Category: Information Security

10 Jul 2019
presenting to the board

Is Your Company Board of Directors On-Board with Cybersecurity?

Cybersecurity is no longer just an IT issue. Cybersecurity is no longer measured by who has a taller firewall. Cybersecurity is no longer an out-of-the-box one-size-fits-all installable solution. Instead, cybersecurity is now a complex mosaic of solutions, ideas and mindsets which permeates throughout the entire organizational structure of a company – from warehouse to boardroom.

So, at the end of the day, who is responsible for instigating organization-wide cybersecurity initiatives?

While C-suite executives, from CEO to CISO, might be responsible for spurring action toward shoring cyber-defences, an IT department is generally responsible for the implementation and maintenance of new security solutions with existing infrastructure. But, at the end of the day, it is the organizational board of directors who need to be won over. This carefully selected group of individuals, chosen to reflect the interests of company stakeholders in overseeing organizational management, are who even a CEO must answer to – including on issues concerning budget.

For a CISO intent on spending more on cybersecurity solutions, convincing their board of directors can be difficult. And, due to the intangible nature of cybersecurity, with no visible physical benefits, at least initially, emphasizing the importance of investing in said technology is paramount.

Here are some simple probing informational conversations you need to have to convince your board of directors to pay attention to cybersecurity solutions:

  1. How much does your board of directors know about cybersecurity?

Before you launch into the meat and potatoes of your cybersecurity proposal, you need to gage how deep the knowledge base of your board of directors is when comes to this subject matter. Unless they have clear backgrounds in technology or security, it is unlikely they have a deep understanding of how exactly cybersecurity works.

You need to explain what cybersecurity is, in layman’s terms, why it is important and why cybersecurity is no longer just an IT problem – but rather one of organization-wide significance. You might consider throwing out some statistics regarding the negative impact of a data breach – like last year’s massive data breach affecting the healthcare system of the Canadian province of Ontario, for example, which saw the theft of 80,000 unencrypted electronic health records.

Learn about making a business case for encryption here.

  1. How accountable is your board of directors for data protection?

When a data breach occurs within an organization, its devasting effects are felt company-wide – including at the board-level. Aside from the potential for soul-crushing fines from regulatory bodies, like those dished out to violators of the EU’s General Data Protection Regulation (GDPR), for example, mishandling personal data hurts a brand as a whole – with Echoworx data showing 80 per cent of customers consider leaving a brand after a breach.

As the directors of organizational tack, brand reputation is a crucial focus for boards aiming for business success. Investing in cybersecurity solutions, like encryption for communications, is an important step to preserving brand – with some solutions, like encryption, even mandatory to conduct business in some parts of the world.

  1. Emphasizing the monetary advantages of cybersecurity investment

From regulatory fines to brand damage to just cleaning up the mess, data breaches can be like termites into an organization’s finances. Investing in cybersecurity solutions insulates your organization from the detrimental effects both before and after malicious cyber-events – and can even help save money in other supplementary categories.

Take our OneWorld encryption platform, for example. According to a recent Total Economic Impact™ study from Forrester Research, OneWorld shows a return on investment (ROI) of 155 per cent – and upwards of $2.7M in cost-mitigating benefits. These cost-mitigating benefits do not account for the hundreds of thousands (or even millions) of dollars saved by the risk-mitigating features of this flexible encryption platform – offering five different ways to communicate securely with your customer base.

Get the full TEI study of OneWorld by Forrester Research here.

  1. How important is digital trust?

Every business wants their customers to trust them – a trend which transcends the digital world. But gaining digital trust online is different from doing so at brick-and-mortar stores. Unlike their offline counterparts, where brand trust is gained over years (and even generations), digital trust is fairly easy to get. But digital trust is even easier to lose – and impossible to get back.

So a board of directors needs to understand the brand value of protecting customer data as a tool for building digital trust. Nobody wants to work with a company which doesn’t protect their data. And cybersecurity investment is an excellent marketing tool for reassuring customers that your brand does. In today’s customer-centric world, with so many other options online, you simply can’t afford not to put your customers first – and your board needs to understand that.

Learn more about building digital trust with encryption.

By Michael Roberts, VP Technology at Echoworx

26 Jun 2019

Keeping Electronic Healthcare Records Safe in Transit

Electronic healthcare records aren’t stationary documents that remain protected behind a single wall of defence. They travel between healthcare organizations and third-party business associates frequently and each journey carries the risk of security breaches. Today we’ll talk about the type of personal data exchanged in healthcare and how encryption helps keep that data secure.

Personal data exchanged in healthcare

Electronic healthcare records are a treasure trove of sensitive personal information including:

  • Medical history, medications and immunizations.
  • Diagnoses and treatment recommendations.
  • Lab reports including radiology images and test results.

 

To create a unified electronic health record takes collaboration between multiple parties. This means medical information—including colonoscopy test results—is in transit more than you think and probably more than you are comfortable with.

Electronic healthcare records travel between these organizations in various routes:

  • Hospitals.
  • General practitioners.
  • Specialists.
  • Laboratories.
  • Clinics.
  • Insurance agencies.
  • Homecare agencies.
  • Third-party business associates including companies that process claims, administer benefits, transcribe medical reports, store and dispose of documents, etc.

 

The cost of unprotected digital patient records

Unprotected electronic health records—in transit and otherwise—are a costly disaster waiting to happen. The personal data found in patient records is valuable to nefarious agents—so valuable that breaches are common and costly in healthcare. And the more records that are breached, the more the breach costs. Data breaches cost on average $141 per breached record—except in healthcare where the average cost per breached record is $380.

As you saw from the list above, many organizations receive and send digital patient records as part of business processes. In the summer of 2018, for example, CarePartners, a homecare company and business associate of the Ontario government was hacked, and 80,000 patient records were affected. To add insult to injury, the hackers told the CBC that the data they stole wasn’t even encrypted!

Too many electronic health records are at risk because healthcare organizations are dealing with stagnant or declining IT budgets year-over-year. But deprioritizing cybersecurity is short-sighted because the average cost for a ransomware incident is $76,000 and the average hacking breach costs $2.4M.

But research indicates that implementing an organization-wide encryption solution is a cost-saving initiative. For example, the Ponemon Institute’s 2017 Cost of Data Breach Study suggests that the top three factors that reduce the potential cost of data breaches are having an incidence response team, using encryption extensively and training employees. Additionally, a recent Total Economic Impact™ study conducted by Forrester Research revealed that organizations which adopt Echoworx’s OneWorld encryption platform can expect a return on investment of 155 per cent and a payback period of just seven months.

Get the full Forrester Total Economic Impact™ study of OneWorld now.

How encryption protects electronic health records in transit

To protect the private data in digital patient records in transit, encryption is essential. We recommend implementing a flexible and user-friendly encryption solution – like Echoworx’s OneWorld platform which employs up to five secure encryption delivery methods.

Four ways encryption protects your electronic health records in transit:

  1. Multiple flexible delivery methods – Not every healthcare organization will have the same cybersecurity measures in place so your encryption platform must be able to handle multiple business scenarios. These include Secure PDF (e.g., secure record delivery) and web portal access, TLS and encrypted attachments and support for S/MIME and PGP.

 

  1. Inbound encryption – When organizations accept inbound emails without encryption, the information is stored in clear text on their network or not accepted at all. Inbound encryption allows organizations to automatically reroute sensitive incoming data to an encrypted web portal.   

 

  1. Secure Bulk Mail (SBM) – This functionality automates the process of emailing mass personalized documents securely. In 2017, the British National Health Service lost 900,000 patient letters—including test results from physicians—which might not have happened if a SBM solution was in place.

 

  1. Privacy by design – When your encryption platform includes definable policies to control which communications require encryption and how they’re sent, it relieves busy healthcare administrators of the burden of making security decisions while processing patient records. This encryption solution also means organizations stay compliant with regulations like the US’ Health Insurance Portability and Accountability Act (HIPAA), the US’ Health Information Technology for Economic and Clinical Health Act (HITECH) and the EU’s General Data Protection Regulation (GDPR).

 

Healthcare organizations have an obligation to protect sensitive patient information in electronic healthcare records in three scenarios: when the personal data is on their network, leaving their network and arriving at their network. When healthcare organizations implement a flexible and user-friendly encryption solution, they protect this personal data across all three scenarios. Isn’t it time for your healthcare organization to get encrypted?

By Alex Loo, VP Operations, Echoworx

21 Jun 2019

Encryption in Healthcare Recruitment: Gain an Edge in Your Headhunting

Whether it be higher pay, tax-free incentives or just a chance to see the world, lures for healthcare professionals to relocate internationally are as numerous as they are attractive. And, from nurses to doctors to medical technicians to a whole plethora of crucial background staff, international hospitals and medical organizations require massive amounts of skilled workers to ensure their operations run smooth.

But getting, connecting and sending healthcare professionals overseas is a delicate, personal and often time-sensitive operation with many moving parts – where effective secure communication plays a central role. And, given the international nature of this industry, with its minefield of privacy rules and regulations, combined with massive amounts of sensitive personal data, there is no room for error.

Many recruitment agencies still rely on fax (or snail mail) – a trend even more prominent in the healthcare sector. This can lead to delays, clunky user experiences and, ultimately, applicant drop-offs due to time-constraints or on-boarding processes which ask too much of candidates.

Here are some ways your healthcare recruitment organization can streamline its recruitment processes using secure encrypted lines of communication:

1) Remove the bumf from digital onboarding

Healthcare recruitment organizations are head-hunting experts – dealing with startling amounts of personal data. Depending on where a recruiting hospital or medical organization is located, a candidate might be required to show sensitive health records for visa applications or they might be required to undergo extensive criminal background checks, for examples. Most job application packs also require original scans of education credentials, medical licenses and passports. All this information makes its way to a recruiting hospital or healthcare organization through a recruitment agency or direct from the candidate – with the potential to cross international privacy jurisdictions along the way.

To avoid bureaucratic headaches, missing application deadlines or just to remove unnecessary back-and-forth bumf, a recruiting party can leverage the power of a flexible encryption solution. From the ability to exchange Secure PDFs to enabling secure TLS connections for instantaneous secure communication, there are different ways this can be for a frictionless digital experience– making paper processes a thing of the past.

Take your onboarding processes digital with these secure encryption delivery methods.

2) Maintain your digital brand

Healthcare recruitment is a highly competitive industry, where timing is everything and other options exist for applicants wanting to get the job. But sometimes a combination of speed and strong security can come at the detriment of the applicant – leading to confusion, spam-looking messages and a poor user experience.

With our OneWorld encryption platform, your brand can leverage airtight encryption without losing a full-branded experience. This allows candidates to send their supporting documents to your healthcare recruitment organization without becoming confused, worrying about spam or doubting your ability to protect their sensitive data.

See how large enterprise-level organizations are sending full-branded encrypted messages.

3) Maintain compliance with digital privacy regulations

Whether recruiting candidates, sending their personal data overseas or even keeping sensitive data on your servers, rules regarding privacy, and the jurisdictional laws which apply to it, need to be observed. The brand damage of mishandling candidate information isn’t worth it, and you can’t afford the sharp-toothed fines which are dished out for not respecting the rules.

Take the EU’s General Data Protection Regulation (GDPR), for example. This overarching set of privacy rules, which apply to all EU countries, also applies to all their citizens – regardless of where they reside. This means that a travel nurse from San Diego, who happens to be a German citizen, for example, applying to a nursing job in Toronto is technically protected under GDPR jurisdiction – and armed with its sharp-toothed fines.

But hiding under an offline rock isn’t going to make it all go away! Implementing proactive cybersecurity measures, like applying encryption to sensitive digital communications, allows healthcare recruiters to leverage the real-time convenience of digital communication while staying compliant with privacy regulations – zero fax given.

Here are some of the flexible ways you can send secure messages with encryption.

4) Build digital trust with healthcare candidates

Healthcare recruiters are quite literally dealing with humans – so why wouldn’t you want candidates to trust you with their information? Regulatory-compliance aside, protecting personal information is just good customer service – and maintaining digital trust is the new currency of business online. You need it, they need it – we all need it.

So why take chances with your candidates’ most valued personal info? With other healthcare recruitment options in abundance, including options to apply directly to hiring hospitals and medical organizations, you simply cannot afford to lose the faith of your candidates. And starting to build digital trust with your candidates starts with showing you care about them – by investing in proactive cybersecurity solutions, like encryption, which protects their personal data.

See how encryption can help build digital trust with your candidates.

5) The future of healthcare is digital

From exchanging Electronic Healthcare Records between hospitals to something as simple as booking a doctor’s appointment online, healthcare is slowly uploading to a digital environment. The UK’s National Health Service (NHS), for example, recently announced an organization-wide ban on fax machines – meaning no more business done by fax in the near-future. You need to be ready for a new digital age in healthcare or you risk being left out of the conversation.

Learn more about the flexible ways you can securely send applicant documents with encryption.

By Nicholas Sawarna, Sr. Content Marketing Specialist, Echoworx

07 Jun 2019

Holy Ship! Why Digital Transformation is Taking the Shipping Industry by Storm

In Medieval Italy, sea merchants invented the bill of lading to confirm receipt of all goods in a shipment. Hundreds of years later, many international shipping firms still rely on paper bills of lading for this same purpose. But paper-based transactions are falling out of favour in shipping, especially with shipping and logistics start-ups coming onto the scene as digital natives. Today, we want to talk about why digital transformation is taking the shipping industry by storm and the risk and rewards that come with it.

 

Four reasons the shipping industry is ripe for digital transformation

 

  1. Paper-based processes are slow – From bills of lading and paying at-sea employees to ship certificates required by the International Maritime Organization, running ships as big as the Empire State Building on paper processes just isn’t efficient. According to a recent article by The Economist, Maersk found that processing one shipment of avocados from India to the Netherlands involved 200 communications across 30 parties! In an era when shipping companies support consumers’ same-day delivery expectations, it’s essential to save time in port and at sea. This means moving away from fax, paper and telephone communications and moving towards digital systems and processes.

 

  1. Industry 4.0 is transforming the supply chain – Industry 4.0—also known as the fourth industrial revolution—is bringing automation, data and the internet of things to the global supply chain. For this to work effectively, all players must be connected to the digital supply chain. As digitization becomes business as usual across the supply chain, shipping companies that can’t connect to this global infrastructure will be left behind.

 

  1. There’s increasing pressure on profit margins – Low vessel utilization rates continue to put financial strain on shipping companies. Implementing digitized operations reduce costs by optimizing shipping capacity and routes.

 

  1. Digital trade-finance platforms are growing – Governments, banks and insurers are working together to create digital trade-finance platforms to digitize trade and financing activities for importers and exporters. This will lower costs and reduce risk of double financing and fraud. Greater adoption of digital trade finance platforms—such as Marco Polo and we.trade—puts pressure on shipping companies to go digital.

 

Cybersecurity risk in the shipping industry

 

In 2017, the UK shipping company, Clarkson PLC, fell victim to a massive cyberattack orchestrated through a single compromised user account, which provided access for hackers to a vast trove of sensitive customer details. It goes without saying that with increased digitization comes the increased risk of cybersecurity attacks, data breaches and insider threats. Instead of shying away from digital transformation, shipping companies must simply embrace the cybersecurity risk management and staff education that comes with it. It’s also essential to get the help they need to integrate secure digital processes, communications and a user-friendly encryption solution into their businesses.

The rewards of digital transformation in the shipping industry

 

Undergoing digital transformation in shipping reduces errors, improves customer satisfaction and trust through increased logistics transparency, speeds up formerly manual processes and increases connectivity for crew and off-ship asset management personnel. Of course, we strongly recommend building privacy by design into any digital transformation projects, including a flexible encryption solution that protects all ship to shore communications (and vice versa).

And while there are costs associated with digital transformation, enterprise-level organizations can recoup some of these costs with a proven encryption solution. For example, a recent Forrester Total Economic Impact™ study, revealed that a typical enterprise-level organization using Echoworx’s OneWorld encryption platform can expect an ROI of 155 per cent—with upwards of $2.7M in cost-mitigating benefits. This same study showed that using the OneWorld platform to replace on-premises legacy encryption solutions meant organizations could save the full software cost of previous solutions and avoid other legacy-related costs for a three-year savings of $793K.

Get the full Forrester Total Economic Impact™ study of OneWorld now.

With encryption as part of your digital transformation project, you can also assure your customers that their goods and containers have more protection than a 15th century Venetian piece of paper can offer.

At Echoworx, encryption is all we do. Our OneWorld encryption platform and cloud security services are a natural extension to existing security programs and offer a wide range of flexible options for secure message delivery. You can learn more about the ROI of Echoworx OneWorld encryption here.

By: Kevin Foxton, Technical Operations and Security Team Lead, Echoworx

05 Jun 2019

Securing Silos: The Case for an Omnichannel Approach to Digital Government

What if government worked like a business? What if a bureaucrat in one department could communicate seamlessly and securely with a politician in another?  What if departments could work collaboratively on procuring contracts?

When a government embraces a digital first strategy, effective secure communications serve an important function for their system to operate in a streamlined fashion. From frontline citizen-facing tasks, like sending a prescription or a temporary driver’s license, to more complex internal tasks, such as the procurement of a new multi-million-dollar research vessel, the need for flexible, frictionless and secure lines of communication exist at almost every level.

1) Omnichannel is about collaboration

In marketing, an omnichannel approach to sales implies a seamless shopping experience regardless of where a customer is located or what a customer is looking at. For government, an omnichannel experience implies a barrierless collaborative environment between all departments, all ministries and all levels within. In other words: a digital government, which aims to streamline all services, should be striving for an omnichannel environment.

2) Encryption needs to be part of the conversation

From the EU’s General Data Protection Regulation (GDPR) to regional privacy laws in the US, like California’s AB375, privacy continues to be a major driver of policy surrounding all-things-digital. So when it comes to streamlining communications between ministries, the public, third-party vendors, lobby groups or other external organizations, messages containing sensitive personal data need to be secured with airtight encryption to help mitigate the risk of headline-grabbing data breaches.

3) Encryption should enable a digital government – not hinder it

In the private sector, encryption is becoming a competitive differentiator – with customers preferring organizations who value their personal data. This aspect of a customer-first mantra should be no different for digital government. In addition to offering a frictionless encryption experience, both for internal and external users, an effective encryption tool needs to be flexible enough to suit every government use case – from complex government procurement orders to something as simple as a doctor sending a prescription to a patient.

Check out how these enterprise-level organizations are leveraging our OneWorld encryption platform.

4) Good encryption should pay for itself

Since they are bankrolled by the very people they serve, governments need to justify every dollar (and penny) spent. So adopting a robust flexible encryption solution with all the trimmings is usually not top-of-mind in terms of how to allocate their budgets. But, although an effective encryption platform can be expensive, the cost-mitigating benefits should outweigh the overhead.

Take Echoworx’s OneWorld encryption platform, for example. According to a recent Total Economic Impact™ (TEI) study conducted by Forrester Research, implementers of OneWorld can experience a payback period of less than seven months – in addition to both a return-on-investment (ROI) of 155 per cent and upwards of $2.7M in cost-mitigating benefits.

See the full TEI study by Forrester Research here.

Digital is better. Period.

While initial worries might include questions regarding accessibility for those members of the public not comfortable with digital correspondence, or perhaps more abstract questions regarding security, at the end of the day, citizens of any digital government soon appreciate the benefits of encrypted communications over snail mail. The ease of access offered by the instantaneous nature of digital messages, paired with an excellent user experience and secured by airtight algorithms is hard to argue against.

See if Echoworx is right for your government.

By Michael Roberts, VP Technology, Echoworx

04 Jun 2019

Encryption Mosaic: The New Diverse World of Secure Communications

Dial back the clock several million years and you find a crowded ocean of creatures surrounding lush green lands devoid of any vertebrate activity. Then one fish walked out of the sea and changed our terrestrial course forever. But did this ambitious fish have revolutionary intent? Certainly not – instead focusing on more immediate needs of food and new territory.

The same can be said about contemporary demands for secure digital communications. While digital communications enable transcendence from the world of paper mail, making the sending and receiving of information instantaneous, they inadvertently make our most-precious personal details more exposed and more open. And, with no way to turn back the clock, the case for encryption protection of sensitive information grows – and evolves.

But, as more and more industries migrate online, we are beginning to see that this brave new digital world is not one-size-fits-all – especially when it comes to secure digital communications. From different customers to different jurisdictional regulations protecting them, an encryption solution needs to be as flexible as the diverse array of organizations it serves.

Here are key points to consider in determining the factors affecting secure communications, why needs are so diverse and where exactly you might start placing your organization in the encryption mosaic:

1) Regulatory fines with sharp-teeth

Where an organization is located can influence how much they are expected to protect their data. In Denmark, for example, encryption is now mandatory for all communications containing the personal data of Danish citizens under its jurisdiction, according to its own interpretation of the General Data Protection Regulation (GDPR) affecting EU country members. Failure to comply with the GDPR, and other similar regulatory bodies or laws, like Canada’s recently-updated Personal Information Protection and Electronic Documents Act (PIPEDA), for example, can lead to devastating fines and even more devasting brand damage.

Echoworx recognizes that not all countries protect the personal data and the privacy of their citizens the same. To help prevent prying bureaucratic eyes or to avoid non-compliance with jurisdictional regulations, Echoworx’s cloud-based encryption solutions are available on AWS Cloud in 13 countries. We also have SOC2 and ICO-certified data centres in the US, UK, Germany, Ireland, Mexico and Canada, ensuring all sensitive data stays close to home.

2) Different industries – different business cases

While organizations operating in the banks, financial services and insurance (BFSI) realm were the first wholesale adopters of encrypted communications, the technology is exponentially permeating through to other industries. According to a recent Ponemon study, for example, manufacturing and services organizations are beginning to crack into the encryption market – accounting for 12 and 11 per cent respectively.

And, as new industries begin to implement encrypted secure communications, so does demand rise for a flexible encryption solution to adapt to different business use cases. At Echoworx, for example, we offer a cloud-based scalable encryption solution featuring multiple secure user-friendly delivery methods to fit any business process.

Learn more about the different ways you can send secure information with Echoworx.

3) Users are changing

From mobile banking to Generation Z, how users send information and what exactly they are willing to send is changing at a rapid clip. Today’s users are tech-savvy and quick to provide personal details but even quicker to move on if an organization mishandles their data. They demand instantaneous communication and a streamlined user experience with organizations they work with. To avoid going the way of the dodo bird, you need to go above and beyond to make sure they come first – all while ensuring that their sensitive personal data is protected.

With Echoworx, you can tailor every aspect of your encryption experience to put your customers first – from the way they access a secure message to something as simple as the ability to brand. And, to further avoid any negating situations affecting user experience, Echoworx offers services in 22 languages for all our flexible delivery methods – ensuring nothing is lost in translation.

Explore these different delivery methods here.

4) Encryption isn’t just an IT issue anymore

From headline-grabbing data breaches to something as simple as customer experience, encryption is no longer a backroom IT issue – it’s a business issue. But implementing an encryption program isn’t as simple as adopting a solution and flipping a switch. There needs to be a universal internal change of culture at most organizations. For example, while 50 per cent of CEOs are concerned most about possible detrimental impacts to user experience when adopting a security solution, 88 per cent of IT professionals view encryption as costly, difficult and a constraint on business productivity.

Echoworx works with companies to ensure encryption solutions are as non-intrusive and as streamlined as possible – from deployment to the end user. In our capacity as a third-party encryption provider, we support our clients, reducing the additional strain of user help queries, and, with nearly two-decades’ worth experience in the encryption market, we can adapt to any business case.

Learn more about working with Echoworx.

By Nicholas Sawarna, Sr. Content Marketing Specialist, Echoworx

Sources:

  • Ponemon Global Encryption Trends Study – April 2018
29 May 2019
Secure Digital Communications for a Digital First Government

Secure Digital Communications for a Digital First Government

In addition to caring for its citizens, a good government communicates with and listens to its citizens’ questions, concerns and comments. But, in today’s digital world, where private sector corporations are lightyears ahead, a government cannot effectively communicate with constituents via snail mail. From the internal costs associated with printing and stuffing envelopes to the disappointment of a constituent receiving a plain white envelope stuffed in their mailbox well after the fact – requiring postage for return correspondence – snail mail just isn’t good enough.

But there’s more to sending a digital communication then clicking ‘Send.’

Here are some questions to consider when sending a secure communication to a constituent:

  1. Is the data sensitive?

As a rule, most government communications being pushed to a constituent are going to contain personal information one way or another. And, from identifying medical information to something as simple as an address, a sender and their ministry or department can be on the hook for massive fines if this information is lost, breached or misplaced.

The Ministry of Natural resources in Canada, for example, might be responsible for communicating information regarding fracking to constituents living in an area which is licensed to be drilled for natural gas. Instead of initiating a massive snail main campaign, requiring postage, envelope stuffers, among other factors, the Ministry might opt for a bulk mail digital communication pushed direct to concerned constituent mailboxes. In order to avoid fines associated with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), the Canadian equivalent of the EU’s General Data Protection Regulation (GDPR), these communications need to be protected.

The Secure Bulk Mail (SBM) delivery method, a feature of the Echoworx OneWorld encryption solution, is perfect for situations as outlined above. In addition to offering a personalized and user-friendly message environment for mass lists of recipients, SBM protects communications with encryption complete with tracking metrics – so a sender can ensure their message safely reached its intended destination.

Learn more about Secure Bulk Mail.

 

  1. Who is receiving an encrypted message?

Like customers of a large enterprise-level corporation, a government serves a whole diverse population of different organizations, corporations, lobbyists and citizens. But, unlike large corporations, a government is a coagulation of many different moving parts – some with little to nothing in common. Any encryption solution employed by a digital first government needs to be flexible and accommodating to all situations – from a doctor sending a patient file to another hospital to a bureaucrat procuring a contract from a vendor.

While sending an encrypted message should not be a complicated task, one does not simply ‘encrypt’ a message. In addition to common secure channels, like TLS, any modern-day encryption platform will offer multiple encryption delivery options to ensure a message can be received and is not sent in the clear – without protection.

But, in today’s customer-centric world, encryption is as much about user experience as it is security. Depending on who is on the receiving end of a message, or whether the message is a part of something more collaborative in nature, a sender needs to make sure their message doesn’t look like spam. Secure messages need to be consistent in look-and-feel and device-agnostic to provide an excellent user experience.

See how large organizations, like government, are leveraging encryption.

 

  1. Do international privacy regulations apply to government?

From the EU’s General Data Protection Regulation (GDPR), which protects the privacy of citizens of EU member countries, to Australia’s controversial government-mandated backdoors, in the name of national security, there is a whole patchwork of international privacy laws to be aware of outlining how data can be collected, what data can be collected and for what purpose. As a rule, it is generally recommended to abide by more extreme privacy regulations, like Denmark’s mandatory encryption rules, for example, to avoid headline-grabbing fines for mishandling data.

The best way to ensure data being sent by a government abides by privacy regulations, whether its own or those applicable to citizens covered under international laws, is to protect data at all points in transit. While encryption may be enough to satisfy these regulations, additional safeguards are necessary to prevent data from making compromising touchpoints in countries with more relaxed privacy rules.

With data centres in Canada, the US, Mexico, Ireland, the UK and Germany and operating in 30 countries around the world and counting, Echoworx is fully prepared to ensure private data stays private and doesn’t make any unwanted stops along the way – from sender to recipient.

Learn more about Echoworx’s secure safeguards.

 

  1. What language do constituents speak?

Multi-lingual service options are musts for many governments and their respective ministries and departments around the world. These needs are no different when it comes to sending secure communications. In addition to alleviating confusion for recipients, having a flexible encryption platform capable of supporting multiple languages is just good customer service.

For better, more-inclusive, secure communication, the OneWorld encryption platform supports 22 languages and the list is continually growing. This ensures messages are available in all official languages of an electorate and that nothing is lost in translation.

Learn more about the customizable branding options of OneWorld – including languages.

 

  1. When should a government ask for help?

Unlike nimble tech start-ups, or even seasoned financial services organizations, a government can be slow to move and quick to over-acquire. In addition to the huge cost-mitigating factors of dedicating IT specialists and support staff to run and maintain an in-house encryption operation, working with a third-party encryption provider, like Echoworx, can help save massive amounts of cash through eliminating cumbersome paper processes – leaving more money to be allocated for more important projects.

Learn more about the cost-mitigating benefits of Echworx’s OneWorld encryption platform in a recent Total Economic Impact™ (TEI) study conducted by Forrester Research.

By: Christian Peel, VP Engineering at Echoworx

 

21 May 2019
The challenges of a digital government

The Wireless Government: Why a Digital Government is a Better Government

From large conglomeratic banking institutions to massive global shipping firms, the world’s ‘upload to all-things-digital’ continues at breakneck pace. And so does the patchwork list of regional, national and even international privacy regulations dictating who can and how to do business in this brave new digital world continue to grow. But are governments at-risk of slipping behind the very regulations they aim to impose on their business communities?

As American poet Walt Whitman lamented over a century ago: “That powerful play goes on, and you may contribute a verse.” The same can be said for those who run legacy government infrastructure to (finally) take their processes into the 21st Century. And, as our planet continues its perpetual rotations around the sun, the digital world might continue to grow – with or without them.

So how does a government upload their tangle of ministries, services and legislature into a wireless world?

Making digital a priority

From large digital initiatives, like the UK National Health Service (NHS)’s blanket ban of fax machines, announced in early-2019, which affects 1.2 million people, to even more ambitious total uploads of government services, like the Government of Ontario’s digital first strategy, outlined in the Canadian province’s 2019 Budget, governments are beginning to take note of the importance of digital communication. Not only is going digital environmentally friendly, but the resulting systems are streamlined, instantaneous and competitive.

And, with digital adoption, comes the need to communicate securely. From complex back-and-forth procurement agreements with vendors to sensitive citizen services, like sending health records between hospitals, encryption plays an important role at every level of a digital government. At Echoworx, we facilitate seamless transitions from cumbersome paper communications to paperless solutions.

Here’s how enterprise organizations are uploading legacy systems to the cloud.

The challenges of a digital government

Unlike the nimble tech start-ups we have become used to, most governments are the product of decades – even centuries – of incoming politicians, revolutions, legislature and mountains of paperwork carefully wrapped in layers of red tape. In other words, they are hardly the right environment for the fast-moving sweeping changes necessary for digital innovation. Combined with a contemporary customer-centric digital business model, which balances an excellent user experience with airtight secure data-protecting algorithms, and you have a true bureaucratic headache on your hands.

Working with third-party providers, like Echoworx, can help mitigate the workload of uploading an existing paper-based system online. From helping banks send millions of e-statements per day to something as simple as adding branding and language options to a secure communication, for examples, third-party providers are experts at what they do and offer seamless access to existing digital infrastructure.

Here are some advantages of third-party email security systems.

A new type of government

When a customer enters a coffee shop, they are prompted to join a queue to either place an order with a smiling barista or pick up an order they commanded via a mobile device. While in line, this customer is presented with an array of colour, branding and, most important, impulse buys or add-ons shown as tantalizing options through display case glass – just out of reach.

This coffeeshop model of greeting, presenting and selling to customers is a form of client stewardship beginning to permeate into banks, financial services and even insurance organizations. The cold professionalism of yesteryear is rapidly being replaced by a more fun, inviting and open model which puts the customer at ease and, most importantly, puts them first.

For government services, the goal needs to be the same – offering seamless digital services which add a warm pulse to sometimes cold mundane processes. And this inviting environment starts with opting out of soulless white envelopes for the more engaging and instantaneous world of encrypted digital communications.

Take the mass encrypted messaging capabilities of Echoworx OneWorld, for example. Using OneWorld’s ‘Secure Bulk Mail’ delivery option, senders can deliver encrypted, branded and personalized communications to massive lists of recipients at the click of a mouse. In addition to leveraging the monetary savings of going paperless, Secure Bulk Mail offers senders options to track the status of their messages – which is especially important to government departments and ministries who need to send out mass messages to concerned or affected citizens.

See Echoworx’s full array of secure flexible delivery methods.

Going digital keeps the treasury happy

Like in the business world, a government is always keeping an eye on its bottom line. But, while a business may experience ups and downs, answering to its board or shareholders, a government ultimately answers to its citizens – who vote during elections. In addition to streamlining services and enabling simpler secure dialogue with constituents, a digital government also has additional cost-mitigating factors to consider.

For example, according to recent Total Economic Impact™ (TEI) study conducted by Forrester Research, the average enterprise-level organization, such as a government, can expect cost-mitigating benefits valued at up to $2.7M. And, given an average $1 cost-per-page associated with sending communications via traditional snail mail, a government has the potential to save approximately $1.5M over a three-year period.

But the best part? With an average payback period of about seven months, a government can adopt OneWorld, a fully flexible, user-friendly and robust enterprise-level encryption solution and get their money back before election time!

See the full TEI study of OneWorld by Forrester Research here.

By Nicholas Sawarna, Sr. Content Marketing Specialist, Echoworx

08 May 2019
Encryption Isn’t Just for Financial Services

No End in Sight: Encryption Isn’t Just for Financial Services Anymore

From bank statements to something as simple as applying for a new credit card, discretion of sensitive personal data is an expected feature at any reputable bank, financial service or insurance (BFSI) institution. So it’s a no-brainer why, as more BFSI organizations move to a full digital environment, they continue to prioritize data protection measures – like encryption. But, while these organizations may be the overwhelming past and present juggernauts of secure communications, BFSI organizations by no means represent the sole future of this growing necessity in our digital world – a digital world where security spending is forecasted to exceed $124B in 2019 alone.

So how exactly is the realm of secure communications changing? It’s becoming a keystone of any customer-centric business plan – and, in some cases, even mandatory – regardless of industry.

Encryption no longer an add-on

As early adopters of encryption, BFSI organizations marketed their secure document delivery systems as ‘environmental-friendly’ or ‘postage-saving,’ with more onus put on the customer as an optional add-on. But in addition to streamlined, tree-saving digital features, a more substantial societal embrace of digital delivery methods has given rise to new regulations with teeth paired with expectations that sensitive personal data is being protected. Consequently, nearly 50 per cent of encryption adopters today, according to Echoworx data, state compliance as a primary reason for implementing an encryption strategy.

Encryption for all!

While BFSI organizations continue to be the more-prominent adopters of encryption, accounting for a healthy 15 per cent of respondents in a recent Ponemon study, other industries are beginning to take note. In fact, according to the same report, manufacturing and services organizations are not far behind – accounting for 12 and 11 per cent respectively.

This changing trend isn’t a trend at all – but rather an evolution of how we protect data. As a tool of customer stewardship, encryption is a way for all industries to demonstrate that they value and care about the personal data of their patrons. As a mutually beneficial relationship, the resulting digital customer trust encourages consumers to continue conducting business while enabling an organization to effectively collect adequate amounts of data without compromising their integrity – resulting in better customer service.

Echoworx recognizes that the world of encryption is becoming more three-dimensional and varied in terms of its business use cases. In order to accommodate the mosaic of industries set to explode into the encryption market, we offer a wide array of flexible, scalable and user-friendly encryption solutions to streamline any business process.

See some real-world encryption use cases here.

Changing customers, changing views on privacy

From the introduction of encryption to popular instant messaging app WhatsApp in 2016 to headline grabbing violations of international privacy regulations, like the massive €400K fine issued to Uber France for their fumbling of sensitive personal data, consumers are now more aware of and concerned for protection of their personal data.

And yet they continue to provide their most precious digital details with little prompting – less prompting than needed for them to disclose their address to a first date, according to Echoworx data. But, if digital customers are easy to get, they are even easier to lose after a data breach and impossible to get back. So why take chances with their data?

According to a recent PwC report, strong levels of digital customer trust are a keystone of any customer service plan. In terms of sharing data, for example, 88 per cent customers who trust an organization are more likely to provide accurate, reliable and consistent personal data. This, in turn, provides more information with which an organization might fine-tine their customer service program.

At Echoworx, we know that offering a streamlined encryption experience is not only good for customer experience – it helps bolster the levels of digital trust needed to build effective business relationships. As more industries go online and digital, this trend is set to occupy a more prominent role in most business use cases.

Learn more about customer experience, digital trust and encryption.

New international regulations demand encryption

By now we know the General Data Protection Regulation (GDPR) of the EU is spurring governments to take matters of data privacy seriously. But did you know that EU citizens are protected by the GDPR regardless of where they live or work? Did you know that Danish interpretations of the GDPR mean encryption is now mandatory for all business in Denmark? Did you know that the UK’s National Health Service (NHS) is eliminating fax machines completely?

Like it or not, organizations looking to compete internationally are going to have to adopt proactive data protection policies, like encryption, into every process. At Echoworx, we realize this can be complicated for massive international organizations sending out millions of sensitive messages a year. That’s why we have data centres located in six countries – including locations in the EU zones.

And it’s not just about the EU!

The encryption forecast is cloudy

While legacy on-premise encryption solutions might continue to dominate the market to the end of the decade, cloud-based encryption continues to grow. In fact, according to a recent Ponemon study, encryption in public cloud services grew over 10 per cent in 2017 – the highest year-over-year growth of any encryption use case observed in the report. We expect this trend to continue and grow stronger.

At Echoworx, our scalable and flexible encryption solutions and worldwide presence are prepared for this cloudy new world. Our team of experts can help you migrate your on-premises encryption infrastructure to the cloud without any business disruption.

In addition to gaining the benefits of multiple delivery methods, branding and language options and other natural extensions to your existing system, there are additional cost mitigating benefits of working with Echoworx in the cloud. According to a recent Total Economic Impact™ study of Echoworx’s OneWorld encryption platform conducted by Forrester Research, for example, additional value is unlocked by working with us as a third- party provider – including cutting down on overhead like support time and additional resources required to run encryption infrastructure in-house.

Learn more about the Forrester TEI study of OneWorld here.

Encryption is bigger than finance!

Encryption is no longer just about saving paper on bank statements – it is becoming a part of everyday conversation. From international privacy regulations to customer service to actual customer expectations, encryption is no longer an option – regardless of industry. As we continue our march toward a brave new digital world, you want to make sure your organization doesn’t fall by the wayside. Be prepared – be proactive – talk to us today.

By Nicholas Sawarna, Sr. Content Marketing Specialist, Echoworx

———

Sources:

  • Gartner Information Security Forecast – August 2018 | Ponemon Global Encryption Trends Study – April 2018 | PwC Report – Securing customer trust
03 May 2019
how to make a business case for encryption

How to Make a Business Case for Encryption

Worldwide, more than 290 billion emails are sent every day. In enterprise-level organizations, digital communication is a competitive advantage over snail mail because it’s faster, cheaper and easier to deploy. But cost savings can disappear the instant an organization experiences a data or privacy breach, which is all too common. In 2018, 4.8 billion records were stolen during breaches—that’s more than 9,000 per minute—and less than three per cent of those records were encrypted.

Today, we’ll do a quick review of two reasons email encryption is business-critical and what to look for in an encryption provider if your organization would like to minimize risks and costs associated with keeping email secure.

Why email encryption is critical in business: the high cost of losing trust

If your organization collects, manages and disperses personal information, it’s essential to deploy user-friendly encryption to secure that data as it flows through email. Of course, it’s the right thing to do, but it’s also what customers want and expect. For example, 87 per cent of CEOs invest in cybersecurity specifically to build customer trust—because once you lose trust, you lose the customer. When customer trust and satisfaction is tied into data security, it’s easy to see how email encryption no longer fits into the nice-to-have category. It’s now essential.

Why email encryption is critical in business: compliance & avoiding fines

Implementing an encryption solution also helps you keep government hands—mandated by legislation—out of your pockets.

If your organization doesn’t protect data from being intercepted on route, the fines can be substantial. Just one year in after launch of the General Data Protection Regulation (GDPR) in the EU, for example, and we are already seeing massive fines – like the €50M fine Google was ordered to pay at the beginning of 2018 for GDPR violations.

In Canada, under the newly-updated Personal Information Protection and Electronic Documents Act (PIPEDA), it’s now mandatory to report data breaches, with non-compliance fines going as high as $100,000.

With privacy legislation expanding—California, New York and even Qatar, among many others, have created their own guidelines—organizations can no longer afford to ignore email encryption for private data. Privacy legislation now has teeth and the fines are steep.

There’s no question that taking care of your business means encryption. The next thing to do is work with an encryption provider who understands your needs and addresses them effectively.

Finding an encryption provider that works for you

Global information security spending, as a whole, is set to exceed $124B in 2019, according to a recent Gartner report —which means your organization has a lot of choice when it comes to encryption solutions. This choice is good but can also lead to overwhelm and poor decisions. For example, if an organization has an encryption solution in place, but it’s not widely used, it can mean they didn’t choose an encryption provider that could meet their needs and guide them through the process. We don’t want that to happen to you, so we put together a list of things to look for in an email encryption provider.

Seven things to look for in an enterprise-level encryption provider:

  1. Proven track record – Ask how long the provider has been working in encryption. At Echoworx, for example, we understand the risks of email management because we’ve been providing encryption solutions for almost two decades.
  2. Solutions that go beyond out-of-the-box encryption – While out-of-the-box encryption is much better than zero encryption, look for a provider that can counsel you on solutions based on your needs. Many enterprise-level organizations require flexible delivery and policy-based encryption options—which go beyond the box.
  3. Cloud solutions that reduce overhead – Sending encrypted messages simply costs more when you run a legacy on-premise encryption solution. Costs include hardware and physical on-premise servers and staff to run them. Look for a third-party encryption provider that allows you to upload your secure communications to the cloud, offload support queries, gain access to encryption experts, save money and put less burden on your IT resources.
  4. Data centres around the world – Worldwide data centres allow users to deploy communications within their jurisdictions and within regulatory compliance. For example, at Echoworx, we have data centres in six countries: Germany, Ireland, the United Kingdom, Canada, Mexico and the United States. This helps cut costs, maintain compliance and cuts down on deployment time.
  5. Reputation management – Every time a piece of sensitive information leaves an organization’s digital perimeter, it puts a company’s reputation at-risk. An encryption provider should understand this risk and offer solutions like full brand alignment in multiple languages to support a seamless end-user experience.
  6. Systems that support dynamic scaling – Can your provider’s encryption solution scale dynamically as email demand on the system fluctuates from day to day or even hour to hour—and accommodate increased demand without delay? Is your system available in AWS Cloud in 13 countries?
  7. Vetted partners for peace of mind – Do you trust your provider to handle your data securely and responsibly? At Echoworx, we subject our business to regular audits. We are proud to be: SOC2 Certified, Web Trust Certified, a Microsoft Root Certificate Member and an Apple Root Certificate Member.

One last thing to look for in an encryption provider: a track record of positive return on investment (ROI).

A recent Forrester Total Economic Impact™ study, for example, revealed that a typical enterprise-level organization using Echoworx’s OneWorld encryption platform can expect an ROI of 155 per cent—with upwards of $2.7M in cost-mitigating benefits. This same study showed that using OneWorld’s self-service support options—like automatic password resets—increases call centre productivity, removes the need for additional overhead and can save enterprise-level organizations almost $320K over three years.

Get the full Forrester Total Economic Impact™ study of OneWorld now.

As you can see, the cost of unencrypted email communications is high and the risk too great. Isn’t it time you found a trusted encryption provider that can meet the needs of your business and customers?

By: Beverly Barrett, Director, Channel Management, Echoworx

21 Apr 2019
healthcare security

Encryption in Healthcare? Improving the Prognosis of Data Security

Healthcare organizations collect, manage and distribute an enormous amount of medical and personal information and they’re constantly at the mercy of budget constraints and cuts, which leaves them vulnerable. On top of that, healthcare is the only industry where more breaches happen because of insider threats than outside malicious agents and it’s tied for first place for the most breaches across all sectors.

In a nutshell, healthcare is in critical condition when it comes to cybersecurity.

To address this condition, enterprise-level healthcare organizations, hospitals and their third-party business associates can increase data security and reduce risks of breaches by implementing user-friendly and customer-centric encryption services.

Customer-centric encryption is so important in healthcare because many agencies are transforming from paper to digital records while dealing with preventable insider threats (often in the form of delivery errors). This means to get the most out of encryption, healthcare organizations must consider how easy it is for patients, employees and business associates to use and trust the encryption solution.

What customer-centric encryption looks like in healthcare

The customer experience differentiators that healthcare organizations should look for in an encryption solution include:

  • Integration of privacy by design features like definable policies to control which communications require encryption and how they are sent. This takes security decision-making out of the picture for busy healthcare administrators and ensures your organization stays compliant with regulations like the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health Act (HITECH) and the General Data Protection Regulation (GDPR).
  • Multiple flexible delivery methods for different types of secure encrypted communications, including secure PDF (e.g., secure record delivery) and web portal access, TLS and encrypted attachments and support for S/MIME and PGP.
  • Easy and frictionless user experience for employees, patients and business associates. This is especially relevant in healthcare organizations that serve an aging population who aren’t as tech-savvy as the general population. The World Health Organization suggests, “primary health care must be accessible and friendly to persons of all ages.” We agree and believe this applies to accessing patient records too.
  • Secure bulk mail functionality that automates the process of emailing mass personalized documents securely. As the British National Health Service (NHS) can attest from its 2017 experience, losing 900,000 patient letters is no good for patient trust in their system.
  • Multiple brand and language options to give patients the peace of mind that comes with receiving secure messages from a trusted source.
  • Dedicated account support to help organizations understand how email encryption fits into their patient care and business models.

An encryption solution for healthcare organizations should be easy for employees to use. First, because making secure encryption the path of least resistance increases user adoption. And secondly, because data security breaches happen most frequently at the employee level in healthcare. For example, did you know that employees are increasingly exposed to malware hidden in Microsoft Office documents sent through email?

A matter of trust in healthcare

As we’ve seen in other industries like banking, trust is becoming a new currency and this equally applies  in healthcare because patient data is so personal. Healthcare patients expect that medical transactions—including booking an online appointment, communicating with a medical professional and having health records sent between institutions—are safe and secure, which builds trust. If patients don’t believe your healthcare organization can protect their data, they  lose faith and—when possible—they  leave. A recent Echoworx survey found that 80 per cent of customers consider leaving a brand after a data breach. With so many leaders concerned about organizational reputation—and in an increasingly competitive private healthcare landscape—can you afford an encryption solution that doesn’t give your employees, patients and business associates a frictionless user experience?

How healthcare organizations can achieve cost savings with encryption

In addition to supporting a patient-centred business model and reducing the risks of insider threats, there are financial benefits associated with adopting a flexible and frictionless encryption solution.

A recent Forrester Total Economic Impact™ study, for example, revealed that a typical enterprise-level organization using Echoworx’s OneWorld encryption platform can accelerate the adoption of digital document delivery, save $1 per paper document delivered digitally instead of through the postal system and accumulate a three-year cost savings of $1.5M.  This same study showed that adopting OneWorld’s self-service support options, like automatic password resets, increases call centre productivity, removes the need for additional overhead and can slash nearly $320K off the bottom line of an enterprise-level organization.

Read the full Forrester Total Economic Impact™ study of OneWorld now.

Encryption can save healthcare organizations money on process and system improvements. But that’s not all. Including encryption as part of an overall data security program also helps organizations avoid the cost of security breaches. For example, the average cost for a ransomware incident is $76,000 which sounds like a lot until you see that the average hacking breach costs $2.4M.

With so much at stake in healthcare, isn’t it time to integrate a frictionless encryption solution into your healthcare organization?

This is why at Echoworx, encryption is all we do. Our OneWorld encryption platform and cloud security services are a natural extension to existing security programs and offers a wide range of flexible options for secure message delivery. You can learn more about the ROI of Echoworx OneWorld encryption here.

By Alex Loo, VP of Operations at Echoworx

————

Sources:

2018 Data Breach Investigations Report, 11th edition (Verizon)
Cyber Security and Healthcare: An Evolving Understanding of Risk (Symantec)
https://www.who.int/ageing/primary_health_care/en/

03 Apr 2019
customer centric encryption

Why Customer-Centric Encryption Matters in Financial Services

Before message encryption became mainstream with its incorporation into popular messaging platforms, like WhatsApp, and into deep-reaching, headline-grabbing international privacy regulations, like the EU’s General Data Protection Regulation (GDPR), the financial services industry could usually get away with using overly-complex data security options which were not user friendly. Customers simply didn’t know protecting their data could be seamless and practically invisible.

They know it now and expect customer-centric encryption solutions—especially from the financial services organizations that secure their most sensitive data.

Financial services firms shouldn’t need to choose between security and customer experience. If you look at encryption specs, you’ll notice that algorithms aren’t the primary differentiators of any secure email solution. Almost all contemporary security products feature 2048-bit RSA encryption, 256-bit AES encryption and SHA2 signatures.

The real differentiator is customer experience—how easy is it for customers and employees to use the encryption solution? And do they get the awesome customer experience they’ve come to expect?

Five ways encryption can secure customer-centric innovation

The customer experience differentiators that enterprise-level financial services organizations should look for in an encryption solution include:

  • Definable policies to control which communications require encryption and how they are sent.
  • Multiple flexible delivery methods for different types of secure encrypted communications.
  • Easy and frictionless user experience for employees and customers, no matter how tech-savvy they are (or aren’t).
  • Multiple brand and language options to support brand alignment and customer expectations and to give customers the peace of mind that comes with receiving secure messages from a trusted source.
  • Dedicated account support to help organizations understand how email encryption fits into their business model.

Customer experience is so important because it directly relates to trust—the new currency in banking. Your clients need to trust you with their most personal data and—like it or not—clunky user experiences erode their faith in your ability to protect their data. And when clients lose faith and no longer trust your brand, they will leave. A recent Echoworx survey found that 80 per cent of customers consider leaving a brand after a data breach. With so many CEOs concerned about company reputation, it doesn’t make sense to settle for an encryption solution that can’t support an awesome customer experience—the risk to the brand is just too high.

In addition to benefitting your customer-centric business model, there are added monetary benefits to adopting a flexible frictionless encryption solution. A recent Forrester Total Economic Impact™ study, for example, revealed that a typical enterprise-level organization can slash $2.7M off their bottom line through employing our flexible OneWorld encryption solution.

Get the full Forrester Total Economic Impact™ study of OneWorld here.

Achieving both regulatory compliance and customer-centricity

Like all companies, financial services organizations are subject to privacy regulations like the GDPR. But that’s the tip of the iceberg—and being non-compliant with these privacy laws comes with stiff sharp-toothed penalties.

Regulations financial services companies are subject to or should be aware of include:

  • FINRA guidelines
  • Gramm-Leach-Bliley Act (GLBA)
  • SEC 17A-3 and 17A-4
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Federal Rules of Civil Procedure (FRCP)
  • Sarbanes-Oxley (SOX)
  • EU General Data Protection Regulation (GDPR)
  • Canadian Securities Administrators National Instrument 31-303 (CSA NI)
  • Investment Dealers Association of Canada (IDA29.7)
  • Model Requirements for the Management of Electronic Records (MOREQ)
  • California Consumer Privacy Act (CCPA)
  • New York Department of Financial Services (NYDFS) Cybersecurity Regulation

Since compliance is so integral to the financial services industry, it’s in your organization’s best interest to choose an encryption solution that has privacy by design; this means your secure email platform figures out how to send messages based on the policies you define during your initial service customization. For example, a business partner receives transparent encryption via TLS, a customer receives a monthly statement as a secure PDF attachment and a European bank may require PGP emails because employees have PGP software running on their desktops.

What customer-centric encryption means to your bottom line

In financial services, providing a frictionless and secure customer experience isn’t optional for seamless secure communication. But there are additional monetary benefits to choosing and implementing the right flexible encryption solution. For example, a recent Total Economic Impact™ (TEI) study conducted by Forrester suggests that typical enterprise-level organizations employing Echoworx’s OneWorld encryption platform can slash nearly $320K off their bottom line with the adoption of self-service support options, like automatic password resets – increasing call centre productivity and removing the need for additional overhead.

Customer-centric encryption helps financial services organizations build and keep trust with clients, stay compliant and reduce costs. Isn’t it time to take advantage of this proven competitive differentiator?

The Echoworx Difference

At Echoworx, encryption is all we do. Our OneWorld encryption platform is a natural extension for most existing systems and offers a wide range of flexible, adaptable and dependable encryption delivery methods for use at enterprise-level corporations.

Learn more about the ROI of Echoworx OneWorld encryption here.

By: Christian Peel, VP Engineering at Echoworx

——–

Source: https://www2.deloitte.com/us/en/pages/regulatory/articles/banking-regulatory-outlook.html

09 Mar 2019
Customer Satisfaction

How to stimulate digital engagement with customers

In the offline world, organizations build their customer base slowly over time and these customers generally become and stay loyal to the company—unless there’s a major screw up. But that’s not how it goes in the digital world; though competition is fierce, digital customers are easy to get but hard to keep. Even the smallest user-experience blip can send them packing.

Digital customer engagement—which relies heavily on digital communications—plays an important role in customer experience and satisfaction. Organizations must create an inviting digital environment that encourages engagement and builds digital trust. While digital trust is easy to gain, it’s easier to lose and impossible to get back.

With that in mind, we suggest your digital environment supports these four elements: security, user experience, cost mitigation and compliance. With these in place, it’s easier and safer than ever to stimulate digital engagement with your customers.

Secure communications

Customers expect built-in data security and yet 69 per cent of customers don’t believe organizations do everything they can to protect client data. Your organization can differentiate itself from the competition by delivering on the promise of secure communications. One way to ensure secure communications for all senders and receivers is by using an encryption solution with flexible delivery methods including TLS, S/MIME, PGP and secure web portals. Encryption is a value proposition for businesses that want to gain customer trust while protecting themselves against costly data breaches.

User experience

Customers get a good user experience when data protection is built into the process. Making encryption the default option takes advantage of the human condition—we tend to follow the path of least resistance. Save your customers the trouble of adding an extra step—if they remember or find the time—without leaving encryption to chance. Your choice of encryption can also protect your customers from phishing and spear phishing attacks, where malicious parties mimic your brand via email to steal private information or install malware. Encryption that can support multiple brands with multiple delivery methods in multiple languages assures customers that your secure messages are from a trusted source—not spam.

Cost mitigation

Customer engagement is desirable as part of a streamlined service that helps your clients and supports your business model. But if customer engagement systems chain you to the same old clunky hardware, more IT resources and more customer support staff, the costs can soon outweigh the benefits. The good news is it doesn’t have to be this way. For example, according to a recent study commissioned by Echoworx, moving your PGP system to a cloud-based encryption environment alleviates nearly $800K of on-premise legacy system costs—without any disruption to your customers.

See the full report here.

Compliance

Organizations are subject to multiple privacy regulations—including GDPR, PIPEDA and HIPAA—depending on where they operate and where their customers live. Violating these regulations leads to fines and penalties. For example, GDPR violations can cost up to $20 million or four percent annual turnover (whichever is greater). These regulations also make it mandatory to report any data breach. To give you an idea of how fleeting digital trust is, most digital customers will leave forever once they hear about a breach. When you choose an encryption platform, make sure it includes features to keep you on the right side of compliance—and helps your customers feel secure during their online engagement with you.

It’s harder and more important than ever to maintain digital trust. Set yourself up for success by implementing systems like encryption to support and stimulate your online customer engagement activities.

The Echoworx Difference

At Echoworx, encryption is all we do. Our OneWorld encryption platform is a natural extension for most existing systems and offers a wide range of flexible, adaptable and dependable encryption delivery methods for use at enterprise-level corporations.

Learn more about Echoworx OneWorld encryption delivery methods here.

By Alex Loo, VP of Operations at Echoworx

26 Feb 2019

A Perfect 10? Why Flexible Encryption Matters for Your Business

According to Forrester, “consumers use technologies that support convenience and put a higher value on CX (Customer Experience).” And as banking, financial service, government, healthcare, legal and compliance professionals know, customers expect that experience to include encrypted communications and data protection. If your organization uses an out-of-the-box email security product with built-in email encryption, you’re off to a good start.

But if you’re leading a customer-obsessed organization, a tailored approach to encryption is likely more aligned to your business values than an out-of-the-box solution. Implementing a flexible encryption solution as a natural extension to your existing encryption framework takes your data security and digital trust factor from good to great.

Here are four business reasons for adopting a flexible encryption model:

1 – Increase nimbleness and continual alignment to business processes

Business processes vary across any organization. One group sends millions of e-statements monthly while others send sensitive documents one at a time to internal or external parties. Enabling an encryption platform with flexible controls for every scenario gives you the power to create a customizable user experience for senders and recipients while staying in control of encrypted messages that are in transit and at rest.

2 – Build trust instantly with multiple language and branding options – 

If your organization operates internationally, excellent customer experience includes communications in your client’s preferred language. And it goes without saying, all communications must be aligned to your brand no matter which line of business sends them. With 79 per cent of people taking less than 30 seconds to evaluate the safety of an email, off-brand but legitimate emails from your company can quickly get categorized as spam and cast doubt on your organization’s digital trustworthiness. With Echoworx OneWorld, a natural encryption extension for common enterprise solutions, you can set language policies to automatically apply to encrypted communications based on sender, brand, locale and receiver attributes.

3 – Get ahead of your competition in information security management –

In a recent survey of IT professionals and IT decision-makers, we found that although encryption is a priority for most organizations, less than half the organizations with encryption software use it extensively. This means that in any industry, chances are good that using a flexible encryption solution to secure delivery methods can be a differentiator for your business.And when you choose a user-friendly option, your encryption and data security measures become a customer-centric value proposition. Take mobile and desktop user experiences, for example. With over 80 per cent of emails being initially read on some form of mobile device, any encryption solution should offer a comparable or identical desktop user experience.

4 – Increase long-term performance through proactive risk management –

The 2018 Global State of Information Security Survey report suggests that long-term economic performance is more likely when companies increase risk resilience rather than merely attempt to avoid risk. This happens because resilient companies—ones with disaster recovery or business continuity plans—can bounce back faster from unfortunate incidents than those without. From a cyber-security point of view, proactive risk management includes encryption that supports multiple secure delivery methods with effective fallback options, secure password encryption procedures and a streamlined user experience that makes using encryption the easy default.

In a customer-obsessed business culture, organizations must be proactive about meeting and exceeding client expectations while keeping client data secure. It’s easier and more necessary than ever to adopt secure encryption across your organization. Securing sensitive data is the right thing to do—and comes with a strong business case.

The Echoworx Difference

At Echoworx, encryption is all we do. Our OneWorld encryption platform is a natural extension for most existing systems and offers a wide range of flexible, adaptable and dependable encryption delivery methods for use at enterprise-level corporations.

Learn more about Echoworx OneWorld encryption delivery methods here.

By Christian Peel, VP Engineering, Echoworx

22 Feb 2019
who controls your encryption experience

Who Controls Your Encryption Experience?

At its core, security is an exercise of control. Security controls how our property is used, who has access to it and keeps it safe. In cybersecurity, this notion generally refers to the protection of an organization’s digital assets– keeping data safe and sound.

But what happens to this secure sense of control when data goes beyond your reach – outside your digital perimeter? You encrypt it.

Here are some points to consider for effective encryption – without relinquishing control:

 

  1. Compliance needs met with encryption

     

    Under international privacy rules, like the GDPR, non-compliance can lead to massive fines you can’t afford. And, while delivery methods like TLS or PGP are effective for protecting data in transit and end-to-end, they do not accommodate every situation – additional options are needed. If a TLS connection is not available, you may want automatic fallbacks to another secure delivery methods, such as via web portal or as an encrypted attachment – ensuring sensitive data always remains protected.Explore the pros and cons of different secure delivery methods.

     

  2. Proactive policies leave less room for internal error

     

    Encryption is a feature of any serious cybersecurity design – but real world application still lags, according to Echoworx data. When a platform is not user friendly and encrypting a message is difficult, there is a tendency for senders to favour the path of least resistance – sending sensitive data without protection. Setting proactive encryption policies in motion not only makes encryption mandatory based on pre-set rules, but also improves platform usability by automating a sometimes-confusing process.Take inbound encryption policies, for example. When a customer sends an organization sensitive information, like a credit card number, over an open or unrecognized channel, there is a chance existing email filters might flag and block their message for reasons of compliance. By setting inbound encryption policies, incoming emails containing sensitive data are automatically encrypted, before being delivered to a recipient’s inbox – safe, sound and compliant.

  1. Stay in control of encryption controls

     

    From the choice of email service provider to something as simple as a device-type, there are a variety of ways recipients might be inadvertently controlling their encryption experience. This unintended result can prove detrimental to their user experience – especially if there are better encryption delivery methods for their situation.Using proactive policies, your organization can push secure delivery methods tailored to specific customers. You might, for example, set policies which restrict TLS to trusted partners only – or employ attachment-only encryption for secure statement delivery.

    See specific use cases of our OneWorld encryption platform.

  1. Offer a consistent encryption experience

     

    Part of a true streamlined user experience relies on a consistent user experience – regardless of device, location, location or connectivity. An encrypted message experience, for example, should offer the same user experience regardless of whether the secure message is accessed on a desktop computer or offline via a mobile device – without the need for third-party apps. This same consistent user experience also helps streamline working within collaborative environments.Common business scenarios, for example, often involve engaging with a sensitive document across multiple devices and environments. Is the document going to look and act the same offline and online? If working collaboratively on a sensitive encrypted document, is the user experience identical for all parties involved?

    Explore the different delivery methods offered by the Echoworx Oneworld encryption platform.

  1. Be able to recall encrypted messages

     

    The ability to recall a compromised message even after it has been read, is a simple, yet fundamental feature enabling control of an encryption experience. Whether a message is sent to an unintended recipient or whether a message is no longer safe, control over a message shouldn’t have to be relinquished just by pressing ‘Send.’

 

  1. Branding is more than changing the colour

     

    Branding and the separation of brands is crucial to any enterprise conglomerate. The ability to brand, separate and segment customer interactions according to brand can mean anything from how a secure message is received to a desired language. Different brands should also be siloed to prevent eavesdropping from other business units.Learn how you can brand your encrypted messages for a more personalized customer experience.

 

By Derek Christiansen, Engagement Manager, Echoworx