Category: Compliance

05 May 2020

A Realistic Look at Email Security

Like any locked door, chest or vault, some things can be more secure than others. Enterprises need to know where and how to apply email encryption for maximum data protection. 

While some email data security products may offer a built-in encryption feature as part of a larger bundle, there are extensions you should consider that further protect your brand, business and customers.

Here are some ways to add some more muscle to your email data protection efforts:

Covers every scenario

Whether you’re sending millions of e-statements or just sending a sensitive document, not every encrypted message is the same. Look for an encryption platform which offers a customizable user experience for both senders and recipients. People do not come in a one-size-fits-all version.

Personalization

If your organization operates internationally, there’s a high chance that English might not be the mother tongue of some of your customers. Offering encrypted communications in the language of your users helps eliminate confusion and is just good customer service. With Echoworx OneWorld, for example, you can set language policies which can automatically be applied to encrypted communications based on sender, brand, locale or receiver attributes.

Keep email protection simple

Encryption may be hot but the use of it still isn’t. Echoworx found that only 40 per cent of organizations who have encryption capabilities are actually using them throughout their organization. Making data protection in email a consistent path of least resistance is a good non-intrusive way of getting everyone, inside and outside, to communicate securely.

More secure ways to send emails

With traditional secure message delivery, where TLS is used, if a TLS connection isn’t available or supported at the receiving end, there are only two outcomes: receiving an error or sending a message unprotected. Supporting multiple secure delivery methods offers effective fallback options – ensuring sensitive information is always able to be sent and is never sent unprotected.

Prevent unauthorized access

While a one-time-password encryption method is secure, the password itself is only as secure is where it is sent. In other words, if both the one-time-password and the encrypted message are sent to the same mailbox, there’s a lot of trust being put into the security of a recipient’s device or email inbox. A natural solution to this issue would be to send the password to the sender, who can then communicate it as they please to the recipient.

By Derek Christiansen, Engagement Manager, Echoworx

15 Apr 2020

Goodbye Algorithms, Hello User Experience

Leading firms are revamping decades-old debt-heavy data protection technologies and processes to provide more productive experiences.

Most email data protection systems use the same encryption algorithms and specs; almost all contemporary email security products feature 2048-bit RSA encryption, 256-bit AES encryption and SHA2 signatures. There’s nothing new about that – it should be a given.

But not all solutions designed to protect data sent though email are easy for everyone to use – and that’s where user experience scores the winning goal.

Data protection only works if we put people first

We recently surveyed IT professionals and IT decision-makers and found that, while email data protection is a priority for most organizations, less than half of organizations with encryption software use it extensively. This often comes down to user-friendliness; it’s nearly impossible to roll-out a security feature that doesn’t integrate seamlessly into existing workflows. When searching for an email data protection solution, carefully consider the processes that come with the product and let a user-friendly secure communications experience differentiate you from the competition.

Keep email protection simple for everyone

Enterprises today are focused on flexible integration and customization – to provide more access across their entire business.

Popular with clients and staff:

  • Smooth and simple to use – Customers and employees tend to take the path of least resistance. Look for a secure communications system which makes protecting data in transit the path of least resistance. A recent case study by Echoworx, for example, enabled a U.K. bank to instantaneously reach its entire mortgage customer base during a time-sensitive emergency without changing the light look and feel of their regular customer communications. Communications could be sent via email as per usual, but with any sensitive information being packaged into protected secure encrypted attachments.
  • Customizable preferences – For international organizations, excellent customer experience includes on-brand communications in your client’s preferred language. Did you know that 79 per cent of people take less than 30 seconds to evaluate the safety of an email? This means off-brand but legitimate secure emails from your company can easily be categorized as spam, decreasing your organization’s digital trustworthiness. Even the most-secure communications should allow you to set language policies to automatically apply to secure communications based on sender, brand, locale and receiver attributes.
  • More ways to send secure email – Not every business use case is the same, so you need to ensure your email data protection solution if flexible enough to adapt to different conditions. While TLS remains a primary secure method of protecting data in transit, for example, what if a TLS connection is not available? In addition to providing fallback options, ensuring no sensitive message goes undeliverable or, worse, is sent in the clear, having access to multiple secure delivery methods gives more choice to both senders and recipients in how they choose to communicate with one another.

 

Popular with administrators and support:

  • More control over email security – Definable policies control which communications get protected (and how) based on message content. This is set up during implementation of an email data protection system—based on your needs and best practices—to be triggered by common message attributes, like subject, keywords, message type or recipient domains, for examples. Flexible controls for every scenario allow you to create a customized user experience for senders and recipients and stay in control of encrypted messages in transit and at rest.
  • Recall sensitive email – Whether a recipient is compromised, or a secure message is sent to an incorrect address, the ability to recall an email containing sensitive information is an important feature of any best-in-class email data protection system. Recipients should also be given the option to reply in a secure manner to any encrypted message.
  • Prevent unauthorized access Modern non-invasive Two Factor Authentication (2FA) options can accurately verify the identity of users before they are granted access to secure information. For access to a secure message portal, for example, a user can be required to provide a Time-Based One-Time Password (TOTP) – a random single-use, time-stamped soft token issued from a third-party SaaS app installed on a user’s phone – in addition to a username and password before access is granted.
  • Send unlimited email – For large enterprise organizations, numbers of recipients for mass communications pushed to customer bases can be in the millions. When the contents of these messages contain sensitive information which must be protected, like a bank statement, existing communications infrastructure needs to be able to scale to sudden bursts in activity without being overwhelmed.
  • Get full value on investment – With the right secure communications solution, your organization can provide a user-friendly experience—and save money. For example, a recent Forrester study, revealed that a typical enterprise-level organization using Echoworx’s OneWorld email data protection platform can expect an ROI of 155 per cent—with upwards of $2.7M in cost-mitigating benefits and a payback period of seven months.
  • Increase organizational use – According to Echoworx data, despite over half of IT professionals and decision-makers identifying email data protection as very important, even critical, to their organizations, only 40 per cent of the same group are using encryption technology extensively. When working with a third-party SaaS provider, you gain access to their team of experts and, paired with a simple interface and clear instructions, this can mean a streamlined UX – meaning less calls to your help desk and more successful and widespread implementation.

 

Offer email protection to everyone

While access to secure lines of communications is essential for any business, the reasons for email data protection vary. Verizon’s 2019 Data Breach Investigations Report[1] breaks down security incidents by industry, size and concerns. Here are a few takeaways:

  • Financial services and insurance – Use MFA, including 2FA or the European Central Bank (ECB)’s ‘Strong Authentication,’ for all customer-facing applications, train your employees on how to risky exchanges of sensitive data and set up secure communication controls to reduce the risk of insider threats and other communications-related vulnerabilities.
  • Healthcare –Ensure healthcare staff can safely send and receive sensitive documents containing patient information, which is protected under regulations like the Health Insurance Portability and Accountability Act (HIPPA).
  • Manufacturing – From sensitive data changing hands during an M&A deal to communicating personal details with customers to something as simple as exchanging trade secrets with a trusted partner, there are many instances where manufacturing organizations should be leveraging email data protection solutions.

It’s now a given that every industry has data it needs to protect. But how this data is communicated safely – packaged, sent and received – determines the experience for everyone.

In the end: People want safe communications, not usable cryptographic algorithms.

By Michael Roberts, VP Technology at Echoworx

[1] https://enterprise.verizon.com/resources/reports/dbir/

14 Apr 2020

Encryption Expands, but Gaps in Adoption Raise Concern

Global information technology leaders tend to focus too much on senior executives at the expense of other business areas raising concern and vulnerability.

A strong majority of IT leaders are deeply concerned with security and have adopted some level of protections for data being sent through email, a study by industry encryption leader Echoworx has found. However, a distressing 13% of the largest firms [with more than 10,000 employees] were not encrypting their sensitive communications despite the steady rise in attempted security intrusions.

“Cyber criminals, hackers, agents of industrial and government espionage all see unprotected email as an easy target,” said Echoworx Director Market Intelligence, Jacob Ginsberg. “In the first half of last year over 4.1 billion records were compromised as a result of security breaches, with a stunning 70% of those breaches being email related.”

Protection efforts are unevenly focused

In collaboration with Pulse, an online research hub for chief information officers, Echoworx surveyed 100 Chief Information and Chief Technology Officers (CIOs, CTOs) from North America, Europe, the Middle East and Africa.

As a pioneer in email data protection, Echoworx has researched attitudes toward protecting information and files sent using email for two decades. As early as 2004, it found that while 68% of IT executives had concerns about email privacy, fewer than half had developed a strategy using encryption to protect it. By 2016, 63% of firms had developed a strategy. The 2020 study found that 83% have now done so.

The rise in those top-line numbers has been encouraging but further questioning exposed protection efforts are unevenly focused. The tendency to limit encryption to the top of the corporate pyramid, was noted, leaving vulnerabilities to data and files communicated through email in key areas including HR and payroll, product development, finance and more.

Asked how they were prioritizing the use of encryption, IT leaders said they had prioritized high-level internal messages (26%) followed by sensitive third-party data (24%), protected/regulated data such as medical or credit info (16%) and then intellectual property (10%). But when asked where they were prioritizing the access to encryption, IT leaders see Security, IT, and Engineering departments as being most in need of protection.

However, sensitive data and are shared through an entire firm and with third parties, by practically all business lines and departments in emails. The more limited email data protection and security are throughout an enterprise, the more at risk the company is for email breaches. That calls for a more collaborative and holistic approach, where the protection of data is available for all employees who may handle sensitive data.

…when adopting a ‘zero trust’ strategy – for all messages both internal and external – you have to extend protections throughout an organization … to everyone. – Director Market Intelligence, Jacob Ginsberg

Encryption reserved to select few

That’s currently not happening. Respondents said technology solutions for email data protection were often directed toward the top tiers of an enterprise, even though the measures could benefit whole companies. In most firms, respondents said using encryption to protect email was reserved for the “leadership”, “senior executives” and that it was “based on hierarchy.”

“IT leaders tell us they need to change the mindset, that enterprises need to take a more collaborative approach to address the gaps in email data encryption strategies,” said Jacob Ginsberg. “It’s essential to protect top executives’ communications, but when adopting a ‘zero trust’ strategy – for all messages both internal and external – you have to extend protections throughout an organization … to everyone.”

When building a zero-trust security environment, those who make purchasing decisions should evaluate the all network communication taking place in an enterprise, Ginsberg said. But among respondents, 59% said they had dedicated teams that study email security purchases, 31% said such decisions were made based on cross-department consultations, and a surprising 9% said that decisions were made solely by top executives.

Whose making purchasing decisions? A surprising 9% said decisions are made solely by top executives

Procurement missing the mark on zero-trust security

And even when procurement is a team decision, further questioning found it is often by one that doesn’t reflect the businesses diverse activities: 54% of respondents said the purchasing team were from a single department, while only 46% said purchasing team members included several departments.

“When protecting a company’s assets, most in the industry agree that more needs to be done to improve email security,” said Jacob Ginsberg. “Yet, this study shows that more needs to be done to ensure that email security technology decisions are balanced between the requirements of the whole business and the requirements of the security team.”

For the full insights, Echoworx has produced a one-minute white paper on the survey, asking CIOs how they think their encryption strategies stand up against today’s digital reality.

By Lorena Magee, VP Marketing at Echoworx

20 Dec 2019

CCPA vs GDPR: What’s the Difference?

In 2018, the business world shuddered as the General Data Protection Regulation (GDPR) came into full force. More shuddering is expected shortly with the California Consumer Privacy Act (CCPA) going into effect on January 1, 2020 – with enforcement measures beginning six months later. But what’s the difference between these two privacy acts? This article gives a high-level overview of the similarities and differences between the GDPR and the CCPA and why you need a flexible policy-based encryption solution to deal with one or both of them.

What is the California Consumer Privacy Act (CCPA)?

The CCPA establishes data privacy rights for Californian residents and it applies to businesses that sell products and services to California residents and collect information about them.

Under the CCPA, California residents have the right to:

  • Know what personal information is collected about them.
  • Know whether their personal information is sold or disclosed and to whom.
  • Opt out of allowing businesses to sell their personal information.
  • Access the personal information collected about them—in the last 12 months—in a user-friendly format.
  • Equal service and price, no matter what privacy options they choose.
  • Erase personal data collected (in some situations).

 

Under the CCPA, Californians can opt out of almost all secondary uses of their personal information including sale to data brokers, tracking and other uses not directly related to service delivery.

Here’s what banks need to know about this law.

What is the General Data Protection Regulation (GDPR)?

The GDPR establishes data privacy rights for Eurpean citizens (who may or may not be residents); it’s a uniform privacy law that applies across the Eurpean Union to protect its 512 million citizens. Companies that do business in Europe are subject to the GDPR.

Under the GDPR, Europeans have the right to:

  • Access their personal data.
  • Correct errors contained in their collected personal data.
  • Withdraw consent for data processing.
  • Stop automated decision making when the decision has a legal implication.
  • Withdraw the consent that allows businesses to sell their personal information.
  • Erase personal data collected (in some situations).
  • Access some personal information collected about them in a user-friendly format.

 

Similarities between the CCPA and the GDPR

Both acts give consumers access to personal data, the right to have companies erase some personal data, a way to opt out of having their personal data sold to third parties and claim damages through a private right of action.

Differences between the CCPA and the GDPR

The GDPR gives citizens the right to stop automated decision making when there’s a legal implication and the right to correct errors in collected data but these aren’t included in the CCPA. It’s hard to say which act is more aggressive with enforcement penalties. While the GDPR tops out at four per cent of a company’s annual global revenues, the CCPA allows fines of up to $2,500 per unintentional violation and $7,500 per intentional violation. Depending on the type of breach, those CCPA fines could add up quickly.

Advantages of the CCPA and the GDPR

For consumers, the advantages of the CCPA and the GDPR are clear: more privacy rights and the power to protect those rights through right of action damages and enforcement penalties. The advantages of the GDPR for business is that it’s one blanket regulation to conform to—which is easier than managing patchwork privacy. Imagine if every country in the EU had its own privacy regulations!

Challenges for businesses

American businesses don’t have to imagine patchwork privacy because it’s already happening with state privacy laws and laws governing cyber security, data security and data breach notification in Washington, Texas, Oregon, New York, New Jersey, Nevada, Maryland, Massachusetts, Maine and California. This means organizations that do business across America and Europe have an increasingly complex privacy landscape to navigate. Compliance must be built into the three Ps of business—people, process and products—because even sending an email is no longer simple.

National organizations, for example companies in banking, financial services and insurance, must adapt to and comply with new privacy laws because it’s unlikely the consumer data privacy trend will reverse itself.

Echoworx OneWorld: a flexible, policy-based encryption solution for GDPR and CCPA compliance

An enterprise privacy program covers everything from daily operations and compliance to policies, procedures and investigations. To build compliance across the 3 Ps of business, organizations must adopt a flexible, policy-based encryption solution.

OneWorld features that help enterprises navigate privacy laws including the GDPR and CCPA:

  • Definable policies – This allows you to control which communications get encrypted (and how) based on the message content. These policies are based on your needs, legislation and encryption best practices. Flexible controls for every scenario allow you to create a customized user experience for senders and recipients and stay in control of encrypted messages in transit and at rest. This policy-based encryption helps you stay compliant with privacy laws.
  • Easy and frictionless user experience – A recent Echoworx survey found that 53 per cent of organizations with encryption found it “too difficult to use.” OneWorld makes it easy for employees and customers to use, making encryption — and compliance — a consistent path of least resistance.
  • Enable inbound encryption – Emails with sensitive information—including protected personal information—are automatically identified, securely routed to the OneWorld web portal and encrypted. Encrypted delivery methods include TLS encryption, encrypted PDFs and attachments, certificate encryption and web portal encryption.

Here’s how it works with OneWorld:

Whether it’s the GDPR or the CCPA, encryption is considered an appropriate measure for protecting personal data—and it comes with financial benefits. A recent Forrester Total Economic Impact™ study showed that a typical enterprise-level organization using Echoworx’s OneWorld encryption platform can expect an ROI of 155 per cent—with upwards of $2.7M in cost-mitigating benefits and a payback period of only seven months.

Are you ready to make flexible, policy-based encryption—that’s also user-friendly—part of your compliance strategy?

By: Brian Cole, Senior Manager Security Operations and Support, Echoworx

27 Nov 2019

Uniform or Patchwork Privacy Laws? How Your Bank Can Mitigate Cyber Risk

As more state privacy laws come into effect in the US, navigating privacy, data residency and jurisdictional requirements is more complicated than ever for banks and financial institutions with national and international reach. Let’s look at what these privacy laws are and how encryption helps banks and financial services institutions mitigate the risk that comes with juggling multiple privacy laws.

Patchwork privacy laws

America is gearing up for the California Consumer Privacy Act (CCPA) that goes into effect on January 1, 2020. The CCPA is now one of many privacy and data security laws that protect consumers across some states.

Current state privacy laws:

  • California Consumer Privacy Act (CCPA)
  • Nevada Senate Bill 220
  • Act to Protect the Privacy of Online Consumer Information (Maine).

While three privacy laws might not seem like much to handle, that’s not the whole picture. There are also laws governing cybersecurity, data security and data breach notification in Washington, Texas, Oregon, New York, New Jersey, Maryland and Massachusetts.

That’s a lot for any national company to keep up with and with each new law enacted, it becomes easier for companies to fall out of compliance, especially if they don’t implement proper risk management.

National privacy laws

National privacy laws include:

  • The General Data Protection Regulation (GDPR) in Europe.
  • The Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada.
  • The Act on Protection of Personal Information (APPI) in Japan.
  • The Health Insurance Portability and Accountability Act (HIPAA) in the USA.
  • The Electronic Communications Privacy Act (ECPA) in the USA, often critcized for being outdated and having no impact.

 

What kind of privacy legislation is best for banks?

Banks and other financial institutions are subject to strict legislation outside of general privacy laws. For example, the Gramm-Leach-Bliley Act (GLBA) governs what kind of information can be shared with third parties and requires financial institutions to disclose how they protect their clients’ private data.

We won’t list the regulations financial services companies are subject to here—suffice to say, banks are already heavily regulated.

The best type of privacy legislation for banking, financial services and insurance companies is legislation they influence to meet their needs (and the needs of their customers).

We’d suggest that one national privacy law would be easier to manage than multiple state laws on top of international privacy laws. Whatever the answer is, banks would be wise to weigh in on the idea of a national privacy law in America—because other businesses sure are.

Why the business community is advocating for an American national privacy law

The CCPA is hailed as “America’s answer to the GDPR” but that doesn’t hold up in terms of reach. The GDPR and the CCPA are similar regulations and both allow for sharp fines for lack of compliance. But the GDPR protects citizens of nations belonging to the European Union—that’s 512 million people. There are 327 million people in the US and 39.5 million people in California.

How many more laws need to be enacted for all 327 million Americans to enjoy the same privacy rights as Californians and Europeans? For many people and businesses, the answer is “too many.”

The complications of patchwork privacy legislation is one reason the Business Roundtable—an association of chief executive officers who promote the U.S. economy through sound public policy—is advocating for a national privacy law for Americans.

Marc Benioff, CEO of Salesforce, writes in a Politico article that a national privacy law is “the right thing for consumers and the industry.”

But this advocacy work hasn’t yet borne fruit so businesses must deal with what is, instead of what could be.

How Echoworx OneWorld—a flexible encryption solution—helps banks navigate patchwork privacy laws

Encryption allows organizations to enhance data protection and breach notification practices. It’s an essential risk management tool that supports an organization’s overall cybersecurity strategy.

Echoworx OneWorld is a user-friendly and customer-centric encryption solution that helps banks and financial services organizations navigate patchwork privacy laws.

OneWorld features that help banks stay compliant to multiple privacy laws:

  • Definable policies – This feature allows you to control which communications get encrypted (and how) based on the message content. This is based on your needs and encryption best practices. Flexible controls for every scenario allow you to create a customizable user experience for senders and recipients and stay in control of encrypted messages in transit and at rest.
  • Multiple options for data residency – We have six data centres located in Canada, the US, Mexico, the UK, Ireland and Germany which means our clients can stay compliant to data residency requirements outlined in the GDPR and American privacy legislation. For example, if an organization works in both the EU and US, they can’t have data residency (or third parties) in the US or else they’ll be out of compliance with the GDPR.
  • Automatic inbound encryption – Emails with sensitive information—including protected personal information—are automatically identified, securely routed to the OneWorld web portal and encrypted. Encrypted delivery methods include TLS encryption, encrypted PDFs and attachments, certificate encryption and web portal encryption.
  • Secure statement delivery – Senders can batch and deliver sensitive encrypted messages, like financial statements, directly to recipient inboxes in an encrypted PDF that’s password protected.
  • Natural extensions for Office Message Encryption (OME) – We work alongside Microsoft to take Office 365 to the next level with flexible use cases, branding, audit and tracking capabilities and certificate encryption. This increases existing encryption capabilities and keeps employees comfortable and confident using their existing communication tools—which makes encryption the path of least resistance.

A recent Forrester Total Economic Impact™ study, revealed that a typical enterprise-level organization using Echoworx’s OneWorld encryption platform can expect an ROI of 155 per cent—with upwards of $2.7M in cost-mitigating benefits and a payback period of seven months.

Banks are already doing business in a patchwork of conflicting privacy environments. Why not make it easier with our user-friendly encryption solution?

By: Brian Cole, Senior Manager Security Operations and Support, Echoworx

 

11 Nov 2019

California’s CCPA – What Banks Need to Know

The California Consumer Privacy Act (CCPA) goes into effect on January 1, 2020 and enforcement measures are scheduled to start six months later. Banks that do business with the state of California and its residents need to protect themselves and get compliant with the CCPA, hailed as “America’s answer to the GDPR.”

A quick view of the CCPA

The CCPA establishes data privacy rights for Californians and, starting soon, this law applies to businesses that sell products and services to California residents and collect information about them.

Under the CCPA, California residents have the right to:

  • Know what personal information is collected about them.
  • Know whether their personal information is sold or disclosed and to whom.
  • Opt out of allowing businesses to sell their personal information.
  • Access the personal information collected about them—in the last 12 months—and receive it in a user-friendly format.
  • Equal service and price, no matter what privacy options they choose.
  • Erase personal data collected (in some situations).

 

This act means Californians can opt out of many secondary uses of their personal information including sales to data brokers, tracking and other uses not directly related to service delivery.

Defining personal information under the CCPA

Section 1798.140, subdivision (o) of the CCPA defines personal information and it’s a long list that includes—but isn’t limited to—identifiers, categories listed in subdivision (e) of Section 1798.80, characteristics of protected classifications, commercial information, biometric information, internet and other electronic network activity, geolocation data, audio, electronic, visual, thermal, olfactory information, professional, employment and education information (that’s not already publicly available) and inferences drawn from information collected.

Call your privacy lawyers and experts because this list is exhaustive; staying in compliance will be complicated and being out of compliance will be costly.

Penalites and fees associated with the CCPA

Like the GDPR, the CCPA has teeth when it comes to penalites. PWC reports that the private right of action damages will be between $100 and $750 per consumer, per breach. And the regulator enforcement penalities will be “up to $2,500 per unintentional violation and $7,500 per intentional violation.”[i]

The impact of the CCPA on banking institutions

As more states institute their own consumer privacy laws, it becomes increasingly complicated for national banks to remain compliant across state borders. Today we’re talking about California but Vermont and South Carolina just passed laws about data collection and breach notification respectively.

Banks must understand privacy laws in all states and countries they do business in and have the processes and products in place to stay compliant with these regulations. They should also expect this trend of patchwork privacy laws to continue and be prepared to adapt to ever-evolving privacy laws.

Any banks that have Eurpean clients are (or should be) GDPR compliant so there’s less work for them to do now as the GDPR and the CCPA have many overlapping requirements. Part of that work includes analyzing data flows, implementing processes to meet the needs of the new regulation and clearly documenting all data and data policies.

Encrypted communications are part of the solution because encryption keeps protected personal information safe at rest and in transit. The Echoworx OneWorld encryption platform makes encryption the path of least resistance which is essential in highly-regulated industries such as banking, financial services and insurance.

How Echoworx OneWorld—a flexible encryption solution—helps banks navigate the CCPA

Encryption is a tool that allows organizations to enhance data protection and breach notification practices.

Encryption is considered[ii]:

  • An appropriate technical and organizational measure for securing personal data when implemented with other appropriate controls to protect the encryption process.
  • An appropriate safeguard for processing personal data for a different purpose than the one it was collected for.

 

But encryption only works when it’s used. And, in a recent survey of IT professionals and IT decision-makers, we found that although encryption is a priority for most organizations, less than half the organizations with encryption software use it extensively.

That’s because many encryption solutions are difficult for employees and clients to use where encryption becomes an extra step; when security is outside of the regular workflow, people are less likely to use it.

At Echoworx, we built our OneWorld encryption platform to seamlessly integrate into existing workflows and make encryption and secure communications the path of least resistance.

OneWorld features that help banks navigate privacy regulations, including the GDPR and CCPA:

  • Definable policies – This feature allows you to control which communications get encrypted (and how) based on the message content. This is set up during implementation—based on your needs and encryption best practices. Flexible controls for every scenario allow you to create a customizable user experience for senders and recipients and stay in control of encrypted messages in transit and at rest.
  • Automatic inbound encryption – Emails with sensitive information—including protected personal information—are automatically identified, securely routed to the OneWorld web portal and encrypted. Encrypted delivery methods include TLS encryption, encrypted PDFs and attachments, certificate encryption and web portal encryption.
  • Secure statement delivery – Senders can batch and deliver sensitive encrypted messages, like financial statements, direct to recipient inboxes in encrypted PDF format, that’s also password protected.
  • Breach notifications – Senders can leverage OneWorld to deliver encrypted and protected communications and notifications to their customers in the instance of a breach.

 

Besides making encryption the path of least resistance, a recent Forrester Total Economic Impact™ study, revealed that a typical enterprise-level organization using Echoworx’s OneWorld encryption platform can expect an ROI of 155 per cent—with upwards of $2.7M in cost-mitigating benefits and a payback period of seven months.

The clock is ticking on the California Consumer Privacy Act. Why wait to make our user-friendly encryption solution part of your compliance strategy?

By: Brian Cole, Senior Manager Security Operations and Support, Echoworx

 


Source:

[i] https://www.pwc.com/us/en/services/consulting/cybersecurity/california-consumer-privacy-act.html

[ii] https://www.echoworx.com/project/encryption-in-the-gdpr/