The quantity and variety of data handled by the firm is vast. And, with evolving data protection regulations to comply with, the firm needed a solution to do some of the heavy lifting for them - that is, to support compliance with legislation and alleviate employees of the security burden.
Evelien van Beek, Application and System Manager, shared the firm’s reasons for choosing Zivver:
“Protecting our sensitive customer data has always been of paramount importance to us. But the arrival of the GDPR inspired us to go a step further and demonstrate to our customers that we handle sensitive information carefully and with a high level of security,” says Evelien van Beek.
“We wanted to be able to email securely and have confidence that emails are going to the right person. Our decision to go with Zivver as our secure communication solution turned out to be an easy one; the fact that the solution is used in hospitals says a lot.”
Zivver is designed to empower employees with simple, user-friendly controls. The solution learns from user-behavior with contextual machine learning; this means that Zivver recognizes the presence of sensitive data (including bank account numbers and national insurance numbers, for example) and alerts the user in real time, avoiding costly data leaks.
“So far, our experience with Zivver has been very good! In the beginning we enforced everything, so everyone used Zivver secure email by default unless they turned it off manually,” Evelien van Beek explained.
“After that, we increasingly let people decide for themselves and now Zivver is being used a lot across all departments. I devised that strategy myself. Most companies do the exact opposite; they are increasing security and putting more restrictions in place.”
“The real time alerts when sending privacy-sensitive information have certainly helped to increase awareness among my colleagues. We combined the roll-out of Zivver in the company alongside training by our compliance officer, so that all employees would be well informed. They know what to look out for when dealing with personal data.”In this way, Zivver has raised digital security awareness across all employees, supporting them to embed a security lifestyle, without adopting new complex processes or platforms. To feed the solution with a glossary of terminology for the Dutch insurance sector, Schouten Zekerheid partnered with Meijers Assurantiën, another independent insurance broker, to define what the glossary should look like:
Van Beek explains: “Actually, Meijers is our competitor, of course, but because we do a lot of the same things and can also learn a lot from each other. So, we sometimes consult with one another on certain initiatives. It turns out that they were also using Zivver. We agreed to make a new glossary together to provide additional terms used in the insurance sector that could flag potentially sensitive information, which Zivver quickly implemented, further improving the overall experience for our users.”
“We have therefore asked all departments across our organization, which sensitive data do we process, and when should Zivver be used? This showed which document types really need to be sent securely and which terms are often associated with them. And we can always change the existing list and add new words at any time, so that’s very helpful.”
Where there’s sensitive data being sent by email, there’s multi-factor authentication - or at least there should be. Zivver ensures only authenticated recipients can access sensitive data and allows the sender to choose the method of authentication:
“If there is a telephone number already in the system, that is our preferred method of authentication. We also often use shared access codes for external parties. In the beginning, people were somewhat resistant, but now they are used to it. As long as the goal is clear, that being, ensuring an enhanced level of data security, people will take that additional step to properly authenticate recipients.”