to hiring hospitals and medical organizations, you simply cannot afford to lose the faith of your candidates. And starting to build digital trust with your candidates starts with showing you care about them – by investing in proactive cybersecurity solutions, like encryption, which protects their personal data.

See how encryption can help build digital trust with your candidates.

5) The future of healthcare is digital

From exchanging Electronic Healthcare Records between hospitals to something as simple as booking a doctor’s appointment online, healthcare is slowly uploading to a digital environment. The UK’s National Health Service (NHS), for example, recently announced an organization-wide ban on fax machines – meaning no more business done by fax in the near-future. You need to be ready for a new digital age in healthcare or you risk being left out of the conversation.

Learn more about the flexible ways you can securely send applicant documents with encryption.

By Nicholas Sawarna, Sr. Content Marketing Specialist, Echoworx

07 Jun 2019

Holy Ship! Why Digital Transformation is Taking the Shipping Industry by Storm

In Medieval Italy, sea merchants invented the bill of lading to confirm receipt of all goods in a shipment. Hundreds of years later, many international shipping firms still rely on paper bills of lading for this same purpose. But paper-based transactions are falling out of favour in shipping, especially with shipping and logistics start-ups coming onto the scene as digital natives. Today, we want to talk about why digital transformation is taking the shipping industry by storm and the risk and rewards that come with it.

 

Four reasons the shipping industry is ripe for digital transformation

 

  1. Paper-based processes are slow – From bills of lading and paying at-sea employees to ship certificates required by the International Maritime Organization, running ships as big as the Empire State Building on paper processes just isn’t efficient. According to a recent article by The Economist, Maersk found that processing one shipment of avocados from India to the Netherlands involved 200 communications across 30 parties! In an era when shipping companies support consumers’ same-day delivery expectations, it’s essential to save time in port and at sea. This means moving away from fax, paper and telephone communications and moving towards digital systems and processes.

 

  1. Industry 4.0 is transforming the supply chain – Industry 4.0—also known as the fourth industrial revolution—is bringing automation, data and the internet of things to the global supply chain. For this to work effectively, all players must be connected to the digital supply chain. As digitization becomes business as usual across the supply chain, shipping companies that can’t connect to this global infrastructure will be left behind.

 

  1. There’s increasing pressure on profit margins – Low vessel utilization rates continue to put financial strain on shipping companies. Implementing digitized operations reduce costs by optimizing shipping capacity and routes.

 

  1. Digital trade-finance platforms are growing – Governments, banks and insurers are working together to create digital trade-finance platforms to digitize trade and financing activities for importers and exporters. This will lower costs and reduce risk of double financing and fraud. Greater adoption of digital trade finance platforms—such as Marco Polo and we.trade—puts pressure on shipping companies to go digital.

 

Cybersecurity risk in the shipping industry

 

In 2017, the UK shipping company, Clarkson PLC, fell victim to a massive cyberattack orchestrated through a single compromised user account, which provided access for hackers to a vast trove of sensitive customer details. It goes without saying that with increased digitization comes the increased risk of cybersecurity attacks, data breaches and insider threats. Instead of shying away from digital transformation, shipping companies must simply embrace the cybersecurity risk management and staff education that comes with it. It’s also essential to get the help they need to integrate secure digital processes, communications and a user-friendly encryption solution into their businesses.

The rewards of digital transformation in the shipping industry

 

Undergoing digital transformation in shipping reduces errors, improves customer satisfaction and trust through increased logistics transparency, speeds up formerly manual processes and increases connectivity for crew and off-ship asset management personnel. Of course, we strongly recommend building privacy by design into any digital transformation projects, including a flexible encryption solution that protects all ship to shore communications (and vice versa).

And while there are costs associated with digital transformation, enterprise-level organizations can recoup some of these costs with a proven encryption solution. For example, a recent Forrester Total Economic Impact™ study, revealed that a typical enterprise-level organization using Echoworx’s OneWorld encryption platform can expect an ROI of 155 per cent—with upwards of $2.7M in cost-mitigating benefits. This same study showed that using the OneWorld platform to replace on-premises legacy encryption solutions meant organizations could save the full software cost of previous solutions and avoid other legacy-related costs for a three-year savings of $793K.

Get the full Forrester Total Economic Impact™ study of OneWorld now.

With encryption as part of your digital transformation project, you can also assure your customers that their goods and containers have more protection than a 15th century Venetian piece of paper can offer.

At Echoworx, encryption is all we do. Our OneWorld encryption platform and cloud security services are a natural extension to existing security programs and offer a wide range of flexible options for secure message delivery. You can learn more about the ROI of Echoworx OneWorld encryption here.

By: Kevin Foxton, Technical Operations and Security Team Lead, Echoworx