There is a wide body of people that believe they are sending information private because they are sending using Microsoft Office 365, Gmail, or using a third-party service that sends all messages using transmission layer security.
With the recent media focus on cybersecurity, whether it is talk of Russian hackers scheming to influence US presidential elections, or the pervasive pressure to comply with GDPR or HIPAA (healthcare privacy regulations) or other consumer data privacy requirements, “encryption” is one of the solutions that is often introduced.
Many, many software service sales professionals throw around security phrases to make cyber security sound simple. Today, as technologies advance and threats get ever more sophisticated, encrypting email for privacy compliance is not getting simpler. The devil (hacker) is in the details.
Habits are often hard to break. Some professional offices, particularly in the health care sector, when there is a need to send something private, send by fax. Their belief is, if they send by fax, the transmission is secure and private (HIPAA compliant).
As consumer awareness of data privacy issues increases, companies that don’t take their clients’ data privacy seriously are getting hit harder and harder. In healthcare, a Florida healthcare provider paid a $5.5 million fine (a HIPAA record) earlier this year for allowing more than 115,000 patient records to be improperly accessed and disclosed. Last year, Ashley Madison paid almost $1.6 million to settle charges related to Federal Trade Commission (FTC) enforcement of data privacy laws, after the online “cheating” site’s virtually non-existent cybersecurity practices allowed the compromise of all its 36 million users worldwide.
We hope you are enjoying the “Tech Trends to Expect in 2017″ series. Last week, we made the second of three weekly predictions on technology trends we think will manifest in 2017. Here’s our third and final prediction of the series:
Prediction 3: Cybersecurity will be a primary purchase driver for consumers shopping for professional services
Consumers are becoming more sophisticated about cybersecurity. They are attuned to news about data breaches, hacking and malware. But this information has yet to take on a pivotal role in their purchasing decisions. In 2017, we predict that consumers shopping for professional services will consider each provider’s cybersecurity practices as a make-or-break factor before signing on the dotted line.
Specifically, consumers will begin using security ranking databases to select attorneys, insurance agents, title agents, real estate brokers and registered investment advisors. Security could be a category that pops up on Healthgrades for physicians, commercial insurance directories or websites like realtor.com. Has the business been hacked? Are they using the best technologies to protect their client data? Are they sending encrypted email messages to customers and clients? This will be true for small and large businesses alike and especially true for professional services providers that retain personally identifiable information (PII).
Security ranking models have already been developed for evaluating large corporations. BitSight, founded in 2011, offers a security ranking platform that ranks businesses based upon their security performance. Companies use BitSight to evaluate their vendors’ security performance against that of their competitors. Clients include financial services firms, universities, TransUnion and Fannie Mae.
Key Industries Impacted
Data security is crucial for attorneys. Litigation clients might be in the midst of a divorce or custody suit. Their attorneys are sending messages about legal strategy for an upcoming arbitration; clients are sharing information about their assets, spending and other personal habits. If this data is hacked, it will no longer be privileged, and opposing counsel is free to use the information. Consider the “Panama Papers” debacle from 2016, in which more than 5 million emails and documents were stolen from the IT systems of a prestigious law firm that handles (or in some cases, used to handle) the affairs of world leaders and prominent US businesspeople.
High net worth individuals are especially sensitive to the security practices of their registered investment advisors (RIAs). They are relying on their advisors to protect their financial interests, and that expectation extends to data protection. Clients increasingly expect to receive their quarterly and year end statements via secure email. They may also be exchanging critical trust documents and business contracts that need to be protected whether in transit electronically or at rest on a computer server.
Title companies rely on real estate listing agents to bring in new settlement business. Those listing agents are staking their reputation on a safe and secure purchase process which can happen quickly, with many required transactions taking place according to a precise schedule. Meanwhile, criminals are eagerly searching for wire fraud opportunities, jeopardizing the entire transaction.
Finally, insurance agents are in some ways the closest to the concerns around cybersecurity. After all, insurance agents are the ones selling cyber insurance; about $2.5 billion of cyber insurance was written in 2016, according to Allianz. Additionally, insurance agents are exchanging all types of sensitive information with service providers such as building inspectors, medical examination providers and credit agencies. Those agencies that deal with protected health information (PHI) as business associates of healthcare providers are subject to HIPAA and its data privacy mandates, for example.
Businesses should be proactive about presenting their cybersecurity practices as one component of their marketing message, as these will begin to be critical drivers in consumers’ purchasing decisions. If businesses do not make this information readily available, consumers will rely on the public record (often news coverage of data breaches and hacks) or simply move on to the next provider in their consideration set.
With the recent media focus on cybersecurity, whether it is talk of Russian hackers scheming to influence US presidential elections or “Brexit” votes, or the pervasive pressure to comply with HIPAA (healthcare privacy regulations) or other consumer data privacy requirements, “encryption” is one of the solutions that is often introduced.
Email encryption is one of the strongest defenses that an organization can implement against data breaches brought on by the improper disclosure or distribution of medical records or protected health information (PHI). But without written policies and procedures governing the use of encryption services, these efforts mean next to nothing in the eyes of HIPAA auditors who have been redoubling their efforts to investigate non-compliance across the health care industry.
Small business are not ‘under the radar’ of government enforcement for HIPAA privacy and security rules. Not only is the government issuing meaningful fines to small businesses for non-compliance with these data privacy rules, they are explicitly stating that regardless of the size of the firm, whether a small physician’s office or insurance broker, they will hold everyone accountable.
Be Well Solutions, a wellness center, reports that they have used RPost with unquestionable success in terms of paper reduction, proof of compliance with HIPAA data privacy requirements, and proof of who sent what to whom and when.