The New Wave Of Email Security: Maintaining Control Of Your Customers' Data

By Jason Green, Chief Revenue Officer, Trustifi

To understand next-gen email security features, we must review how the market has evolved toward regulations-driven sales — and why this may still leave some end users vulnerable.

Email is certainly the most ubiquitous of business applications, marked by an unequaled ease-of-use — and usurping even voice calls in its current prevalence. Yet that very effortlessness is what makes email security an issue:  Businesses and individuals are so comfortable communicating via this protocol that they forget their email systems can be a huge target for breaches. A slew of sensitive data is transmitted through email each minute, including credit card data, personal addresses, company trade secrets, budgetary figures, confidential contracts, even classified federal communications. In a 2017 Cybersecurity Trends Report from LinkedIn, employees claimed to be 50 percent more likely to use email to exchange sensitive files, as opposed to a third-party service like Dropbox.

Without some kind of email security management, “sent” email data is immediately out of the user’s control. Like a genie set free of its bottle, that data has traditionally been exceedingly difficult to call back. What’s worse, users tend to avoid email security management systems that incorporate encryption or involve extra steps like PIN codes or registration processes. Such policies run contrary to the market’s original embrace of email and its extreme ease-of-use. Up until recently, such protocols have been cumbersome, in stark contrast to the relative simplicity of Outlook, Gmail, or Yahoo Mail.

The Email Security Shift: From Phishing Threats To Regulatory Compliance

Before we can assess the advantages of next-generation email security, we must look at a critical market turning point. As recently as 2015, spear-phishing was the top email security buzzword. Scams cleverly mimicked credible sites, soliciting personal information such as bank account or social security numbers. Similar attacks lured readers to click infected links that hijacked their systems, installed malware or spyware, or otherwise infiltrated their networks. Such attempts were difficult to control since hackers continued to evolve their expertise.

Fast-forward to 2017 and 2018 and the motivation for many businesses to seek email and cybersecurity solutions shifted to a regulation-based approach, complicating the sale of email security solutions for MSPs and VARs. As economies reacted to increasingly sophisticated cybersecurity threats, sweeping regulatory measures such as the CCPA (California Consumer Privacy Act) and the European Union’s GDPR (General Data Protection Regulation) were implemented, forcing businesses to seek compliance or risk substantial, even financially crippling, fines.

Although compliance continues to drive opportunities, it also presents challenges for partners in the channel, since CIOs and IT managers find themselves evaluating email security solutions solely on their ability to address these regulations. They’re motivated by legislation without full comprehension of the threats their networks still face. Email systems are in fact often the entry point for hackers. And MSPs in the market have recently been subject to devastating ransomware attacks that have breached multiple clients at a time, causing havoc in the channel. The National Association of State Chief Information Officers has reported a significant escalation of ransomware attacks in 2019, up to “five-fold” in government sectors.

The Key To Adoption: Security That’s As Easy As Email Itself

If we hope to increase adoption, users must be able to send an email message with 256-bit AES encryption as easily as they would any other email. An effective, modern solution should be transparent to the user and cost-effective enough for the SMB market, while also offering compliance with CCPA, GDPR, HIPAA, and PII regulations. Next-generation systems are being introduced that provide superior encryption and leading-edge security features yet are easy to use and can be deployed in minutes or hours — without ungainly registration processes for users, or protracted integration processes for CIOs. Many email solutions require recipients to follow a procedure to open their encrypted mail as well, extending the beleaguered process to parties who never even subscribed to the solution, and further discouraging adoption.

Companies also need to take a holistic approach, demanding protection for both inbound and outbound transmissions. An ideal system must deliver these in one solution, so IT personnel aren’t required to manage multiple solutions and vendors. And a powerful, robust solution should allow users to recall and delete emails containing sensitive material. Current systems typically only allow a few seconds during which a message can be recalled, resulting in a great volume of failed attempts. Redaction should be possible regardless of the limitations of the user’s email platform, or the protocol of the server to which the material has been sent. An effective email security solution should omit that recalled message from the recipient’s server, allowing senders to regain control of that data.

As partners in the channel, you should remain intent on protecting your end-customers’ email data, yet such solutions should not be a difficult sell. As technology progresses and the implementation of high-level email security becomes a more seamless process, the opportunity to upsell more secure, risk-averse environments will grow — especially in sensitive verticals such as government and financial services.

About The Author

Jason Green is CRO at Trustifi, a cybersecurity firm featuring solutions delivered on a software-as-a-service-platform. Trustifi leads the market with the easiest-to-use-and-deploy email security products, providing both inbound and outbound email security from a single vendor. The company’s Inbound Shield, Data Loss Prevention, and Email Encryption solutions adhere to GDPR, HIPAA, PII, and CCPA regulations.