Why Email Encryption is Essential to the Safety of Your Business
What We ll Cover Email is Like a Postcard o The Cost of Unsecured Email 5 Steps to Implement Email Encryption o Know Your Compliance Regulations o Identify What Type of Data to Protect o Determine Areas of Vulnerability o Consider Your Business Processes o Educate Your Users Benefits of an Encryption Envelope o Key Features of CipherPost Pro o Free 30 Day Trial
Email is Like a Postcard For most businesses, email is a vital mode of communication used continuously throughout the day and night. Sensitive and confidential information is exchanged via email without a second thought. How can you be certain that the only people who see your email exchanges are the ones listed in the to field? Why Email is like a postcard As a postcard moves through the U.S. mail distribution network, it flows through different channels, with a message open for all to see, until it reaches the hands of the addressed recipient. Anyone can pick it up and read what it says. It s not protected in an envelope or secure in any other way. You wouldn t put sensitive business information, bank routing numbers, credit cards, health insurance or social security numbers on a postcard. More than 144 billion emails were sent per day in 2012, according to The Radicati Group. Now think about the information that is exchanged through your company email system. Chances are, you or someone in your company has sent sensitive account information, bank routing numbers, credit cards, health insurance or social security numbers in an email. Although the message isn t physically passing through the hands of strangers, it can still be read just like any postcard as it crosses the Internet. If your company s email is not secured with an encryption solution, then your business is vulnerable to prying eyes and online criminals. These criminals can intercept confidential information, destroy data, access bank accounts and completely disable your company s network and systems. Making sure all of the email exchanges within your company are safe and secure is essential to the safety and integrity of your business and your customers.
The Cost of Unsecured Email It s a crime to open someone else s email, isn t it? Still, data breaches are continuing to grow and causing significant financial consequences for organizations. In fact, email breaches account for 35% of all data loss. According to the 2012 Ponemon US Cost of Cyber Crime Study, the average annual cost of dealing with cyber crimes is $8.9 million per year for every business that experiences an attack (up from $8.4 million in 2011). The companies in the study experienced a combined 102 attacks per week (1.8 per company per week), which is a 42% increase from the year before. This chart shows the average costs for businesses in different countries to manage the aftermath of a digital data leak. Your business may not spend almost nine million dollars to deal with one of these attacks, but any data breach can cause harm to your company and cost you money. 2012 Ponemon US Cost of Cyber Crime Study This increase is expected to continue, which makes it imperative for organizations to secure and track the messages and attachments that are sent to and from their network. Having security systems in place will help prevent the dangerous consequences of an attack, including financial loss and exposure of sensitive data.
5 Steps to Implement Email Encryption How to protect your business Step 1. Know Your Compliance Regulations Securing email has an added level of complexity for organizations and industries subject to regulatory compliance. Companies are challenged to circumnavigate a complicated and continuously changing framework of regulations or face harsh penalties. No out- of- the- box or single technology can ensure total compliance. It s crucial that organizations develop an effective policy for email compliance for the specific regulations they are subject to, and then implement flexible technology solutions that will help uphold that policy. First you must determine if you need different policies for different regulations or one comprehensive policy. Here are several examples of major regulations affecting organizations email policy: Health Insurance Portability & Accountability Act (HIPAA) WHO IT AFFECTS: All organizations that directly maintain and transmit protected health information including hospitals, physician practices, and insurance brokers. Business partners and vendors that exchange data with such organizations are also subject. WHAT IT REQUIRES: Organizations must ensure that email messages containing personally identifiable health information are secured, even when transmitted via unencrypted links, and that senders and recipients are properly verified. Sarbanes- Oxley (SOX) WHO IT AFFECTS: All public corporations, with harsher penalties for corporations with market caps in excess of $75 million. Holds corporate executives personally accountable. WHAT IT REQUIRES: It demands companies establish internal controls to accurately gather, process and report financial information. Encryption for financial information sent via email is necessary to ensure data integrity unauthorized disclosure or loss. Gramm- Leach- Bliley Act (GLBA)
WHO IT AFFECTS: Broad array of organizations within the financial industry. These include banks, credit unions as well as additional businesses of a financial nature. WHAT IT REQUIRES: Organizations must implement policy and technologies that ensure the security and confidentiality of customer records when transmitted and in storage. Payment Card Information Security Standards (PCI) WHO IT AFFECTS: Merchants and other organizations who accept major credit, debit, and prepaid cards as well as third party payment card processors. WHAT IT REQUIRES: The secure transmission of cardholder data against interception and unauthorized disclosure as well as protections against malware and other threats to the integrity of cardholder data. Step 2: Identify What Type of Data to Protect and Set Protocols What information do you consider to be confidential? Think about credit card numbers, electronic health records, or personally identifiable information that is sent via email. Then, determine who in your company should be able to send and receive such information. Remember to include any data subject to regulatory compliance depending on your industry. After identifying the important data, set protocols that can be enforced by technologies. For example, choose which user groups can access sensitive information. Assign specific keywords and other lexicons to protect sensitive data. This will help you determine what type of protection you ll need, like particular encryption, archiving, or even blocking transmission of email content. Step 3: Determine Areas of Vulnerability Once you understand what types of data is being transmitted via email, you can track these data points in your email correspondence. Watch to see if data is being lost through email and make note of how it is vulnerable. Are breaches occurring inside the organization? Within a specific group of users? Are file attachments being leaked? Set additional policies to address your core vulnerabilities. Step 4: Choose the Right Solution for Business Processes Having the right solutions to enforce policy is just as important as the policy itself. Bear in mind that you might need a combination of solutions to satisfy regulatory requirements and enforce policy. Here are elements to consider to help address technical security safeguard standards:
End- to- end encryption: To ensure that data remains confidential and secure between the message sender and the intended recipient, preventing unauthorized access or loss end- to- end encryption is often necessary. In many cases this is required by law. Data Leak Prevention (DLP): A DLP solution for email is often essential for email compliance, providing enhanced email security through content filtering, authentication, and permissions rules that limit access and transmission of sensitive information sent within and outside the organization. Archiving: Some regulations require that relevant email messages must be retained, indexed and remain accessible for a period of time after transmission. A proper email archiving system will enable organizations to meet regulatory requirements for message retention and auditing records by capturing, preserving and making all email traffic easily searchable for compliance auditors to evaluate. When encrypted and backed up, archiving provides additional protections for information against loss and unauthorized exposure. Antivirus: Antivirus and antimalware solutions provide additional protections against exploitation or loss, defending against phishing and other attacks at the email gateway that could compromise the security of confidential data. According to a 2011 study by the Ponemon Institute, over half of email encryption users found their encryption solutions frustrating and difficult to use. When selecting an email technology solution, consider how email functions in your organization. Make sure to implement a solution that will support business processes and current workflow. Some technologies intended to enable regulatory compliance inhibit functionality and frustrate users. Step 5: Educate Users to Protect Sensitive Data Although unintentional, human error remains one of the most common causes of data breach. In addition to creating rules for email security and implementing technology solutions to support them, you have to educate users. Employees need to understand proper workplace email usage and the consequences of non- compliant behavior. They need to feel comfortable using encryption tools and believe in their importance. An effective email encryption process includes educating your users to avoid mistakes that could potentially cause a security breach.
Benefits of an Encryption Envelope You can manage most compliance issues and financial loss, and send confidential data with confidence with an email encryption envelope like AppRiver s CipherPost Pro. CipherPost is an easy- to- use cloud solution for email and file sharing that enables users to send, track and receive secure email and attachments on any device, from anywhere. Seamlessly integrating with any email infrastructure, CipherPost Pro requires no hardware or software installation, and no plugins or other software is needed to view encrypted messages on either end. Your email messages will be secured in technological bubble wrap, but look the same to senders and receivers. AppRiver s CipherPost Pro also offers apps for ios and Android, which allows users to create, read, track and reply to encrypted messages on any mobile device. No private data is stored on devices using the app, so confidential information is well protected in the event the device is ever lost or stolen. The CipherPost Pro App is available for free on Apple s itunes App Store and within Google Play to all licensed users. Key Features of the new CipherPost Pro App include: Compose and Track New Messages on the Go: Mobile users can access, compose and send encrypted messages on the go, enabling secure communication and collaboration anywhere, anytime. Real- Time Message Tracking and Recall: CipherPost Pro s patented Delivery Slip allows users to track the receipt of secure messages in real- time, see if messages have been read, forwarded, printed or deleted, or even recall a message even after it has been read. Native Device App Integration: As a native solution, the app lets ios and Android users enjoy their familiar phone features and experience while optimizing battery life and bandwidth. MDM Integration: Ideal for organizations and partners that embrace BYOD (Bring Your Own Device), the app can be deployed through MDM (Mobile Device Management) systems without requiring enterprise- level installation of software or hardware. Policy administrators can globally manage compliance policies on any device. Data Loss Protection: As a cloud- based app, all messaging data is protected in the cloud, never stored on the device. Access to the app can be remotely enabled or disabled in the event a device is lost or stolen, additionally protecting the user s secure account against unauthorized access. Compliance Features: The CipherPost Pro App helps maintain compliance on company- issued or personal smartphones and tablets, reducing the risk of data leakage with minimal administrative effort and technical impact. In the Bring Your Own Device era, such protection is increasingly important.
Try it Today Don t become a cyber crime statistic. Ensure your email is encrypted and protected, as if it s hand delivered to the recipient. The only one who should read your email is you. Try AppRiver CipherPost Pro free for 30 days. There is no contract & no obligation to continue when the trial is over. http://www.appriver.com/free- trial.aspx Call us anytime 7am- 7pm (CST) Mon Fri: Phone: 850-932- 5338 Toll- free: 866-223- 4645