The Value of Secure Messaging: Lessons from the OPM Data Breach

data leak prevention

It is now known that there was a significant lack of encryption and other safeguards that could have prevented the compromise of personal information in the U.S. Office of Personnel Management (OPM) data breach made public in June. Social Security numbers amongst other pieces of sensitive data were not encrypted. One reason for the lack of security offered by the CIO of OPM in a recent Federal Times article was that certain legacy systems were incompatible with new encryption tools and for some systems it would take too long to encrypt them.

According to many in the security industry including experts like Kurt Rohloff director of the New Jersey Institute of Technology Cybersecurity Center, this explanation is questionable to say the least. In the same Federal Times article referenced above, Rohloff calls into question OPM’s claim and goes onto say: “It may be very expensive to integrate encryption technologies with legacy systems but it is generally possible.”

The challenge of legacy systems aside, the reality is that the OPM data breach cost the government millions of dollars and resulted in sensitive information from an estimated 21.5 million federal employees falling in the hands of hackers. The question that must be asked is whether an investment in encrypting legacy systems and overcoming the aforementioned technology challenges would have been more expensive than the impact of the breach? It’s probably not even close.

The decision whether to invest in much needed security measures (even when there are challenges in doing so) becomes all the more pertinent for small and medium size businesses (SMBs). SMBs generally have limited resources to invest in an IT system overhaul. Often the most basic security measures seem complex and out of reach.

So how do SMBs deal with the challenge of securing sensitive and confidential data in their day-to-day email communications when large enterprises with many more resources and dollars fail to do this themselves? One answer is to use a secure messaging platform such as Cirius that detects sensitive information like Social Security numbers and automatically encrypts the entire email. Cirius also rapidly and seamlessly integrates with existing email infrastructure and extends security to mobile devices so employees can continue to use their regular email systems and email addresses.

Cost is no excuse to leave data unprotected. Encryption and data leak prevention tools on the market today are affordable and support even the most highly regulated security environments. No organization – regardless of size or the complexity of IT systems – should be without email security. It is a necessity of this day and age as well as a competitive advantage. Just ask those millions of federal employees if they’d agree.