22 Apr 2021

CISO priorities in email security

From user-friendly software, to complying with data protection regulation, Rick Goud, CIO and Founder of Zivver, lists the top three email security priorities for CISOs and explains how secure communication platforms are addressing their needs.

As teams across the public and private sectors continue to work remotely, accessing and handling huge amounts of sensitive and confidential information over email, outbound data security breaches are a continued cause for concern.  

Email is one of the most used communication methods between organisations, employees, and clients. Yet it is the one that’s most prone to errors. All eyes are currently on Chief Information Security Officers (CISOs) to ensure sensitive and important information remains secure but what should their top priorities be when it comes to secure email use, and how can technology help?  

Priority 1 – Complying with laws and regulations  

In 2018, the General Data Protection Regulation (GDPR) was implemented to overhaul how businesses process and handle data. However, three years later there remains plenty of confusion around the rules, and it can be difficult to spot if existing communications platforms are fully compliant.  

Error prevention technology will help a CISO easily comply with data protection regulations, such as GDPR, from anywhere. That’s because the software’s strong encryption and user authentication, alongside smart technology, is designed to prevent human error. 

Priority 2 – Creating and maintaining good cyber security practice 

The CISO looks for certainty and will have a preference for a solution that is well-known for its quality, reputation and use cases. CISOs needs solutions to work for everyone, from employees to external users.  

Many organisations still do not secure their emails by default, meaning all messages circulate unencrypted. As a result, anyone can access an email, even if they were not supposed to receive it. 

Driving good cyber security practices into the wider organisation requires a cultural change, and one that can be difficult to make across corporate silos. 

Having people overhaul their familiar and comfortable way of working is often a recipe for disaster – especially when they have already had to switch to remote working – resulting in low and slow adoption. People will find their own workarounds because they don’t believe they need to change, and often, a secure comms system is too difficult for them to use.  

When training or attempting to change a team’s day-to-day processes, it is much easier and more effective to show, rather than tell. Error prevention technology has the ability to illustrate where staff are going wrong when it comes to handling and sharing sensitive data, it is simple to set up and easy for teams to use from day one, wherever they are.  

Priority 3 – The secure communications platform must be easy to use  

If an existing system is cumbersome for staff and recipients to use, this leads to low adoption, therefore increasing risk. Outbound email error prevention software is quick to deploy, and easy for anyone to use with minimal training. It integrates seamlessly with services like Outlook and Gmail, resembling tools like the ones most of us already use. These easy integrations enable users to send communications safely without needing to change existing workflows. 

COVID-19 has no doubt altered how public and private organisations work and operate, and this change should be seen as an opportunity to improve working practices to ensure staff can easily safeguard citizen’s data and comply with regulatory requirements.  

As we look to the post-COVID world, let’s look to make it one where security is at the heart of communication practices so that CISOs and their teams can work with confidence wherever they are.  

Dan Patefield

Dan Patefield

Programme Head, Cyber and National Security, techUK

Charlie Wyatt

Programme Assistant, techUK

Jill Broom

Programme Manager, Cyber Security & Central Government, techUK

Sam Wyatt

Sam Wyatt

Programme Manager, Defence and Cyber Security, techUK