Tesla-style approach to email security
We’ve all noticed how quickly digital communication has grown in the previous year. Taking video calls, sharing sensitive documents, and speaking to customers online now happens from the comfort of our own homes. However, as remote working model became the norm, it is evident across the board that this explosion in digital communication has had a huge impact on organizations, staff, and their communications partners.
Many of them have realized that they are caught in a world of emails, messaging apps, letters, and other forms of communication – bringing high costs, inefficiencies, and major cyber risks. So, where do they go from here? And what lessons can we learn from successful smart transformations we’ve seen in other industries?
Chain reaction
More and more organizations are discovering that the over-night adoption of digital channels has triggered a chain reaction, including unintended consequences. For instance, most companies had no time to write clear policies, or to focus on use cases and formulate wishes and requirements.
This led to choosing different solutions for various departments and use cases, ultimately creating convoluted situations. As a result, employees constantly switch between email, WeTransfer, messaging apps, DocuSign, Zoom, letters, certified mail and WhatsApp with their teams and clients.
Furthermore, the rapid adoption of digital communication tools sparked a behavioral change among users. The speed of events meant that user-friendliness, integration, and training were often overlooked. Many employees have had to learn and get used to working with new systems on their own, be it performing additional actions to do their job, such as using VPNs, or suddenly having to work with Teams.
It comes as no surprise that these behaviors weren’t instilled by the company or cultivated by the corporate culture. Organizations had no time to carry out proper extensive security reviews, if at all. The explosion in behavioral change has created additional risks, as this change meant making mistakes and therefore taking risks. Combined with the increasing cyber threat and public awareness of information security, this may well lead to serious repercussions.
Balancing security and user-friendliness
Many firms have failed to establish the right balance between user-friendliness and security, which is one of the reasons why the shift to digital communication has been considerably slower and less effective than they had planned. Even though GDPR requires security and privacy by default, it’s not as simple as it appears. This is because working more securely entails two things: additional activities, which are typically more complex, and a shift in behavior. We all know how challenging the latter may be.
It’s critical to ensure that the additional security measures have a commensurate impact on users to properly deploy secure communications. The goal is to keep user-friendliness and workflow disruption to a minimum. Everyone recognizes that an email carrying important medical information needs to be as safe as possible to avoid unwanted access, even if it means sacrificing usability. On the other hand, if you’re emailing your friend to tell them you’ll be a bit late coming home today, you don’t want to have a series of additional actions.
Complexity of communication
Switching to digital communication involves additional challenges compared with other forms of digitalization: the fact that communicating involves more than one person and that it – literally and figuratively – takes place beyond your organization’s boundaries.
The first version of the email standard dates back to 1973, and we are still waiting for a new standard for communication to replace email to be established. As a result, businesses will continue to be locked into using email as the main method of communicating with the outside world for decades to come. But back when email was invented, things like encryption, authentication, spam, malware, etc. hardly existed, if at all. Of course, the standard has since evolved and been updated, but the need for backward compatibility means that encryption is still optional and there is no real way to weed out spam and phishing emails.
Moreover, email can’t eliminate human error or ensure that the only person reading the message is the intended recipient. This means there is a large gap between the level of use of email and the level of information security. We need to bridge that gap, either by significantly reducing our use of email or by harmonizing how organizations use email today and the required level of information security and privacy protection.
Learning from other sectors
The automotive sector has undergone a huge transition in the past decade, moving from traditional petrol and diesel engines to electric cars. This transition was driven almost entirely by a car brand that has completely transformed the industry: Tesla. But how did Tesla achieve that?
Its first significant product, the Model S, looked like any other car parked on the street. It’s safe to say that it wasn’t the most innovative design. A grille was also included in the early edition of this model, which is entirely unnecessary for an electric vehicle. Tesla used this strategy for owners to identify the Model S as a “regular car” and feel at ease with it. The familiar design helped potential buyers envisage it fitting into their daily lives without big alterations.
To put simply, Tesla did everything it could to remove overly complex behavioral changes for users. While the exterior looked similar, nothing under the hood on the Tesla bears any resemblance to the car of a decade ago. A more radical design of the Model S would most likely have resulted in lower customer demand and adoption due to the behavioral change needed.
Driving innovation “under the hood”
Making sure users don’t have to modify their behavior, and that innovation allows them to keep their old routines is key for adoption of any service. Digital communication is no different. Many businesses struggle to implement systems like Teams, Slack, SharePoint, and internal messaging portals due to the behavioral changes that are required; not just for their own employees, but also for the individuals they communicate.
That’s why security tools should be embedded into a “normal email” platform that doesn’t require employees to shift their user habits or suddenly learn how to use new applications.
As with the hybrid car, your organization can communicate with the standards of the future, but you can also fall back on old standards – in this case, email – if the process requires you to be backward compatible.
Users simply want to communicate in an effortless way, while the innovation is driven “under the hood” as much as possible.
