Why should companies invest in secure email communications?
Use of corporate email communication has become so widespread – is it secure email however?
It typically contains trading-sensitive business information, business plans and other company-critical data in communications among partners or business associates. With clients, it involves managing and updating client information and this could range from order information, personally identifiable information (PII), protected health information (PHI), account details, transaction details and more. Among internal employees, sensitive and/ or customer information is exchanged, or corporate email communications may include other confidential information pertaining to the employee, for example, their salary data, health related communication, benefits, their family information, and more.
Any loss of data from any of these parties can result in various things:
- contractual violation, e.g. confidentiality clauses
- privacy violation, e.g. loss of protected health information,
- liability issues for unintended disclosure, especially customer data.
- Civil and criminal penalties may ensue from PHI and PII (banking) loss.
- Bureaucratic nightmare after a breach resulting from requirements of compliance with federal and state reporting, client letters, managing public relations.
- Reputational risk
- Financial losses.
The Sony breach that occurred resulted in reputational risk to the company, financial losses, and tremendous public relations management needs. There are examples of Wikileaks reporting which amounted to criminal negligence and had national security implications by the reporting of classified information. The Ashley Madison breach proved to be a huge embarrassment to its clients. There are also many examples of healthcare data breaches which cause a lot of the problems mentioned above, in addition to the fact that PHI is stolen to enable identity theft and/ or fraudulent billing. There are huge amounts of money involved in trading of PHI in the black market.
Therefore, any company – small, medium or large – should place priority on ensuring that their corporate email communications are secure.
By Sanjay Deo.