In the past few weeks both the EU Commission and White House have come out with commentary and rules in response to the rise of cyber-attacks. There is growing awareness that cyber security is becoming a political and business necessity. While encryption technology has been used for decades to deal with the storage and transit of sensitive information most are complex solutions designed by I.T. and security experts to meet specific industry regulations or threats. In general they do the job they were designed for, however they overlook one massive reality.
In order to be effective security solutions need to be adopted and used by people who don’t care about security. Most data leaks and privacy breaches are inadvertent; the wrong email address, the wrong attachment. It is more convenient to use basic email, cross your fingers and hit send then log into some other product to send sensitive information. To ensure adoption any security solution being deployed must complement the tools end users already use, not complicate them.
For I.T. and Security teams it is crucial that any deployed security solution work seamlessly across an increasingly complex reality of hosted and on-premise email platforms, corporate and personal mobility devices and avoid traditional encryption solutions that require certificates, keys to manage and changes to everyday email. Governments and regulators can create new rules and policies to defend against cyber threats but until solutions are designed for distracted end users who don’t want to learn anything new information is at risk.
EU Cybersecurity plan to protect open internet and online freedom and opportunity
Brussels, 7 February 2013 – EU Cybersecurity plan to protect open internet and online freedom and opportunity.
The European Commission, together with the High Representative of the Union for Foreign Affairs and Security Policy, has published a cybersecurity strategy alongside a Commission proposed directive on network and information security (NIS).
The cybersecurity strategy – “An Open, Safe and Secure Cyberspace” – represents the EU’s comprehensive vision on how best to prevent and respond to cyber disruptions and attacks. This is to further European values of freedom and democracy and ensure the digital economy can safely grow. Specific actions are aimed at enhancing cyber resilience of information systems, reducing cybercrime and strengthening EU international cyber-security policy and cyber defence.
The strategy articulates the EU’s vision of cyber-security in terms of five priorities:
- Achieving cyber resilience
- Drastically reducing cybercrime
- Developing cyber defence policy and capabilities related to the Common Security and Defence Policy (CSDP)
- Developing the industrial and technological resources for cyber-security
- Establishing a coherent international cyberspace policy for the European Union and promoting core EU values
The EU international cyberspace policy promotes the respect of EU core values, defines norms for responsible behaviour, advocates the application of existing international laws in cyberspace, while assisting countries outside the EU with cyber-security capacity-building, and promoting international cooperation in cyber issues.
The EU has made key advances in better protecting citizens from online crimes, including establishing a European Cybercrime Centre (IP/13/13), proposing legislation on attacks against information systems (IP/10/1239) and the launch of a Global Alliance to fight child sexual abuse online (IP/12/1308). The Strategy also aims at developing and funding a network of national Cybercrime Centers of Excellence to facilitate training and capacity building.
The proposed NIS Directive is a key component of the overall strategy and would require all Member States, key internet enablers and critical infrastructure operators such as e-commerce platforms and social networks and operators in energy, transport, banking and healthcare services to ensure a secure and trustworthy digital environment throughout the EU. The proposed Directive lays down measures including:
(a) Member State must adopt a NIS strategy and designate a national NIS competent authority with adequate financial and human resources to prevent, handle and respond to NIS risks and incidents;
(b) Creating a cooperation mechanism among Member States and the Commission to share early warnings on risks and incidents through a secure infrastructure, cooperate and organise regular peer reviews;
(c) Operators of critical infrastructures in some sectors (financial services, transport, energy, health), enablers of information society services (notably: app stores e-commerce platforms, Internet payment, cloud computing, search engines, social networks) and public administrations must adopt risk management practices and report major security incidents on their core services.
Neelie Kroes, European Commission Vice-President for the Digital Agenda said:
“The more people rely on the internet the more people rely on it to be secure. A secure internet protects our freedoms and rights and our ability to do business. It’s time to take coordinated action – the cost of not acting is much higher than the cost of acting.”
Catherine Ashton, High Representative of the Union for Foreign Affairs and Security Policy/Vice-President of the Commission said:
“For cyberspace to remain open and free, the same norms, principles and values that the EU upholds offline, should also apply online. Fundamental rights, democracy and the rule of law need to be protected in cyberspace. The EU works with its international partners as well as civil society and the private sector to promote these rights globally.”
Cecilia Malmström, EU Commissioner for Home Affairs said:
“The Strategy highlights our concrete actions to drastically reduce cybercrime. Many EU countries are lacking the necessary tools to track down and fight online organised crime. All Member States should set up effective national cybercrime units that can benefit from the expertise and the support of the European Cybercrime Centre EC3.”
Cyber-security incidents are increasing in frequency and magnitude, becoming more complex and know no borders. These incidents can cause major damage to safety and the economy. Efforts to prevent, cooperate and be more transparent about cyber incidents must improve.
Previous efforts by the European Commission and individual Member States have been too fragmented to deal with this growing challenge.
Facts about cybersecurity today
- There are an estimated 150,000 computer viruses in circulation every day and 148,000 computers compromised daily.
- According to the World Economic Forum, there is an estimated 10% likelihood of a major critical information infrastructure breakdown in the coming decade, which could cause damages of $250 billion.
- Cybercrime causes a good share of cyber-security incidents, Symantec estimates that cybercrime victims worldwide lose around €290 billion each year, while a McAfee study put cybercrime profits at €750 billion a year.
- The 2012 Eurobarometer poll on cyber security found that 38 % of EU internet users have changed their behaviour because of these cyber-security concerns: 18 % are less likely to buy goods online and 15 % are less likely to use online banking. It also shows that 74% of the respondents agreed that the risk of becoming a victim has increased, 12% have already experienced online fraud and 89% avoid disclosing personal information.
- According to the public consultation on NIS, 56.8% of respondents had experienced over the past year NIS incidents with a serious impact on their activities.
- Meanwhile, Eurostat figures show that, by January 2012, only 26% of enterprises in the EU had a formally defined ICT security policy.
The $1.2 million dollar fine levied by FINRA against ING and its affiliates yesterday brings to light compliance problems with traditional encryption solutions long recognized but tolerated in the finance sector. The announcement stated that the firms “..failed to set up systems to retain certain types of encrypted emails” and therefore the messages were not available to review.
Much of the frustration around traditional encryption solutions (beyond the end user experience) relates to the creation of a secondary email repository. Even when firms, like ING, make best efforts to put encryption and message archiving solutions in place the two solutions are not compatible. There are keys and certificates to manage, and when used together the archive gets filled with encrypted messages that cannot be reviewed or audited.
Email2 has solved these important compliance challenges and is the only encryption solution that will work with any archive / eDiscovery system ensuring that regardless of whether email is on-premise, hosted, or a hybrid of both, all secure messages are available decrypted for audit and eDiscovery purposes (therefore compliant with the recordkeeping provisions of the federal securities laws and FINRA rules, and supervisory requirements under FINRA rules).
Original post: http://www.finra.org/newsroom/newsreleases/2013/p207604
FINRA Fines Five ING Firms $1.2 Million for Email Retention and Review Violations
WASHINGTON — The Financial Industry Regulatory Authority (FINRA) announced today that it has fined five affiliates of ING $1.2 million for failing to retain or review millions of emails for periods ranging from two months to more than six years. The five firms, indirect subsidiaries of ING Groep N.V., are Directed Services, LLC; ING America Equities, Inc.; ING Financial Advisers, LLC; ING Financial Partners, Inc.; and ING Investment Advisors, LLC.
Brad Bennett, Executive Vice President and Chief of Enforcement, said, “As a result of broad systemic failures, these firms failed to capture and retain emails from hundreds of representatives and other associated persons, and failed to take adequate steps to ensure that their principals were fulfilling their responsibilities to review emails. Email retention and review continues to be an important regulatory responsibility and an issue of concern for FINRA.”
FINRA found that the firms failed to properly configure hundreds of employee email accounts to ensure that the emails sent to and from those accounts were retained and reviewed at various times between 2004 and 2012. In addition, four of the firms failed to set up systems to retain certain types of emails, such as emails using alternative email addresses, emails sent to distribution lists, emails received as blind carbon copies, encrypted emails and “cloud” email (emails sent through third-party systems). As a result of these failures, emails sent to and from hundreds of employees and associated persons were not retained; and because the emails were not retained, they were not subject to supervisory review.
In addition, four of the firms failed to review millions of emails that the firms’ email review software had flagged for supervisory review. At various times between January 2005 and May 2011, nearly six million emails flagged for review went unreviewed by supervisory principals because the email review software was not properly configured.
In concluding the settlement, the firms neither admitted nor denied the charges, but consented to the entry of FINRA’s findings. FINRA found that the firms violated the recordkeeping provisions of the federal securities laws and FINRA rules, and supervisory requirements under FINRA rules.
FINRA also ordered the firms to conduct a comprehensive review of their systems for the capture, retention and review of email, and to subsequently certify that they have established procedures reasonably designed to address and correct the violations.
FINRA’s investigation was conducted by the Departments of Enforcement and Member Regulation.
Investors can obtain more information about, and the disciplinary record of, any FINRA-registered broker or brokerage firm by using FINRA’s BrokerCheck. FINRA makes BrokerCheck available at no charge. In 2012, members of the public used this service to conduct 14.6 million reviews of broker or firm records. Investors can access BrokerCheck at www.finra.org/brokercheck or by calling (800) 289-9999. Investors may find copies of this disciplinary action as well as other disciplinary documents in FINRA’s Disciplinary Actions Online database.
FINRA, the Financial Industry Regulatory Authority, is the largest independent regulator for all securities firms doing business in the United States. FINRA is dedicated to investor protection and market integrity through effective and efficient regulation and complementary compliance and technology-based services. FINRA touches virtually every aspect of the securities business – from registering and educating all industry participants to examining securities firms, writing rules, enforcing those rules and the federal securities laws, informing and educating the investing public, providing trade reporting and other industry utilities, and administering the largest dispute resolution forum for investors and firms. For more information, please visit www.finra.org.
With the numerous social networking tools and instant messaging vehicles available for online communication such as Facebook, Skype, Google Chat, and Twitter, email is often seems less relevant to organizations today.Instant messaging is convenient, fast and to-the point, and for the corporate user sending and receiving 115 emails a day, the appeal is obvious. With SM and IM on the rise, is email becoming obsolete?
Here are some stats that clear it up in our tidy infographic: How Does Email Stack Up?
Despite the booming popularity of instant messaging vehicles and social media platforms, email is still the internet’s “killer app” remaining internet users’ most widely used form of communication with its use only expected to grow, especially in the corporate sector. Email’s ever increasing functionality beyond just sending messages–from email cloud drives that enable you store data in the cloud, to file sharing applications– enhances email as a medium for communication and collaboration. Email’s growth and increasing functionality position it as a channel that will only be more impactful in the future.
- Direct Marketing Association, https://imis.the-dma.org//bookstore/index.cfm?
- Facebook June 2012, http://newsroom.fb.com/content/default.aspx?NewsAreaId=22
- McKinsey Global Institue Report July 2012, http://www.huffingtonpost.com/2012/08/01/email-workday_n_1725728.html
- Osterman Research Market Trends 2005-2008, http://www.ostermanresearch.com/
- Pew Internet Study 2011, http://pewinternet.org/
- Radicati Group Email Statistics Report 2012-2016 , http://www.radicati.com/wp/wp-content/uploads/2012/04/Email-Statistics-Report-2012-2016-Executive-Summary.pdf
- Radicati Group Email Statistics Report 2009-2013, http://www.radicati.com/wp/wp-content/uploads/2009/05/email-stats-report-exec-summary.pdf
Your encryption solution could be the best-of-breed technology, have the most advanced features for tracking messages—it might even have won a shiny award from analysts at some firm, but you may still be at risk for data leakage. Why? Because your employees aren’t using it. In fact, 69% of organizations surveyed by the Ponemon Institute last year indicated they believe employees frequently violated policies for email encryption, while 61% indicated that employees use insecure email channels, such as personal Web-based email to send confidential data. So why are employees failing to encrypt sensitive company emails? Are they dumb? Lazy? Resentful they missed a bonus this year?
While it’s easy enough to blame the user, the truth is that email encryption software has become a commodity that’s fairly easy to obtain, but often difficult to use and manage. Over half of email encryption users are frustrated with their encryption solutions being inflexible difficult to use, according to a recent email study. With the average business email user sending and receiving 115 emails per day, it’s no wonder they avoid the 8-10 steps necessary to send or receive a message using antiquated, commoditized encryption technology. But with a high volume of emails being exchanged, potentially unsecured, users are exposing the organization to the very real risk of data leakage.
So what do you do? Do you bite the bullet, keep your 10-step process and hope the losses from productivity outweigh the alternative of a data breach? Evidence would suggest that users would continue to fumble with and avoid such a system—leaving your organization still at risk to a data breach at the email gateway.
True Security Has Usability
It doesn’t matter how secure the technology is if it’s too difficult to use, employees will avoid and circumvent it. Security needs everyone to adopt it, and every change of behavior, additional step or extra click is a hassle that makes a solution more difficult to use and adopt. To encourage adoption solutions must be flexible and simple enough to compliment the email, mobile and tablet solutions users are already comfortable with.
For more information on how encryption can work seamlessly with your existing email and encourage user adoption, visit the Email2 Product Page.
Email remains the vital tool for exchanging vital and confidential business information ranging from trade secrets to customer information. In fact, Osterman Research estimates as much as 75% of a company’s intellectual property is contained within emails floating around in employee inboxes and corporate email systems. Organizations put a lot of faith in their employees by putting that much valuable data in their hands. But no matter how much trust you put in your employees–they’re human and mistakes happen.
It comes as no surprise then that 69% of organizations surveyed by the Ponemon Institute last year indicated employees violated security policies frequently and send confidential and sensitive information via non-approved, unsecured email methods. It should be even less of a surprise that email is the leading source of data loss/leakage according to that same study, and many others.
5 Mistakes Email Users Make
User actions that appear as trivial mistakes or lapses in judgement can become heinous and costly incidents when they result in data loss or unauthorized exposure. So we’d like to point 5 overlooked mistakes email users make that can result in data leakage:
1. Failing to encrypt sensitive emails ”That was supposed to be encrypted?”
Maybe they didn’t think it was sensitive information, or maybe they didn’t care. Either way, users who fail to encrypt emails transferring sensitive information open the possibility that an email may be accessed by someone other than the intended recipient, leading to potential data leakage and exploitation of information that should have been sent securely.
2. Sending email to the wrong people “A trigger -happy ’reply all’ can be dangerous”
We’ve all done it. Maybe you meant to tell your co-worker how you hate your boss, or the details of last night’s party but hit “Reply All” instead telling everyone. Oops. Now when that email contains confidential company or customer information rather than the dronings of your worklife, and it just got sent company-wide, or outside the company… ‘Oops’ doesn’t cut it.
3. Sending corporate information from personal (unsecured) email accounts ”I’ll just use Gmail…”
Work email is for work, personal is for at home… or whatever right? Using company email accounts to send company-related information is necessary because personal accounts often lack the safeguards (such as encryption, automatic backup, etc) necessary to protect company information against loss of leakage.
4. Failing to backup/save/archive emails “It didn’t seem important at the time…”
If you diligently backup your emails to the server, you’re golden. For the other lazy half of email users who just save emails locally in their folder, on the desktop, or not at all, the possibility of data loss is just a computer crash or email glitch away. With 75% of corporate IP floating around in email boxes, it’s important for users to backup, backup, backup their emails.
5. Believing you’ve won the lottery or other scams “Just enter your credit card information to claim your prize!!”
You’d like to think that luck has finally come our way when we see an email announcing we’ve won the lottery, tickets to Disneyland or luxury getaway to Bora Bora. Though there’s something fishy about them asking for your credit card information, your address and your social security number, you push on because the thought of relaxing on a sunny beach is just too much to stop you from realizing you’re getting played. For the un-discerning user, a phishing scam can mean giving up all sorts of sensitive information, and if its company information you’re giving out, some scammer might just use it for a sandy escape of their own.
Catch Mistakes Before They Happen
While human error may be inherent in our nature, it doesn’t mean data loss is unavoidable simply because we’re destined to make a few bad calls. Instead, all 5 of these user mistakes and many more can be avoided with effective employee training and a powerful data leakage prevention (DLP) solution that can catch mistakes before they happen.
With data leakage centering on users, it’s obvious that an effective DLP policy begins with employee training and management. Educate users on policies for acceptable email use; emphasize that data is essentially money and that employees are responsible for losing company money when they violate policy and clearly articulate consequences for violations. When users understand proper workplace email usage and the consequences, they will be less likely to make mistakes.
While employee training and management can help reduce the potential for costly email errors and snafus, mistakes are bound to happen no matter employees’ good (or bad?) intentions, so training alone isn’t enough to ensure policy. The potential for data to be leaked or lost through email user mistakes underscores the need for organizations to enforce email policy with a data leakage prevention solution to pre-empt user snafus and stop data leaks before they happen. For the best protection against data leaks, businesses should implement a DLP solution that can stop users in their tracks before a damaging email is ever sent.
The best protection is prevention
At Email2 we recognize that user-mistakes are prone to happen and are costly when they do. That’s why we’ve developed a powerful DLP feature for secure email that pre-empts user-error by prompting users of potential data policy violations before the “send” button is hit. If a questionable email still makes it out of the email gateway, additional tools allow total recall of sent messages and attachments even after the message has been read by a recipient.
For more information on how Email2 prevents data leaks, visit the DLP product page.
The importance of guidelines to ensure Efficient and Effective email Use“Most companies are grappling with email overload,” says Monica Seely, an email management expert at Mesmo and author of Brilliant Email. “Companies are losing up to 20 days per person per year, dealing with email poorly.” Most of us would not disagree with these statements. But how many organizations have you encountered that have email guidelines in place – that are actually enforced? The answer is likely none. Having no email charter (that is adhered to) is like having no HR policies for staff (that are adhered to). Payroll expenses and the inefficient use of email are some of the most costly expenses in most professional services organizations. Implementing guidelines around managing these resources are not nice-to-haves, but rather fundamental business rules - and applicable to any size organization. Having these guidelines in writing is not good enough. In order for them to be effective, they must be enforced and become part of the operational culture and house rules and become as second nature as, well,… sending an email. Sending a flaming email or an unwarranted ‘reply to all’ with the dreaded ”thanks!” should become as unacceptable and ‘yesterday’ as scotches for lunch and smoking at our desks. One can’t assume that staff ‘just know’ how to use email. Most individuals’ email training is simply non-existent and ends with opening their MS Outlook application and composing their first email.
Guidelines for when Secure Encrypted Email must be usedIf you are on vacation and you want to send something generic to a friend such as “wish you were here”, you send a postcard. If the message or letter is more personal and you would prefer that only the intended recipent read it, you would send it in a sealed envelope. The same principle applies in the business world. Encrypted email is your sealed envelope (+). It can be more like a signature-required guaranteed delivered package, depending on the encryption service used. Rarely covered in an email policy is the inclusion of guidelines around sending sensitive or client-confidential information. The sending organization or the sender who is including sensitive business, client, or employee information in an email is unequivocably responsible for ensuring that the information is secure and only seen by intended recipients. If a sender does not use email encryption, all information sent over the internet can be intercepted – and leaves the organization open to high risks of data leaks and breach of privacy and other regulatory compliance. It’s like sending a postcard into cyberspace. Sample Encrypted Email Guidelines Here’s just a sample of general guidelines that can be included in your email charter to address the use of encryption to ensure that sensitive content is only seen by intented recipients. Encrypted email must be used:
- When sending or discussing confidential, strategic, non-public, or classified business information.
- For Board of Directors discussions.
- When sending or discussing any type of client confidential, priviledged, or private information. Clients could include students, patients, citizens, or customers.
- When emails include credit card numbers, social security numbers, passwords, logins or any recognizable format for sensitive information. The use of data leak prevention tools here, is also key. Data leak prevention tools will recognize the format of email content, such as xxxx-xxxxx-xxxxx-xxxxx for credit cards, and prevent sending of the email or at least warn the sender to encrypt the email.
- When attaching any kind of sensitive document to an email. Encryption is much more secure than including a password to open the document, which can be hacked.
- By all legal and accounting staff working for the organization, or any staff who frequently deals with confidential information as part of their regular duties. This may include IT, and Sales.
- When communicating outside the organization with firms dealing with sensitive information such as legal, accounting and IT firms. In many sectors, such as the healthcare industry or public sector, guidelines would include a long list of external or partner agencies.
- By HR staff when communicating sensitive employee information, AND when communicating with potential new hires and candidates – particularly when discussing or sending employment offers.
- As an aside, secure email guidelines should also include guidelines for the topic of email delegates. How to communicate which staff members have delegates, and alternative communication methods to reach staff with delegates when ultra-sensitve emails are exchanged. Navigating the sensitivities of email delegates can be challenging if guidelines are not in place.
1. Lack of Confidence that Humongous Bank cares about securing my Confidential InformationI have very little confidence that my humongous and well-established bank cares about securing my private and confidential banking, personal or financial information. It has not trained its staff to understand the importance of securing customer communication and passwords. Does encrypted email only become a recommended option when a customer inquires about security? I’ll also clarify that my banking rep has been with the bank for at least 20 years and is not a junior account rep.
2. Banking & Financial Services 101: User-Friendly Email Encryption Solutions that workProviding me with a secure and user-friendly email encryption solution without requiring a technology dictionary and a 10-page instruction manual to use it, is NOT a difficult task for an extremely profitable banking institution. After all, they have figured out the technology and user-interface for Internet banking? The email encryption solution that I was provided has to be an embarrassment to any successful or progressive organization – but particularly one that provides financial services. And let’s not forget about policies regarding basic email. If financial services organizations are permitting their staff to communicate with customers using an unsecured email system, at minimum, data leak prevention policies and tools must be in place to ensure that if/when confidential information is included in a basic email such as bank account numbers, passwords or credit card numbers, then the sender would be alerted – if not prevented from sending the email. It appears as though even humongous bank does not have to adhere to basic and fundamental principles in securing customer information and privacy.
3. Banking & Financial Services Customers are Unaware that Basic Email is not SecureMy banking rep does not often use his email encryption solution and doesn’t seem to be familiar with it. I am left to conclude that his hundreds of other banking customers are clearly not clamoring for their private information to remain secure, likely because most have no clue that email is not secure and that straightforward alternatives do exist. To all banking or financial services customers, or any customer of an organization where your confidential information is exchanged: Using unsecured email or fax is like shouting something across a crowded room. If you are willing to take the chance that your private, confidential or financial information is intercepted and seen by the occupiers of a crowded room, then by all means, carry on with the status quo. How about a nice order of identity theft with that email? Ariane Laird works with Email2.
- Email2 provides straightforward secure email encryption, data leak prevention, and e-statement solutions for the financial service industry using the same security technology as Internet banking.
- Email2 enables financial services organizations to securely send, receive, control, track and automate delivery of confidential email and large attachments outside the organization – without requiring staff or recipients to change their existing email.
The DataWhen looking at the data, let’s also keep in mind that the survey targeted data protection professionals, with 43% of respondents holding the title of chief security officer, chief information security officer, chief information officer, chief privacy officer or chief compliance officer. Additionally, the sample was skewed toward larger healthcare organizations, “excluding the plethora of very small provider organizations, including local clinics and medical practitioners,” the report said. There’s a lot of interesting (and highly disturbing) data in the report, but I’ll focus on only a few highlights according to healthcare organizations responding to the survey: 1. 96% have had at least one data breach in the past 24 months. On average organizations have had 4 data breach incidents during the past two years. Breaches increased 32% from the previous year. (96%? Does that not sound a lot like 100%?) 2. The top 3 causes for a data breach are:
- lost or stolen computing devices
- third-party snafu
- unintentional employee action.
- 66% agree medical billing personnel do not understand the importance of patient data protection
- 58% say IT personnel do not understand its importance
- In contrast, 58% say administrative personnel do understand the importance of protecting patient data.
- Only 29% of respondents agree that the prevention of unauthorized access to patient data and loss or theft of such data is a priority in their organizations
- Less than one-fourth (23%) said their organization has “encryption solutions installed.”
Email Encryption – a minimum in healthcare prevention for breach of patient data and privacyLet’s focus for a moment on the last piece of data shown in 4(2) above. Less than one-fourth (23%) said their organization has “encryption solutions installed.” This also means that healthcare organizations are not using email encryption (secure email) to communicate patient information securely. Which also ties into 3rd party snafus as one of the top reasons for patient breaches. It seems that email encryption and secure communication should be at the top of the priority list as one of the first steps in securing patient information. The report cites the following types of compromised patient data:
- Medical file
- Billing and insurance record
- Scheduling details
- Prescription details
- Payment details
- Monthly statements
- Email2 provides straightforward secure email encryption, data leak prevention, and e-statement solutions for the healthcare industry using the same security technology as internet banking.
- Email2 enables healthcare organizations to securely send, receive, track and automate delivery of confidential email and large attachments outside the organization – without requiring staff or recipients to change their existing email.
- View our related blog post: 4 ways medical offices can use encrypted email to address compliance and productivity