HOW MUCH DO YOU TRUST EMAIL?The most significant risks and 3 sure ways to mitigate them

Many organizations focus on protecting against external attacks but ignore a threat that might be even more destructive: Email.

Theft of confidential data for corporate espionage, the disclosure of trade secrets to a competitor or the release of private health information to the public could all be gained from email.

• The typical employee sends 30 EMAILS A DAY

• One out of every four corporate emails CONTAIN ATTACHMENTS

• The majority of emails, are openly sent and EASILY INTERCEPTED. 61% of employees admit sending confidential information through open email channels.

Email was the dominant communication mechanism in 2015 with over 116 billion business messages sent a day. That’s 116 billion chances for sensitive information to be intercepted – either with malicious intent or accidentally.

BY 2019, CORPORATE EMAIL ACCOUNTSWORLDWIDE WILL EXCEED 1.3 BILLION!

FINANCIALSERVICES

HEALTHCAREINDUSTRY

OIL & GASINDUSTRY

Over 59% of financial services companies hold significant amounts of financial, health and

personal information.

76.7% share the sensitive data they hold electronically

with business associates.

91% had at least one data breach involving the loss or theft of patient data, while

87% of their business associates experienced

electronic loss of private information.

70% of healthcare organizations worry most

about employee negligence.

Given the industry’s competitive nature,

highly-valued intellectual property, and broker

transactions ranging in the millions – the threat to email

is significant and very real.

43% ranked employee negligence as the top-ranked

security threat.91% 87%59% 76.7%

43%

HIGHLY REGULATED INDUSTRIES ARE PRIME TARGETS FOR EMAIL SECURITY THREATS.

THE CONSEQUENCES OF FAILING TO ENCRYPT CAN BE SEVERE

857.7 MILLION records have been breached since 2005. This is the equivalent to roughly 86 million records breached per year, that’s more than 230,000 records breached on a typical day, and about 187,000 records lost per breach incident.

That’s alarming given the average cost of addressing a data breach tops $3.8 million US. The cost of a data breach varies by industry. The average global cost of a data breach per lost or stolen record is $154 US. However, if a healthcare organization has a breach, the average cost could be as high as $363 US. As a final comparison, a data breach due to human error or negligence costs $137 US per record.

• Notification costs: All necessary activities required to report the breach to appropriate personnel within a specified time period.

• Breach response costs: All activities required to notify data subjects with a letter, telephone call, e-mail or general notice that personal information was lost or stolen.

• The cost of providing credit-monitoring services for at least a year.

• Reputational damage.

• Loss of business.

• Negative publicity: Extensive media coverage, further damaging the organization’s reputation.

QUANTIFYING THECONSEQUENCES

HARDSHIPS ON CUSTOMERS

• A full 71% of fraud incidents begin less than one week after a data breach • $16 billion US stolen from 12.7 million identity fraud victims last year

HARDSHIPS ON BUSINESS

In addition to the costs for addressing data breaches:

• Class actions, regulatory and criminal investigations are here to stay, as well as individual actions resulting in damage awards. • Cyber Risk, Liability and Insurance — one which companies are paying top dollar for with the expectation they will inevitably take a hit.• Cyber Risk, Liability and Insurance market to hit $10 billion US by 2020.

Less than 50% of high

profile breach costs were

covered by insurance.

(Target & Home Depot)

<50%

Email encryption has been around for quite some time, yet the majority of corporate emails, are sent unencrypted.

WHY? Encryption methods such as PGP, TLS, S/MIME, Encrypted PDF/ZIP,

and PKI are all valuable, however, individually, none of the methods can respond to the demands of users.

By offering users CHOICES, not LIMITATIONS, you dramatically improve experience, security and

enable new business opportunities.

HOW DO YOUSOLVE THE PROBLEMS?

WARNING!WARNING! Some encryption solutions lack efficient automation schemesand so do not offer the ability to easily define policies.Some encryption solutions lack efficient automation schemesand so do not offer the ability to easily define policies.

Identify privileged communications, as well as content that could harm your organization's reputation if intercepted. This includes

financial projections or statements, and email messages that contain confidential information like bids, intellectual

property, medical records or personal data.

This email content represents the majority of risk in most organizations and is easy to address using policy based encryption triggers.

Policy Based Encryption (PBE) protects email in a way that’s transparent to users. PBE scans for keywords, regular expressions, lists, and

attachments based on pre-defined definitions to identify elements at risk, such as credit card numbers, medical information, etc. and then

automatically encrypts as required, eliminating human error.

STEP 1:FOCUS ON OBLIGATION TO PROTECT DATA

When IT professionals were asked to rate the end user experience for encryption, only 17% agreed that encrypted emails are easy for desktop users

to open, and only 16% felt this way about the mobile experience.

When IT professionals were asked to rate the end user experience for encryption, only 17% agreed that encrypted emails are easy for desktop users

to open, and only 16% felt this way about the mobile experience.

For email encryption to be accepted and used across an organization,you need to deploy smart solutions; recognizing that

users will follow the path of least resistance, encryption solutions should be customizable and experience driven.

THE BEST ENCRYPTION SOLUTIONS WILL:

• Offer the flexibility of push and pull delivery methods: TLS, Encrypted PDF, Encrypted ZIP, PGP and S/MIME, as well as web portal pickup.

• Support the full range of mobile devices with built-in OAuth options: Google+, Live, O365, Facebook, LinkedIn, Salesforce.

• Include customizable policy based multi-domain customer branding options. Brand is critical to reputation. It gives external recipients

confidence that the email information being sent is legitimately yours.

STEP 2:FOCUS ON DRIVING USER ADOPTION

Cost and ease of key administration can vary between solutions.

Some encryption solutions offer basic key management that require an infrastructure and IT staff time to manage, while others employ cloud-based full key management, key recovery, and key escrow -

entirely eliminating on-premise infrastructure requirements.

Get the full facts on how content-aware encryption can mitigate your email security risks. Book a live demo. http://ow.ly/Vmt4e

STEP 3:FOCUS ON REMOVING THE COMPLEXITIES

OF KEY MANAGEMENT

SOURCES:Ponemon Institute's 2015 Global Cost of Data Breach StudyPonemon Institute's Benchmark Study on Privacy & Security of Healthcare DataTechnavio 2015-2019 Global Email Encryption Market ReportAon: Trend Snapshot for Financial Institutions 2014Opswat: White Paper Protecting the Oil & Gas Industry from Email ThreatsJavelin Strategy & Research 2015 Identity Fraud Study