CISO priorities in email security
As teams across the public and private sectors continue to work remotely, accessing and handling huge amounts of sensitive and confidential information over email, outbound data security breaches are a continued cause for concern.
Email is one of the most used communication methods between organisations, employees, and clients. Yet it is the one that’s most prone to errors. All eyes are currently on Chief Information Security Officers (CISOs) to ensure sensitive and important information remains secure but what should their top priorities be when it comes to secure email use, and how can technology help?
Priority 1 – Complying with laws and regulations
In 2018, the General Data Protection Regulation (GDPR) was implemented to overhaul how businesses process and handle data. However, three years later there remains plenty of confusion around the rules, and it can be difficult to spot if existing communications platforms are fully compliant.
Error prevention technology will help a CISO easily comply with data protection regulations, such as GDPR, from anywhere. That’s because the software’s strong encryption and user authentication, alongside smart technology, is designed to prevent human error.
Priority 2 – Creating and maintaining good cyber security practice
The CISO looks for certainty and will have a preference for a solution that is well-known for its quality, reputation and use cases. CISOs needs solutions to work for everyone, from employees to external users.
Many organisations still do not secure their emails by default, meaning all messages circulate unencrypted. As a result, anyone can access an email, even if they were not supposed to receive it.
Driving good cyber security practices into the wider organisation requires a cultural change, and one that can be difficult to make across corporate silos.
Having people overhaul their familiar and comfortable way of working is often a recipe for disaster – especially when they have already had to switch to remote working – resulting in low and slow adoption. People will find their own workarounds because they don’t believe they need to change, and often, a secure comms system is too difficult for them to use.
When training or attempting to change a team’s day-to-day processes, it is much easier and more effective to show, rather than tell. Error prevention technology has the ability to illustrate where staff are going wrong when it comes to handling and sharing sensitive data, it is simple to set up and easy for teams to use from day one, wherever they are.
Priority 3 – The secure communications platform must be easy to use
If an existing system is cumbersome for staff and recipients to use, this leads to low adoption, therefore increasing risk. Outbound email error prevention software is quick to deploy, and easy for anyone to use with minimal training. It integrates seamlessly with services like Outlook and Gmail, resembling tools like the ones most of us already use. These easy integrations enable users to send communications safely without needing to change existing workflows.
COVID-19 has no doubt altered how public and private organisations work and operate, and this change should be seen as an opportunity to improve working practices to ensure staff can easily safeguard citizen’s data and comply with regulatory requirements.
As we look to the post-COVID world, let’s look to make it one where security is at the heart of communication practices so that CISOs and their teams can work with confidence wherever they are.
Dan Patefield
Dan Patefield
Dan leads the techUK Cyber Security programme, having originally joined techUK in August 2017 as a Programme Manager working across the Cyber and Defence programmes. He is responsible for managing techUK's work across the cyber security eco-system, bringing industry together with key stakeholders across the public and private sectors. Dan also provides the industry secretariat for the Cyber Growth Partnership, the industry and Governmnet conduit for supporting growth across the sector. A key focus of his work is to strengthen the public-private partnership across cyber security to support further development of UK cyber security policy.
Before joining techUK he worked as Forum Lead for the Westminster eForum. In this role he had a focus on the technology and telecoms space, on issues ranging from Broadband and Mobile Infrastructure, the Internet of Things, Cyber Security, Data and diversity in tech. Dan has a BA in History from the University of Liverpool.
- Email:
- [email protected]
- Phone:
- 020 7331 2165