The Risks of Email

 The Risks of Email


By Rick Spurr

Email is how companies keep business moving. Employees, from the C-suite to entry level, hit ‘Send’ hundreds of times every day. It’s so easy to click that seemingly innocent Send button that – in the moment – the risk may not have been clear. Thanks to the Snowden revelations and a never-ending cycle of breach news, businesses and consumers are now far more aware of the risk. Now understanding how to solve it – without interrupting business processes – is the challenge.

The Vulnerability of Email

When thinking of a postcard, it often stirs up fun memories of family vacations or adventures with friends. Postcards are sent across the country or around the world without any hesitation of a stranger reading the back.  And why would anyone care if someone read a postcard? It only offers a simple, short note to a loved one back home.

Email is roughly the same with one critical difference. While email is as easy for a stranger to read as a postcard, the content is not as frivolous. Sure, there are emails that exchange pleasantries to old colleagues and new connections, but more importantly, there are emails that distribute valuable corporate data, such as customer information or pending contract negotiations. It’s valuable to companies, their customers and their business partners, but it can also be valuable to competitors and hackers who can sell your data for a nice profit. Without the proper security measures in place, it’s easy for an unauthorized person to capture corporate data in email as it travels across the public Internet, and worse yet, companies may never know it’s happening.

The Risks to the Bottom Line

When evaluating the need for email security, it may be easier to turn a blind eye, especially for an issue that does not appear to be a business priority. And when considering customer and partner data, companies may find themselves balancing corporate responsibility with the statistical odds that valuable customers and partners discover an email breach. However, more is at stake than just a reputation hit.

According to the Ponemon Institute’s annual “Cost of a Data Breach” report, the average cost of responding to and resolving a corporate data breach is $3.5 million. That high cost does not reflect potential law suits or the revenue loss of customer business. It also doesn’t account for any regulatory fines that may be associated with expanding industry or state requirements.

If companies conduct business with health care organizations or financial institutions, they are well aware of the regulations outlined by The Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA). Companies may be less familiar with the Texas breach law for broader notification and greater specificity on the cause and timing of breaches. Complicating the issue further are other state laws that protect their residents’ data even if a company does not have an office located in that state. For example, simply collecting personal data from a resident in such states as Massachusetts and then losing the data may warrant a fine.

Protecting Email and the Company: A Competitive Advantage or a Painful Distraction?

Encryption makes the contents of email, both the message text and any attachments, indecipherable to unauthorized individuals. Encryption uses complex mathematical algorithms to convert the original email content into an information package that cannot be read until the intended recipient unlocks the message. So, if an unauthorized individual intercepts an encrypted email while it is moving across the Internet or stored in message archives, they will not be able to read it.

Although the algorithms are complex, the user experience must be easy for email encryption to be effective.

The Drawbacks of a Difficult Solution

Not all email encryption solutions are created equal. Some can compromise ease-of-use and force users – both employees sending encrypted email and customers and partners receiving encrypted email – to jump through hoops. What once was a fast communication tool can become a frustrating barrier to business. The consequences of implementing difficult email encryption may prove worse than not having a solution at all.

  • Employees Workarounds

Most employees wouldn’t purposely place their company, customers and partners at risk, but if email encryption interferes with executing their responsibilities, they will look for an easier way. Whether that includes using personal email or unauthorized Cloud storage, such as Dropbox, employees will find a way to efficiently meet the needs of their role.

  • Complaints from Valuable Customers and Partners

One of the advantages of email is its ubiquitous nature. Whether companies communicate with consumers or other businesses, email is a convenient tool that most people can use without any trouble. Introduce annoying extra steps associated with decrypting email and companies will experience plenty of customer and partner complaints to employees, IT departments and perhaps the CEO’s office.

  • Disruption to Business

While much hassle is created by complaints, a worse consequence is the delay of critical business communication because customers and partners aren’t opening and replying to encrypted emails. Requiring too many extra steps for a tool that’s known for its ease of use will certainly impact decision-making and slow business workflow.

The Benefits of an Easy to Use Solution

Email encryption does not have to be difficult. Many technology advancements have made encrypted email just as easy to use as regular email. And solutions continue to adapt to meet the changing needs of companies, employees, customers and partners. Such advancements include:

  • Automatic Scanning of Employee Emails

Powerful email encryption allows employees to maintain their normal workflow and focus on their responsibilities. With automatic scanning and the use of proven and up-to-date policy filters, emails with sensitive content are encrypted without user action. Removing the hassle and taking the decision out of the employees’ hands eliminates human error and better protects email.

  • Convenient Delivery for Recipients

If employees don’t have to take any extra steps to encrypt email, why shouldn’t customers and partners be able skip the hassle too? Innovative email encryption enables the automatic decryption of secured emails if recipients use the same platform. For others who don’t use the same platform, recipients can receive the message in less than two simple steps, removing any hassle and confusion.

  • Smooth Mobile Experience

Business is no longer conducted behind a desk. Smartphones and tablets have expanded the workplace and work hours, and more users spend time on email while on their mobile devices than on any other internet-enabled activity. With this increasing dependence on mobile devices, convenient mobile delivery of encrypted messages is a critical component to keeping business moving and making customers and business partners secure and happy.

Next Steps to an Effective Secure Email Strategy

To understand company needs for email encryption, begin with an IT assessment of outbound and inbound email traffic. This insight will offer a comprehensive look at the people inside and outside the company who are exchanging emails that include sensitive customer and corporate data.

With this foundation in place and the knowledge of recent innovations in email encryption, the company can move forward in selecting a solution that best enables secure communication and provides customers and partners with a sense of added confidence – all without hassle and business disruption.

Rick Spurr is Chairman & CEO of Zix Corporation, a Dallas-based software company offering industry-leading email data protection.


Related posts