Data breaches rank among executives' and IT decision-makers' very worst nightmares. They’re not just costly, they’re also capable of wrecking a brand's reputation, investor relations and customer trust. But despite the known—and feared—consequences of data breaches, many organizations still aren't doing enough to prevent them.
Email systems are one critical area, since emails and attachments contain a whopping 74 percent of an organization's intellectual property, according to Osterman Research. As you discuss security with your customers, be sure to include email privacy systems in the conversation.
The real compliance challenge
If your customer handles any type of sensitive data at all, it's a pretty sure bet that there are data privacy regulatory requirements or industry best practices that govern the way the organization deals with emails. The specifics vary by industry—PCI DSS for retail (and any organization that handles credit card payments), HIPAA and HITECH for healthcare providers and their business associates, GLBA for financial services— but the requirements are generally similar. Content filtering, data loss prevention (DLP) and encryption all play a role.
Compliance is critical for most regulated businesses. Problem is, in most cases regulatory compliance demands only minimal, common-sense steps toward email security, leading to a false sense of security once compliance is achieved. Meeting these minimum standards will save organizations from noncompliance penalties, but not from sophisticated cybercriminals or inadvertent data leaks. The real compliance challenge facing the enterprise, therefore, is recognizing that compliance is just the beginning.
Turn email vulnerabilities into reliable email security
The best approach to solidifying your customers' defenses against email data breaches lies in helping them take their mandated email security technologies to the next level.
Encryption is a key example. All data privacy regulations contain some restrictions on what kinds of data can be shared freely. Certain data types, such as consumers’ Personally Identifying Information (PII), must be protected and prevented from indiscriminate sharing. Your customers may already have an encryption solution in place to attempt to ensure the security of sensitive data in emails.
Even if your customer has a solution deployed, however, it may not be comprehensive enough. Let's say, for example, that the customer makes use of desktop email encryption on all employee computers. That's all well and good—for emails sent from employees' desktop email clients. But in this age of mobility, BYOD and the always-connected information worker, what about emails sent from smartphones or tablets or personally owned devices? Customers who allow any degree of mobile productivity need to look into mobile encryption solutions as well.
In a similar vein, let's say that the customer has an on-premises email encryption gateway. What happens when the customer begins a migration to cloud computing, as is becoming increasingly common in the enterprise? On-premises solutions will no longer suffice; cloud adoption will demand cloud-native email security and encryption.
Email privacy is a critical element of overall enterprise data and network security. Customers cannot overlook it and hope to stay breach-free. As your customers' trusted technology provider and security advisor, it's your job to steer them toward solutions that are comprehensive enough to take their email privacy strategies beyond compliance and toward true security.
Ready to learn more about technologies that can improve email privacy? Speak to an Ingram Micro security expert today.