Talking Secure Digital Communications with Rick Goud, CIO, Zivver

Rick Goud

Following Zivver's seminar session at the Government ICT Virtual Summit in January 2021, we caught up with Rick Goud, Chief Information Officer at Zivver to delve deeper into secure digital communications and how it can benefit the public sector.

Multi-channel government to citizen engagement is one of the most important topics of the past 12-months. How does secure digital communications improve citizen services?

Being able to communicate digitally with people is something all organisations should be readily embracing, but this must be done in a safe way. Most people today regularly use email to exchange information, both for convenience and speed. And while in the past there was clearly a big generational divide in the use of the internet and email, these days the vast majority of people can be reached online. In fact, information by Statista shows that in 2020 over 56% of people over the age of 75 used email regularly. This is in line with data by the UK’s Office for National Statistics which showed that in 2019, 87% of all adults in Britain used email, making it the most common type of internet activity. And this number has likely increased further since the pandemic. 

Public sector organisations are under pressure to ensure citizen data is properly protected, in large part because of the sensitive nature of the information that can be being shared.

An example of this are the challenges that came to light when trying to develop tracing apps for COVID-19. Many national governments struggled with implementing their own versions of this. It created challenges from a privacy standpoint as well as the system’s ability to protect the data. Failure to properly protect this type of information can diminish public confidence and trust in the system at a critical time.

Although not the main driver for many organisations, a side benefit of going digital is that it’s also better for the environment by reducing paper waste.

With 80% of UK reported data leaks being caused through human error, what can be done to increase the security of digital communications?

Many companies tend to concentrate their digital security efforts on external threats like malware and hackers, but this only addresses part of the risks. Tools that are designed to alert people of potential mistakes in their communications can drastically reduce the likelihood of the most common types of data leaks occurring, such as sending an email to the wrong person, or accidentally attaching the wrong file. This would give people the ability to catch and correct mistakes before they actually hit send. 

In a survey conducted by Opinion Matters in September last year of 200 public sector IT and security professionals in the UK, 82% of their organisations experienced at least one data leak last year, with many having at least six. This suggests that there remains a clear need for public sector organisations to take additional measures to properly safeguard sensitive data.

What challenges have you faced in implementing secure digital communications for the public sector?

Plenty of organisations still rely heavily on legacy systems and have been slow to move to the cloud, which is one factor. Often this can create more challenges initially within the organisation to facilitate digital communications in a secure way. What I often explain in these situations, is that these types of organisations should look at email as their starting point on their path to digital transformation.

By seeing email through the lens of people’s habits, not simply as protocols, you can support a wide range of use cases from your ‘email’ whether it be transferring large files, questionnaires, documents to be signed or other types of more structured information sharing. That’s why when it comes to securing digital communications, a good focal point is outbound email.

Other organisations are under the impression that their existing security measures are adequate, because they don’t necessarily realise there are data protection gaps that exist with Office 365 subscriptions, for example. For more information on this, refer to this overview.

Is it now necessary for security leaders to re-evaluate their email security and privacy?

Now is definitely an ideal time to re-evaluate your email security practices when it comes to safeguarding data. At the onset of the pandemic, we saw a sudden shift to remote working in the public sector. Accommodations were made to facilitate these arrangements quickly and minimise disruption, but not necessarily with the view that this would become a longer term need. 

With more people working remotely, that also means there’s more data on the move that needs to be protected. Numerous organisations, including Zivver, have already stated that when the pandemic eases, they intend on allowing their staff to continue working remotely, at least for part of the week. So we really are adjusting to the new normal now, in terms of our way of working, and this necessitates a thorough review of security and privacy measures in place and to make enhancements where necessary. 

How can you strike the optimal balance between security and usability?

Security solutions have traditionally been unable to effectively balance robust security with the needs of users, chiefly because the method of revolutionizing technology is a very different approach compared to altering human behaviour. If it’s too big of a change, people won’t embrace it, and this in turn puts your organisation and data at increased risk.

That’s why it’s important for security solutions to easily integrate with communication channels your employees are already comfortable using, like Outlook and Gmail, to prevent any disruption to workflows. If your staff need to switch to a different program to send large files that exceed your regular email’s file size limits, for example, they can instead use a tool such as Zivver to be able to do this directly from their existing email client and send any file up to 5TB. This provides a more streamlined approach since there’s no need to switch programs, which saves people time while also enhancing your data protection efforts.

What are some of the key principles of an ‘enabler’?

What we see with ‘enablers’ is that they try to adopt a 'step into the future' approach. While some have dipped their toe into this segment, typically these tools require employees to change their way of working as well as those you communicate with. Whilst they are usable, the time taken to perform a task increases which will result in slow and low adoption. In many cases there’s also the persistence of ‘Shadow IT’ because the new tools don’t extend to all the required use cases.

Enablers need to be able to strike a balance between providing people with digital communication channels and tools they actually want to use, alongside effective security measures that can keep up with pace of change.

The bottom line is that most ‘enablers’ haven’t gone far enough in truly blending usability with security, you need both of them together to go hand in hand.

Do you notice any trends in the UK public sector in comparison to some European states you work with?

Data leaks in general have been on the rise for years, and this is a trend that is widespread and across many industries, the public sector is no exception. In the UK, however, information published by the ICO last September showed that the number of reported data leaks declined by 45% across the board, during a period of increased cyber threats, alongside a rise in digital communications due to remote working. This is in contrast to other countries such as the Netherlands and Germany, which both have strong reporting cultures for data protection breaches. 

You would expect to see an increase in reported data leaks in the UK as well, but this could suggest that UK organisations feel less obliged to comply with the GDPR in terms of reporting data leaks, regardless of the consequences.

Zivver are a Gold Partner of Digital Government 2021 and will present an interactive session on 13th May.

To meet with the Zivver team, register your place here.