From user-friendly software, to complying with data protection regulation, Rick Goud, CIO and Founder of Zivver, lists the top three email security priorities for CISOs and explains how secure communication platforms are addressing their needs.
As teams across the public and private sectors continue to work remotely, accessing and handling huge amounts of sensitive and confidential information over email, outbound data security breaches are a continued cause for concern.
Email is one of the most used communication methods between organisations, employees, and clients. Yet it is the one that’s most prone to errors. All eyes are currently on Chief Information Security Officers (CISOs) to ensure sensitive and important information remains secure but what should their top priorities be when it comes to secure email use, and how can technology help?
Priority 1 – Complying with laws and regulations
In 2018, the General Data Protection Regulation (GDPR) was implemented to overhaul how businesses process and handle data. However, three years later there remains plenty of confusion around the rules, and it can be difficult to spot if existing communications platforms are fully compliant.
Error prevention technology will help a CISO easily comply with data protection regulations, such as GDPR, from anywhere. That’s because the software’s strong encryption and user authentication, alongside smart technology, is designed to prevent human error.
Priority 2 – Creating and maintaining good cyber security practice
The CISO looks for certainty and will have a preference for a solution that is well-known for its quality, reputation and use cases. CISOs needs solutions to work for everyone, from employees to external users.
Many organisations still do not secure their emails by default, meaning all messages circulate unencrypted. As a result, anyone can access an email, even if they were not supposed to receive it.
Driving good cyber security practices into the wider organisation requires a cultural change, and one that can be difficult to make across corporate silos.
Having people overhaul their familiar and comfortable way of working is often a recipe for disaster – especially when they have already had to switch to remote working – resulting in low and slow adoption. People will find their own workarounds because they don’t believe they need to change, and often, a secure comms system is too difficult for them to use.
When training or attempting to change a team’s day-to-day processes, it is much easier and more effective to show, rather than tell. Error prevention technology has the ability to illustrate where staff are going wrong when it comes to handling and sharing sensitive data, it is simple to set up and easy for teams to use from day one, wherever they are.
Priority 3 – The secure communications platform must be easy to use
If an existing system is cumbersome for staff and recipients to use, this leads to low adoption, therefore increasing risk. Outbound email error prevention software is quick to deploy, and easy for anyone to use with minimal training. It integrates seamlessly with services like Outlook and Gmail, resembling tools like the ones most of us already use. These easy integrations enable users to send communications safely without needing to change existing workflows.
COVID-19 has no doubt altered how public and private organisations work and operate, and this change should be seen as an opportunity to improve working practices to ensure staff can easily safeguard citizen’s data and comply with regulatory requirements.
As we look to the post-COVID world, let’s look to make it one where security is at the heart of communication practices so that CISOs and their teams can work with confidence wherever they are.
Dan Patefield
Head of Cyber and National Security, techUK
Dan Patefield
Head of Cyber and National Security, techUK
Dan leads the techUK Cyber Security programme, having originally joined techUK in August 2017 as a Programme Manager working across the Cyber and Defence programmes. He is responsible for managing techUK's work across the cyber security eco-system, bringing industry together with key stakeholders across the public and private sectors. Dan also provides the industry secretariat for the Cyber Growth Partnership, the industry and Governmnet conduit for supporting growth across the sector. A key focus of his work is to strengthen the public-private partnership across cyber security to support further development of UK cyber security policy.
Before joining techUK he worked as Forum Lead for the Westminster eForum. In this role he had a focus on the technology and telecoms space, on issues ranging from Broadband and Mobile Infrastructure, the Internet of Things, Cyber Security, Data and diversity in tech. Dan has a BA in History from the University of Liverpool.
Jill is techUK’s Programme Manager for Cyber Security, working across the cyber eco-system to bring industry together with key stakeholders across the public and private sectors.
Prior to focusing in on techUK's cyber security work, Jill was also part of techUK's Central Government programme team, representing the supplier community of technology products and services to Whitehall departments.
Before joining techUK, Jill worked as a Senior Caseworker for an MP, advocating for local communities, businesses and individuals, so she is particularly committed to techUK’s vision of harnessing the power of technology to improve people’s lives. Jill is also an experienced editorial professional and has delivered copyediting and writing services for public-body and SME clients as well as publishers.
Programme Manager, Cyber Security and Central Government, techUK
Annie Collings
Programme Manager, Cyber Security and Central Government, techUK
Annie joined techUK as the Programme Manager for Cyber Security and Central Government in September 2023.
Prior to joining techUK, Annie worked as an Account Manager at PLMR Healthcomms, a specialist healthcare agency providing public affairs support to a wide range of medical technology clients. Annie also spent time as an Intern in an MPs constituency office and as an Intern at the Association of Independent Professionals and the Self-Employed.
Annie graduated from Nottingham Trent University, where she was an active member of the lacrosse society.
Prior to joining techUK, Raya worked in Business Development for an expert network firm within the institutional investment space. Before this Raya spent a year in industry working for a tech start-up in London as part of their Growth team which included the formation and development of a 'Let's Talk Tech' podcast and involvement in London Tech Week.
Raya has a degree in Politics and International Relations (Bsc Hons) from the University of Bath where she focused primarily on national security and counter-terrorism policies, centreing research on female-led terrorism and specific approaches to justice there.
Outside of work, Raya's interests include baking, spin classes and true-crime Netflix shows!
Tracy supports several areas at techUK, including Cyber Exchange, Cyber Security, Defence, Health and Social Care, Local Public Services, Nations and Regions and National Security.
Tracy joined techUK in March 2022, having worked in the education sector for 19 years, covering administration, research project support, IT support and event/training support. My most outstanding achievement has been running three very successful international conferences and over 300 training courses booked all over the globe!
Tracy has a great interest in tech. Gaming and computing have been a big part of her life, and now electric cars are an exciting look at the future. She has warmed to Alexa, even though it can sometimes be sassy!