Scribd
Upload
41 views9 pages

How Much Do You Email?: Trust

The document discusses the risks of unencrypted email and provides three steps to mitigate those risks. It notes that email is a major threat as it often contains confidential data and is easily intercepted. The three steps are: 1) focus on protecting privileged communications and data that could harm the organization, 2) drive user adoption through customizable and easy-to-use encryption solutions, and 3) remove the complexities of key management through cloud-based solutions. Failure to encrypt email can result in data breaches, loss of customers and business, and legal and financial consequences.

Uploaded by

Pope Francis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
41 views9 pages

How Much Do You Email?: Trust

The document discusses the risks of unencrypted email and provides three steps to mitigate those risks. It notes that email is a major threat as it often contains confidential data and is easily intercepted. The three steps are: 1) focus on protecting privileged communications and data that could harm the organization, 2) drive user adoption through customizable and easy-to-use encryption solutions, and 3) remove the complexities of key management through cloud-based solutions. Failure to encrypt email can result in data breaches, loss of customers and business, and legal and financial consequences.

Uploaded by

Pope Francis
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

HOW MUCH DO YOU TRUST EMAIL?

The most significant risks and 3 sure ways to mitigate them

Many organizations focus on protecting against external attacks but


ignore a threat that might be even more destructive: Email.

Theft of confidential data for corporate espionage, the disclosure of


trade secrets to a competitor or the release of private health
information to the public could all be gained from email.
BY 2019, CORPORATE EMAIL ACCOUNTS
WORLDWIDE WILL EXCEED 1.3 BILLION!

• The typical employee sends 30 EMAILS A DAY

• One out of every four corporate emails CONTAIN


ATTACHMENTS

• The majority of emails, are openly sent and EASILY


INTERCEPTED. 61% of employees admit sending
confidential information through open email
channels.

Email was the dominant communication mechanism in


2015 with over 116 billion business messages sent a
day. That’s 116 billion chances for sensitive
information to be intercepted – either with malicious
intent or accidentally.
HIGHLY REGULATED INDUSTRIES ARE PRIME
TARGETS FOR EMAIL SECURITY THREATS.

FINANCIAL HEALTHCARE OIL & GAS


SERVICES INDUSTRY INDUSTRY
Over 59% of financial 91% had at least one data Given the industry’s
services companies hold breach involving the loss or competitive nature,
significant amounts of theft of patient data, while highly-valued intellectual
financial, health and 87% of their business property, and broker
personal information. associates experienced transactions ranging in the
electronic loss of private millions – the threat to email
information. is significant and very real.

43% ranked employee


negligence as the top-ranked
59% 76.7% 91% 87% security threat.

76.7% share the sensitive 70% of healthcare


43%
data they hold electronically organizations worry most
with business associates. about employee negligence.
THE CONSEQUENCES OF FAILING
TO ENCRYPT CAN BE SEVERE
857.7 MILLION records have been breached since 2005. This is the
equivalent to roughly 86 million records breached per year, that’s more
than 230,000 records breached on a typical day, and about 187,000
records lost per breach incident.

That’s alarming given the average cost of addressing a data breach tops
$3.8 million US. The cost of a data breach varies by industry. The average
global cost of a data breach per lost or stolen record is $154 US. However,
if a healthcare organization has a breach, the average cost could be as high
as $363 US. As a final comparison, a data breach due to human error or
negligence costs $137 US per record.

• Notification costs: All necessary • The cost of providing


activities required to report the credit-monitoring
breach to appropriate personnel services for at least a year.
within a specified time period.
• Reputational damage.

• Breach response costs: All • Loss of business.


activities required to notify data
• Negative publicity:
subjects with a letter, telephone
Extensive media
call, e-mail or general notice that
coverage, further damaging
personal information was lost or
the organization’s reputation.
stolen.
QUANTIFYING THE
CONSEQUENCES

HARDSHIPS ON CUSTOMERS
• A full 71% of fraud incidents begin less than one week after a
data breach
• $16 billion US stolen from 12.7 million identity fraud victims last year

HARDSHIPS ON BUSINESS
In addition to the costs for addressing data breaches:

• Class actions, regulatory and criminal investigations are here to stay,


as well as individual actions resulting in damage awards.
• Cyber Risk, Liability and Insurance — one which companies are paying
top dollar for with the expectation they will inevitably take a hit.
• Cyber Risk, Liability and Insurance market to hit $10 billion US by 2020.

Less than 50% of high

<50% profile breach costs were


covered by insurance.
(Target & Home Depot)
HOW DO YOU
SOLVE THE PROBLEMS?

Email encryption has been around for quite some time, yet
the majority of corporate emails, are sent unencrypted.

WHY?
Encryption methods such as PGP, TLS, S/MIME, Encrypted PDF/ZIP,
and PKI are all valuable, however,
individually, none of the methods can respond to the demands of users.

By offering users CHOICES, not LIMITATIONS,


you dramatically improve experience, security and
enable new business opportunities.
STEP 1:
FOCUS ON OBLIGATION TO PROTECT DATA

Identify privileged communications, as well as content that could


harm your organization's reputation if intercepted. This includes
financial projections or statements, and email messages
that contain confidential information like bids, intellectual
property, medical records or personal data.

This email content represents the majority of risk in most organizations


and is easy to address using policy based encryption triggers.
Policy Based Encryption (PBE) protects email in a way that’s transparent
to users. PBE scans for keywords, regular expressions, lists, and
attachments based on pre-defined definitions to identify elements at
risk, such as credit card numbers, medical information, etc. and then
automatically encrypts as required, eliminating human error.

Some encryption solutions lack efficient automation schemes


WARNING! and so do not offer the ability to easily define policies.
STEP 2:
FOCUS ON DRIVING USER ADOPTION

For email encryption to be accepted and used across an organization,


you need to deploy smart solutions; recognizing that
users will follow the path of least resistance, encryption solutions
should be customizable and experience driven.

THE BEST ENCRYPTION SOLUTIONS WILL:


• Offer the flexibility of push and pull delivery methods: TLS, Encrypted
PDF, Encrypted ZIP, PGP and S/MIME, as well as web portal pickup.
• Support the full range of mobile devices with built-in OAuth options:
Google+, Live, O365, Facebook, LinkedIn, Salesforce.
• Include customizable policy based multi-domain customer branding
options. Brand is critical to reputation. It gives external recipients
confidence that the email information being sent is legitimately yours.

When IT professionals were asked to rate the end user experience for
encryption, only 17% agreed that encrypted emails are easy for desktop users
to open, and only 16% felt this way about the mobile experience.
STEP 3:
FOCUS ON REMOVING THE COMPLEXITIES
OF KEY MANAGEMENT

Cost and ease of key administration can vary between solutions.

Some encryption solutions offer basic key management that require


an infrastructure and IT staff time to manage, while others employ
cloud-based full key management, key recovery, and key escrow -
entirely eliminating on-premise infrastructure requirements.

Get the full facts on how content-aware encryption can mitigate your
email security risks. Book a live demo. http://ow.ly/Vmt4e

SOURCES:
Ponemon Institute's 2015 Global Cost of Data Breach Study
Ponemon Institute's Benchmark Study on Privacy & Security of Healthcare Data
Technavio 2015-2019 Global Email Encryption Market Report
Aon: Trend Snapshot for Financial Institutions 2014
Opswat: White Paper Protecting the Oil & Gas Industry from Email Threats
Javelin Strategy & Research 2015 Identity Fraud Study

You might also like