Home /All Articles /Articles /Document Security and the “Power of Two”



Last month, I wrote about hacking and the impact on the businesses that were targeted and breached. The penalty for being hacked can be enormous: financial loss from lost revenue, cost to make customers whole (credit reporting services, credit card fraud expenses, etc.), loss of management focus on the business, increased information technology (IT) and security expenses, not to mention corporate image. Corporate hacking won't stop—be it from internal or external threats.



Companies are spending big bucks to address the problem—such as, $250 million a year at JPMorgan Chase. Yet, when a website is hacked, the damage, as we have seen recently, can affect millions of customers. Even if the damage is limited to harmless information, the impact is tangible, expensive and distracting but, hopefully, not irreversible. The attack on Sony was so bad that their entire computer system was down for the week of Thanksgiving. The company fell back on using a phone tree, old BlackBerrys and personal Gmail accounts to communicate, and if that wasn’t bad enough, paychecks had to be cut manually!


According to a recent InfoTrends study, delivering documents as an email attachment is growing at a rate of 32% per year versus a decline of 1.8% via the web.

A way to comfortably expand customer use of electronic communications, without risking enterprise data, is to look at how one might leverage email to deliver documents securely. When delivering personal or private documents via email, the attachment should always be encrypted. Documents delivered as encrypted attachments to an email are protected by two levels of security. First, the hacker must have access to the recipient’s email inbox (or the physical device), and second, they need to have the password to decrypt the attachment. Passwords should be designed to provide the same level of security as a website or call center, and the document can be safely protected when sufficiently strong passwords are used, which take years to crack using dedicated computing power.



Assuming that a hacker wants to spend years of computing power to decrypt an attachment, he or she would have access to only one (not millions of) document(s). Just like a physical letter, each “electronic” envelope needs to be gathered and opened to gain access to the contents, but unlike a physical envelope, which is easily opened, the email attachment is inside a double “sealed” envelope, requiring a second key to open.



Security and protecting client information must be part of the corporate culture. Data protection and integrity are critical to any successful communications strategy. The next time you are considering adding another document delivery channel to your mix of options, make sure that your security and compliance teams also put on their business hats. As the security team looks to protect company and customer information, they should weigh the benefits of growing paperless adoption to support the business's goals. They should take a practical approach to protecting the customer’s data in a way that poses minimal risk of anyone stealing and opening a properly encrypted email attachment, while preserving the simplicity of opening an envelope.




According to a recent InfoTrends study, delivering documents as an email attachment is growing at a rate of 32% per year versus a decline of 1.8% via the web. One contributing factor could be the loss of customer confidence in receiving mail from websites. After all, hackers are targeting the millions of records on portals, not individual documents from an email.


Richard Rosen is the chief executive officer of The RH Rosen Group, a firm that provides solutions to help businesses improve processes and customer communications with the intent to create real, recurring benefits in: cost reduction, electronic payment, shipment tracking and printing/mailing. Contact him at RichR@RHRosenGroup.com or visit www.rhrosengroup.com.