By Jonathan McCormick
What would be the cost to your business if email with sensitive client information, such as credit card numbers or health records, got into the wrong hands?
In 2010, more than 107 trillion emails were sent, according to Pingdom. Email has become such second nature that we don’t think twice before sending our most personal information through this easy communication channel.
Most good email providers go to great lengths to protect your email in datacenters, and many companies have put good security practices into place to protect email access. But, as email travels across the Internet, it is vulnerable to data breaches, data leaks and hackers. Rogue employees also pose risks for distributing information inappropriately.
Businesses can face litigation, fines and loss of reputation if any personal information about their customers is exposed via email or other means. For instance, the federal government’s HIPAA act mandates that healthcare providers secure email communication with encryption technology. Financial services firms also face regulation under the Sarbanes-Oxley act. Several states, including California and Massachusetts, have passed their own legislation requiring email encryption. Connecticut companies are finding they are not exempt from penalties and fines.
On Nov. 8, Connecticut Insurance Commissioner Thomas Sullivan announced that Health Net of Connecticut Inc. had agreed to pay $375,000 in penalties for failing to safeguard the personal information of its members from misuse by third parties.
Yet, even now, many businesses have no email encryption technology in place. One data breach can jeopardize the trusted relationship you have with your customers. Unfortunately, many businesses are unaware that the problem can be solved with simple controls over the communications coming and going from their company — anything from bad language to confidential information.
The average cost of a data breach incident for U.S. organizations in 2009 was $6.75 million, or $204 per compromised record. No matter the size of your business, your company may be held financially responsible in the event of a data loss. Many companies look to do the bare minimum to protect themselves, but this leaves the business and all of its data vulnerable. Encryption adds an additional layer of protection on top of your regular email security that any business dealing with personal and confidential information needs to have. By encrypting your email, it makes the information virtually unreadable as it travels across the Internet, thus protecting private information about you and your customers.
Savings are not just accrued in avoiding penalties and fines. A recent study from Thomson Reuters found that 71 percent of global compliance professionals foresaw that an increase in time and resources would be required to work with regulators and exchanges to ensure they would be ready and prepared to meet rising compliance requirements. Up-front investment in encryption will assure safety and can save small businesses from having to put personnel resources toward fixing the problem once it occurs.
It’s important to note that emails do not often end at the original destination. If you forward information about an employee’s medical condition to your HR manager, he or she may need to forward that on to your corporate lawyer and your health insurance provider. Now information that was originally traded internally has moved outside your network and can continue to move without your knowledge. Yet, your company is still responsible for controlling the dissemination of that information.
Not only can email encryption protect against poaching of confidential information, but IT managers can also set in place rules to automatically flag and review all outbound emails before they leave the internal network. This prevents sensitive information or even email with profanity from leaving your company.
A good rule of thumb is to consider an encryption solution if you answer yes to one or both of these questions:
Do you share confidential information about your business or customers over email — such as account numbers, dates of birth, or highly sensitive internal strategy documents?
Do you operate in a regulated industry or geography?
If you answered yes to either of these questions, it is time to start the encryption discussion with your email provider. By taking this step now, you could be saving a lot of time and money later.
Â
Â
Jonathan McCormick is chief operating officer of Intermedia, a New York City-based provider of business communication services to small and mid-sized firms. Intermedia is based in New York City.
Jonathan
McCormick
