West Suffolk NHS Foundation Trust selects Zivver to empower staff and patients to share sensitive information securely and prevent data leaks
We are all aware of how digital communication has exploded over the last year because of the COVID-19 pandemic. Video calls, working from home and speaking to customers, residents, and patients online – and all from the comfort of our own home. But now that the dust is starting to settle in the business world, it is becoming clear almost across the board that this explosion in digital communication has had a huge impact on organizations, staff and their communication partners.
Many of them have realized that they are caught in a world of emails, messaging apps, letters, fax, and other forms of communication – bringing high costs, inefficiencies, and major cyber risks. So, where do they go from here? And what lessons can we learn from successful transformations we've seen in the automotive and food industries?
An explosion of explosions
On top of the explosion in digital communication, more and more organizations are discovering that this has triggered a chain reaction, especially with unintended and/or unwanted consequences. Examples include:
An explosion in different solutions: Most companies had no time to write clear and detailed policies, or to focus on use cases and formulate wishes and requirements. In many cases, different solutions have been chosen for various departments and use cases. Most departments use normal email, DropBox, WeTransfer, messaging apps, DocuSign, Zoom, letters, fax, certified mail and WhatsApp interchangeably, to say nothing of the differences between the departments themselves.
An explosion in IT costs: When lockdown hit, there was no time to compare solutions comprehensively or prepare business cases. Think of all those organizations who purchased expensive Zoom, Webex or Office 365 E5 licenses, or who chose to develop costly in-house message portals.
An explosion in inefficiency: Many companies failed to evolve quickly enough, so outdated processes that required people to work from the office and involved paper, fax or couriers created huge delays and/or inefficiencies, which in turn generated high costs.
An explosion in behavioral changes: The speed of events meant that user-friendliness, integration, and training were often overlooked. Many employees have had to work with new systems, log in again or perform additional actions to do their job, such as using VPNs or suddenly having to work with Teams.
An explosion in risks: Organizations found that they had no time to carry out proper extensive security reviews, if at all. The explosion in behavioral change has created additional risks, as this change meant making mistakes and therefore taking risks. Combined with the increasing cyber threat and public awareness of information security, this may well be a bomb that could go off without warning at any time.
Most of the people I have spoken to over the last few months recognize and acknowledge having witnessed and experienced at least three and often more of these explosions within their own organization. The obvious question is then why this happens. Digital communication offers opportunities, right? It's more efficient, isn't it? Digital is cheaper than paper, after all, and automatic is faster than manual, isn't it? So, why aren't organizations reaping the benefits of those opportunities and benefits? And why does the transformation in digital communication seem to be much more difficult than other forms of digitalization, given that other innovations are coming thick and fast? We need to find the answers to these questions so that we can understand how to absorb the fallout from the explosion and convert it into opportunities.
Balancing security and user-friendliness
One of the reasons why the transition to digital communication is much slower and less successful in many companies than they hoped is that organizations have failed to strike a proper balance between user-friendliness and security. Although the GDPR prescribes security and privacy by default, this is not as easy as it sounds. This is because working more securely actually means two different things: firstly, more actions that are often more complicated and, secondly, behavioral change. And we all know how difficult the latter can be. Most people still remember how long it took to make something as simple as wearing a seat belt while driving an automatic process, and we still see older people who have not got into the habit, even now, simply ignoring the warning beeps from their cars.
To communicate securely, organizations must therefore find a balance between security, user-friendliness and limiting the behavioral change that is required. Security that isn't user-friendly creates insecurity: just think of Hillary Clinton, Ivanka Trump, and the former UK Health Secretary, Matt Hancock, who all continued to use their personal email addresses to send and receive highly sensitive information. This was because they found that the extremely secure systems that they should have used were too difficult to work with. On the other hand, opting for user-friendliness at the expense of security also leads to undesirable results. This is demonstrated by a study conducted by Cisco, which shows that 60% of SMEs go bankrupt after a major data breach. According to the same study, a large proportion of people also indicate that they would no longer want to do business with a company that had suffered a data breach that it could have protected itself against. For large and/or government organizations, not being able to achieve that balance leads to a lack of choice, which means that these 'laggards' get stuck with using fax, letters, FTP servers, and clumsy and expensive (homemade) message portals.
Ensuring that the impact of the additional security measures on users is proportional to the situation is essential for successfully implementing secure communications. The aim is to minimize the loss of user-friendliness and any disruption to workflows. Everyone understands that an email containing sensitive medical information must be as secure as possible, because you want to prevent unauthorized access, even if that comes at the expense of user-friendliness. On the other hand, if you're emailing your partner to tell them you'll be a bit late coming home today, you don't want to have a series of additional actions. And you don't want your partner to have that either – which brings us onto the point of depending on the other party...
Complexity of communication
Switching to digital communication involves additional challenges compared with other forms of digitalization: the fact that communicating involves more than one person and that it – literally and figuratively – takes place beyond your organization's boundaries.
According to Wikipedia, communication is "the act of developing meaning among entities or groups through the use of sufficiently mutually understood signs, symbols, and semiotic conventions", where the essential aspect is that one or more senders and recipients regularly swap roles within a specific time frame. In other words, you communicate with more than one person and the people with whom you communicate can have the role of both sender and receiver. Although this is very logical, switching to digital communication therefore means that you have to change not only your own behavior, but that of your communication partners as well. If you imagine a hospital, municipality, government, law firm, or accountant having to change the behavior of their patients, clients, residents, or customers before they can successfully innovate, then you can get an idea of just how huge this challenge is.
In addition, communication is a process that consists of several steps and stages. A user sends a message from one system, the message is transported to a server and stored there, and then the focus switches to the receiver, who then has to repeat the same steps. Moreover, each step has its own risks, and the different systems must be fully compatible with each other. It doesn't get much more complex than that.
Communication standards: the prisoner's dilemma
Effective communication is complex, because you have to take into account the people with whom you are communicating: either you have to communicate in a way that also works for the other party, or a form of standardization is required. Standardization is something found in every sector where there is a dependence on several parties. Think of a light fixture, the voltage in a socket, the shape of a gas or petrol pump. Without standardization organized properly, problems arise. Think of countries driving on the other side of the road, different electrical plugs, and – of course – people who speak a different language. However, the downside of standardization is that it not only takes a long time to agree on a standard, but also that changing a standard is difficult, precisely because this disrupts the standardization. And backward compatibility – in other words, ensuring that the new version of the standard guarantees that the old version of the standard is still supported – is essential when a standard is modified. Remember how long it took, and still takes, to switch from analog to digital television, or from analog radio to DAB+? Both are significant improvements to the standard, but using old devices and the chicken-and-egg issue – applying the new standard even though the rest of the world hasn't yet followed suit – present major challenges here.
The same goes for digital communication. Standards for digital communication have been around for a long time – Morse code, fax, Electronic Data Interchange (EDI) messaging, and email, to name just a few. Although Morse code is fortunately almost extinct (but not quite everywhere!), fax (dating from 1846!) and EDI dating from the early 1970s, widely used for exchanging messages between systems, still form the heart of business operations in many places, such as in the healthcare, logistics and legal sectors. And email, which also dates back to the 1970s, is still the number one digital standard for communication in every sector. This isn't because we think the fax is such a great device, or that EDI is such a handy format (if you're interested and want some fun, take a look here to see how prehistoric EDI is). And email also has major limitations. Yet, we still use these resources because we rely on standards to communicate effectively; on choosing a method that the recipient of the message can also use and interpret. And that's the prisoner's dilemma of communication standards: even if you don't want to use a standard anymore, you have to. Adapting a standard requires consensus between all stakeholders and requires a transition period during which the software supports both the old and the new standards, until all parties are applying the new standard… if that ever happens.
Email: still vital but not future-proof
Research shows that the average person in highly developed countries spends more than a quarter of their working day sending and reading emails! The first version of the email standard dates back to 1973, and we are still waiting for a new open standard for communication to replace email to be developed. As a result, organizations will continue to be locked into using email as the main method of communicating with the outside world for decades to come. But back when email was invented, things like encryption, authentication, spam, malware, etc. hardly existed, if at all. Of course, the standard has since evolved and been updated, but the need for backward compatibility means that encryption is still optional and there is no real way to weed out spam and phishing emails.
Further, email cannot prevent human error – the main cause of data breaches – or ensure that the only one who can read the message is the intended recipient. All things that we not only want, but that are an obligation under legislation such as the GDPR. This means there is a large gap between the level of use of email and the level of information security. We need to bridge that gap, either by significantly reducing our use of email or by harmonizing how organizations use email today and the required level of information security and privacy protection. And as we have just established, we cannot simply say goodbye to email, because processes depend on it and recipients expect it. So, the only option left is to find a way to bridge two seemingly contradictory worlds. But how?
Learning from other sectors
When it comes to resolving problems, there's no use reinventing the wheel; we need to look at how other people in similar situations have tried to address the issue and what lessons we can learn from their efforts. So, let's do that!
Considering the above, there are at least two interesting sectors that have faced a challenge in introducing new technology into an environment where users were accustomed to existing processes, stuck in routines, clinging on to the old ways of doing things and/or where it is important that innovation sticks as closely as possible to the old technology. These are the automotive and food sectors.
The automotive sector has undergone a huge transition in the past decade, moving from traditional gasoline/petrol and diesel engines to electric cars. This transition was driven almost entirely by a car brand that has completely transformed the automotive sector: Tesla. But how did Tesla achieve that?
If you take the first major car that Tesla produced, the Model S, it actually looks like a completely ordinary car. Was it their best and most exciting design? I doubt it. The first version of this model even had a grille, which is completely illogical and unnecessary for an electric car. The people at Tesla took this approach so that users would recognize the Model S as being ‘a normal car’ and feel at home with it, and so they could imagine it fitting into their daily life without having to make any major changes. In other words, Tesla did everything it could to limit changes for users, because changing your behavior is the hardest thing to do. Obviously, nothing under the hood on the Tesla bears any resemblance to the car of a decade ago. A more radical design of the Model S would most likely have resulted in lower customer demand and adoption due to the behavioral change needed.
Something similar has proved successful in the food sector, which has seen an enormous growth in 'vegan meat' in recent years, creating an entirely new industry. So, what was the key there to this being accepted by users? Making vegan meat look like the meat we already know and love, with beetroot juice being added to mimic the pink flesh of 'real' meat. Vegan burgers are obviously plant-based and don't look anything like their meaty counterpart 'under the hood', but the more they mimic the texture and appearance of burgers, the more people will be inclined to try them. And that, of course, is the goal.
Silver bullet: making the future look like the present
What we have learned from the successes of other traditional transformations is to make the future look like the present. Make sure that users don't have to change their behavior and that those innovations allow them to retain their existing habits wherever possible. And when it comes to communication, make sure that the people you are communicating with do not have to change their behavior! So many organizations struggle with adopting tools like Teams, Slack, SharePoint, and in-house message portals because of the behavioral change that this requires; not just for their own staff, but for the people their staff communicate with as well.
That is why we 'disguise' Zivver as ‘normal email’, so that what users see looks as much as possible within security requirements like ordinary email, just as a Tesla looks like a normal car. This is why we decided to let our solutions integrate into Outlook, Microsoft 365, and Gmail, so that people don't suddenly have to learn to use a new application. Zivver also supports existing habits like BCC (who came up with the term Blind Carbon Copy?!), which is very hard to explain to a millennial product owner and software engineer.
But, as with the Tesla, the real magic happens under the hood; i.e. on the Zivver platform. Think of this platform as a hybrid engine, where the email is the gasoline or petrol that you can still use, but you can also use a different standard if you want – just as a hybrid car can also drive electrically. As with the hybrid car, your organization can communicate with the standards of the future, but you can also fall back on old standards – in this case, email – if the process requires you to be backward compatible. You can already send your users large files from your email client, and you will soon also have the ability to sign files and documents digitally, or to send them to others for them to sign. After all, why should users have to switch applications, e.g. go to www.wetransfer.com or www.adobesign.com if they want to share a file larger than, say, 25 MB, or if an attachment needs to be signed digitally? Users simply want to communicate in the way they are used to. And innovations should try to solve technical challenges under the hood as much as possible; you can or should involve users, but you shouldn't ask them to change their behavior too much.
In other words, however contradictory and unnatural this sometimes feels, the past shows that the best way to achieve radical transformation is to show end users small steps, while the technology takes big ones behind the scenes!