Decrypted | Insights from Virtru to Unlock New Ideas

The Hidden Costs of Your Secure Email Portal

Written by Editorial Team | Mar 1, 2024 4:09:59 PM

When was the last time you used a secure email portal? At work? Responding to a secure email from your financial advisor? Communicating with your doctor about test results? 

Now, think about the experience you had with that portal. Was it positive? Perhaps you were asked to create a password, which you have since forgotten. Or, even worse, did you forget it so many times that you were locked out? 

Ultimately, did you feel that the experience was easier or harder than necessary? Our guess is that you'd answer with the latter: Legacy email portals often bring unnecessary friction and frustration to the data sharing process. 

Along with that sub-par user experience comes a range of hidden costs that make the total cost of ownership for secure email portals far higher than the number on the invoice. 

Secure Email Portals Require You to Set Up an Email Gateway

At Virtru, we love an email encryption gateway. In fact, we offer fantastic email and SaaS gateways that our customers love — including one of the world's largest banks. There are clear benefits of a gateway, like protecting data sent from any endpoint. 

But, Virtru’s gateway is an option, not a requirement. Gateways make perfect sense for many organizations, but not for all of them. Secure email portals, however, require that you install an email gateway. This includes companies like Paubox, Zix, Mimecast, Proofpoint, and Symantec, to name a few. 

If you own a small business, or you do not have many IT resources, an email gateway can be burdensome to set up — and a headache to rip out, should you change your mind later on. You may have to generate an API REST token, and add a TXT or CNAME record in your domain's DNS records. If you're not a technical person, you'll either spend your time and resources trying to figure it out, or hire someone to help you get this done, which adds costs. 

Then, there's also the offboarding to consider. If you decide to discontinue use of your email portal, you'll need to do the same thing to rip it out of your organization's tech stack, and that also takes time. In fact, we've heard from prospective customers who feel stuck with their old portal providers for this exact reason. They are not happy with the product, but they do not have the bandwidth to get someone to help uninstall it, and fear all of their emails may be affected if they don’t uninstall it properly. 

Let’s look at some of the hidden costs of these solutions:

  • Your time for reviewing the prerequisites and beginning installation of the Gateway
  • Potential additional billing hours for any external resources you need to bring in for technical work (this increases exponentially if you do not have one on hand)
  • Cumbersome onboarding and offboarding processes for your team
  • Longer time to value after you sign your contract
  • Lack of freedom to switch encryption providers when your contract is up for renewal
  • End-user frustration which may trickle back to your IT team — for example, being locked out of the portal, needing to reset a password, and more

The Alternative to Email Portals

Virtru does not require you to set up an email gateway. Our email encryption is deployed as a simple plugin for Chrome, Outlook and O365. Getting started with Virtru is simple and can be done in minutes, even if you have minimal technical skills or bandwidth. The Virtru Secure Reader never requires your recipients to create a password to unlock a message. 

For secure file sharing, Virtru Secure Share is also fast and easy to sign up for, and because it works in a browser, all you have to do is log in to get started. (And, if you're using Virtru Secure Share for Confluence, you can simply buy it through the Atlassian Marketplace and start using it instantly.)

If you need simple, flexible tools for email and file encryption — and you want to get up and running quickly — Virtru is ready when you are. This was the case for Lance Clark, Founder and Director of Clark Christian Counseling, who said in a Virtru testimonial, “I think we all share something in common, and that would be time, energy and money. And so, I don't like to reinvent the wheel. I like to find people to make really good wheels and make it worth my dollar and then let them work for me, Buy a good wheel and implement it, and don't brain yourself otherwise. So I think, for the person who's just starting out or a small practice, you're going to want to look at conserving your energy, your money and your time. And I think you get the conservation of all three of those with Virtru’s product.”

Secure Email Portals Can Confuse Recipients

Have you ever received an email that looked... suspicious? We’ve all been told, “If you do not know the sender, DO NOT open and DO NOT click on links in emails.” It’s sort of like “Stop, Drop and Roll” these days. Everyone is trained on this on a regular basis, even outside of work.

What’s mind-boggling, then, is that with most secure email portals, your secure emails will not come from your email address. Your recipient will not get an email from you (who they know and trust). They will get an email from “noreply@secruremessgeprovider.com”. Pretty confusing and contradictory to what you’ve been trained — we know! 

As a result, customers, patients, or partners might look at your secure emails and think they're spam or phishing attempts. They may also end up in a junk folder if they don't come directly from your domain. Ultimately, this creates a hitch in communication and introduces questions in your customer's mind about the trustworthiness of the emails and files you're sending them. Your teams may bear the brunt of this and also feel the pain with additional phone calls asking about the validity of the secure emails, or asking questions about how to access the information inside. 

Furthermore, most secure email portals require end users to create a new username and password to access their encrypted information. And, unfortunately, your “go-to” password for things like this may only have 6 characters, not meeting the 8 character, 1 special character, 1 uppercase letter, 1 number requirement. This is yet another password for your recipients to remember (and let’s be real, they probably won't). This may also place additional burden on your support teams when recipients inevitably need to reset those passwords. 

Here's an example of what that experience looks like.  

The friction caused by this experience is damaging — imagine you're a patient waiting to receive an important update about your lab results, or a busy parent trying to access their child's individualized education plan (IEP) for special needs getting locked out when they’re just trying to log in to read an email. You don't want to increase their burden just to access their own data.

The Hidden Cost

  • Lost hours and productivity from re-sending emails that may have gone to a junk mail folder
  • Recipients refusing to open emails that look like phishing attempts - slowing things down
  • Increase in support tickets for help desk teams
  • Customers frustrated and relationships soured
  • Erosion of brand trust and customer confidence

 

The Alternative to Bad User Experiences

The Virtru Custom Branding feature for its email and file encryption products, making it easy to design your brand's secure email experience to reflect your logo, brand colors, and brand language. This can build trust, increase adoption, and bolster relationships with your customers.

When it comes to recipient experience, this is where Virtru really shines: To access a secure message or file, recipients don't have to create a new password or install any software. They simply authenticate their identity using the credentials they already have: Their Google or Microsoft email login, or they can opt for a one-time verification email. 

Secure Email Portals Can Introduce User Error and Risk 

When you set up your portal gateway, you need to decide on your DLP rules. Many organizations opt for a line of text in the subject line that will trigger encryption. This can work well for many organizations, but it does introduce a level of risk when users mistype the subject line tag. 

Say, for example, an organization has the tag #secure# to trigger their DLP. An HR team member may send a file containing employee PII and PHI, but type in #secure. Or, a product manager might share a file containing intellectual property with a contractor, but they type in [secure], as that's the tag their former employer used. An executive might share a detailed readout with the board of directors, but mistypes #secur# in the subject line, because they're in a hurry. Other employees may forget to tag an email altogether, and if the DLP engine doesn't catch the sensitive data in the email or the attachment, it's then out of your hands. These are all simple, honest mistakes that you may, unfortunately, be liable for.

There's also no instant visual confirmation that a secure email was sent correctly, so users might not even catch their mistakes, leading to additional challenges and lack of visibility. This is especially true if your provider sends secure email through a different outbox instead of showing secure emails in the user's everyday Sent Mail folders. They click “Send”, wait 1 minute to figure out if they sent it correctly, and may even reach out to IT to ask to confirm. Another example of wasted time and frustration.

The Hidden Cost

  • Your portal admin MUST take time to set up DLP rules
  • Employees MUST be trained, and re-trained on what the rules are
  • Potential data loss and compliance violations when users don't follow DLP protocols
  • Lack of visibility for admins and users when sensitive data leaves the organization unprotected
  • Lost time and productivity due to employees and admins navigating between regular and secure mailboxes and sent folders

The Alternative to Subject Line Tags and Typos

With Virtru's email plugins, your users can simply toggle on a blue button to apply Virtru encryption. This gives a clear visual indication that an email has been secured. You can put your mind at ease!

Admins can still put DLP rules in place to ensure that emails containing sensitive information (containing certain keywords) are protected before being sent, as a backup policy. 

Since Virtru is doing client-side encryption, Virtru also has a "Warn" feature that admins can set up along with DLP rules. This will warn the user before they send a message, showing the potentially sensitive information detected, asking, "Are you sure you want to send this?"

This feature is helpful from a data loss prevention perspective as well as a security awareness training perspective. According to Virtru customer Leroy Cunningham in our Chartered Management Institute case study, "While Virtru provides us with a safety net, we also like the idea of being able to educate our users at the same time. So, instead of automatically encrypting something sensitive, we can let the users know and advise them to encrypt it. That way, there’s always a learning process in place. I think that’s key: keeping security top of mind and not creating complacency. It just reaffirms that thought process and, over time, it becomes second nature to them… These aren’t things that I can just teach them, it has to be something they can see and touch for themselves.”

Virtru Is Your Secure Portal Alternative 

If you're looking for an alternative to the legacy secure email portals you're used to, we don’t blame you! We invite you to check out Virtru. Virtru is highly rated on G2, Capterra, and Gartner Peer Insights, and our library of customer case studies and video testimonials demonstrates how many customers love to use our data-centric security products. 

See our easy-to-use data security products for yourself: Book a Virtru demo with our team today.