Paul Holland, founder and Chief Executive of Beyond Encryption, talks to PCR about data security issues and how remote working has exacerbated the need to ensure individuals and companies are protected from cybercriminals and how to avoid regulatory intervention through data breaches
Beyond Encryption provides email and communication security systems to a range of sectors including financial services, accountancy, legal, education, shipping and security services. Here we caught up with Paul Holland, founder and Chief Executive to find out more.
Please can you tell me a bit more about Beyond Encryption and the products or services it offers?
The origins of the company go back to 2009, when I started investing in the technology and architecture necessary to combat the emergence of identity theft and email cybercrime. In 2016, the company changed its name to Beyond Encryption (BE) to better represent the values of our products, which truly go beyond encryption.
To date, BE has focused on developing and deploying its email security solution – Mailock. It uses point–to–point (person-to-person) email encryption to verify the recipient’s identity so that the sender can be absolutely sure the email or attached documents arrive with the intended recipient safely without risk of interception, misrepresentation, misdirection or fraud.
How can companies look to secure their emails more effectively?
Every company in the world today has a responsibility to secure its customers’ identity and act as guardians of their information. Failure to do so goes far beyond financial loss with the impact to brand value and reputation potentially being far more costly.
Most email security systems concentrate on protecting systems and processes – that’s the easy bit. Protecting the people is more difficult, and that’s where Mailock sets itself apart. Mailock uses military-grade encryption and unique identity authentication capabilities, which can be quickly adopted into any system. We are passionate about helping companies and individuals secure their most import assets online – their data and their identity.
How are company’s email systems currently at threat?
With a huge proportion of our population now working from home, the Information Commissioner’s Office (ICO) tells us that mis-sent emails are now the biggest source of email breaches – 44% more than phishing.
Protecting people as the principal source of email breaches is important because the implications for those that get it wrong are huge. A recent study showed that 73% of employees are reprimanded for mis-sending an email, 46% were formally disciplined and 27 % were sacked, so it’s a particularly serious issue for employees.
It’s also a serious issue for employers. Sending the wrong email to someone potentially could cost your company severe lost revenues. A recently leaked UK Finance report on behalf of UK banks said that with 10,836 innocent victims of email fraud adding up to around £500m, the banks may renege on a promise to reimburse their innocent customers. It risks catastrophic long lasting reputational damage as well as intervention from regulators.
What benefits does the solution offer?
Under GDPR an email or data breach can cost a company up to 4% of its global turnover. The ICO believes companies should properly identify the recipient of our email before sending them anything. Mailock is one of very few systems that can do this. It’s worth serious reflection on whether an incumbent system actually does this. If it doesn’t, it’s probably worth a rethink, just to be safe rather than sorry.
A school had a recent data breach, through no direct fault of their own, but they are part of a larger group, putting millions of pounds at risk if they are found not to have followed the correct procedures. A financial services provider recently told us that they have daily email breaches logged on their risk register.
Mailock protects people, not just systems and processes. This is a key differentiator. Whilst not necessarily unique, it is unusual. Combined with the ease of integration into existing email workflow – users don’t have to alter their normal behaviours or working practices – and the fact its quick and easy to install, sets it aside from much of the competition.
Purely from a legal and regulatory perspective, it ticks all the necessary boxes, alleviating director’s concerns over meeting best practice governance issues, reassuring investors, employees and customers. The system also provides an audit trail of ‘Digital Recorded Delivery’.
It also saves companies costs as they move to more digital solutions, often making it cost neutral (or better) for many organisations. Carbon reductions are often huge. Significantly, it also bolsters and reinforces a company’s ESG credentials providing real, quantifiable benefits to meet the increasing demands of customers, employees and investors.
The implications for customers are wide ranging too. A colleague suffered a relatively small and comparatively innocent data breach where someone had sent them something that went missing. Within 24 hours, they had got into his bank account and relieved him of thousands of pounds.
Where is this solution predominantly finding use?
Email security has gone from being within the sole domain of CISOs into a high-level risk issue for boards. Big companies are now treating this problem with the seriousness it deserves.
Mailock is the preferred default option of the Recruitment and Employment Confederation (REC), the professional body for UK recruitment businesses. It is also used by Origo, a leading fintech company based in Edinburgh, as the integrated communication system between providers, platforms and advisers.
In addition to its functional advantages, it is particularly easy to use and quick and simple to implement. It has also recently been adopted by Paragon Customer Communications (PCC) as part of its integrated solution for much of the asset management industry, as well as billings for the utilities and telecoms industries.
All this probably helps explain why our system is now being adopted by lawyers, accountants, dentists, intermediaries and to secure ship movements. Its flexibility means it can be used across many sectors and geographies, and we recently secured an inward investment from hardware and software distributor Westcoast.
BE is now looking to develop new products for markets and sectors where we can identify gaps and opportunities where it can enable consumers to lead safer, more progressive and integrated digital lives.
Read the latest edition of PCR’s monthly magazine below:
Like this content? Sign up for the free PCR Daily Digest email service to get the latest tech news straight to your inbox. You can also follow PCR on Twitter and Facebook.