By Rom Hendler, CEO and Co-founder, Trustifi
Data protection and regulatory compliance are climbing on just about every organization’s priority list. But there’s a force that often stands in the way of keeping email data safe: people. Employees take shortcuts and create workarounds that they see as simplifying their lives – which sometimes work against email security. People prove time and time again that when an IT solution isn’t easy-to-use or adds steps to a process, they won’t use it consistently, regardless of the consequences. This is where automated compliance creates considerable value in a cyber security solution.
The costs of such data breaches are rising. Research from the IBM Cost of Data Breach report revealed that breaches in 2021 had the highest average cost in 17 years: $4.24 million. Some of that expense can be attributed to fines and penalties related to data protection regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), the Payment Card Industry Data Security Standard (PCI DSS) and the EU’s General Data Protection Regulation (GDPR). Overall, it’s a high price to pay for preventable errors or lapses in judgment on the part of users.
By automating compliance, for example with automated “one click” features, both administrators and users of these solutions can gain a roster of benefits. Here’s how:
Automated Compliance Requires Less Resources
Fortunately, email security solutions are effective at keeping data safe, especially if they minimize the effort required by employees. Technologies including artificial intelligence (AI) and optical character recognition (OCR) can learn what types of data would signify a compliance breach according to regulations such as HIPAA, FERPA, CCPA, GDPR and other compliance standards and automatically encrypt messages to comply with those requirements. The more broad the list of regulations covered by the solutions, the better. For example, solutions should address global standards such as PDPO for Hong Kong, POPI for South Africa, and LGPD for Brazil.
Some solutions with these capabilities require complicated implementation that may require an investment of time and resources from a combination of departments, involving a company’s compliance, engineering, security, and HR teams. However, email security solutions with an automated, one-click compliance feature allow an IT administrator to simply check boxes from a list of regulations. Emails with sensitive material that would violate compliance guidelines are then scanned and automatically encrypted to meet those individual standards—without any action on the part of the user. Sophisticated systems allow administrators to review a list of which regulations apply to their business, and click the corresponding box.
Reducing Risks and Human Error
Employees who don’t work securely and compliantly could be creating bigger problems than anyone realizes. After all, what harm can one unencrypted email cause, right? Well, the Colonial Pipeline breach—one of the most devastating security compromises in recent memory—was said to have been generated from a single password compromise. According to the 2021 Verizon Data Breach Investigations Report, miscellaneous human errors are the root cause of about 20 percent of all data breaches, about the same percentage as breaches from system intrusions. When compliance is automated and sensitive emails are automatically scanned and encrypted, the burden is taken off the employee, and risks from human error are significantly lowered.
Reducing Compliance Training
When compliance is automated, administrators can also cross email security and compliance training off their to-do lists. Employees don’t need to be educated on the types of data that must be encrypted, or undergo retraining as regulations change. An intelligent email encryption solution continuously and automatically works in the background, scanning each message and securing those with sensitive material. No judgment calls or extra effort by employees is required, and for administrators, this is one solution that they can actually “set and forget.”
Easy Encryption Increases Adoption and Trust
Based on past experiences, users may be skeptical that an email encryption solution could work so easily. Some solutions require them to complete a cumbersome authentication process, including accessing a portal and re-entering credentials in order to send or read an encrypted email.
However, more sophisticated email security solutions allow both senders and recipients to open encrypted emails as easily as they would any other message. Ease-of-use is critical for this discipline, since security measures like encryption are useless if employees find them too laborious.
An intelligent email encryption solution with easy deployment via one-click compliance will result in another advantage: trust. Many companies have resigned themselves to problems with encrypted emails, such as issues with decrypting that result in the recipient receiving random characters rather than a readable message, or having to jump through hoops just to open an encrypted email. The unfortunate result is that employees avoid these challenges and simply never try to open the email. Open rates for encrypted mail tends to decrease if the system requires an inconvenient process in order to send or open those messages.
However, intuitive automated security systems exist where employees can easily send and receive the vital data they need to perform their jobs effectively, and sensitive information is protected, all without any intervention on their part. It’s email security that overcomes the fact that real people—who will probably try to find ways to work without interruption or extra effort —are using the solution.
In markets like healthcare, financial services, government, or retail, companies transmit all manner of sensitive data through cyberspace on a daily basis, from credit card information to banking data to medical records. Compliance, data protection, and security are of the utmost importance to the success and viability of those organizations. The ability to offer simple, automated compliance and encryption gives both administrators and employees that much more incentive to deploy these intelligent solutions.
Rom Hendler is CEO and Co-founder of Trustifi, the provider of SaaS-based security and email encryption solutions, including a One-Click Compliance capability.