The signing ceremony took place at the Malaysian Pavilion and was witnessed by representatives from MDEC (Malaysia Digital Economy Corporation). This strategic partnership aims to strengthen international cybersecurity collaboration and enhance secure digital communications within Malaysia’s Critical National Infrastructure (CNI) sectors. SecuMailer is a leading European provider of secure, privacy- and cybersecurity-compliant email communication, recognized as part of the EU’s trusted digital ecosystem. As a certified QTSP, SecuMailer ensures legally reliable and compliant email delivery without passwords or attachments. Recipient authentication can be performed using national digital identity systems
at high eIDAS assurance levels.
Vulsan X delivers cybersecurity solutions to both government and enterprise clients in Malaysia and views SecuMailer as a complementary partner to strengthen its portfolio and elevate secure communication services. “We are proud to bring European trust infrastructure technology to the global stage and to collaborate with Vulsan X, who share our commitment to secure digital communication,” said Yvonne Hoogendoorn, Co-founder of SecuMailer.
“Through this partnership, we aim to deliver impactful cybersecurity solutions to Malaysia’s critical infrastructure clients, ensuring stronger protection of national digital assets,” said Dr. Prakash Christiansen, CEO of Vulsan X Corporation.
]]>All three stories share a common feature: they had already opted for a secure email solution. After a careful selection process, sometimes even involving a tender, a competitor’s solution was initially implemented at these organizations. Unfortunately, this did not meet their expectations, so they switched to our solution. Fortunately, we were able to provide all three with good support. In this blog, you can read why these customers switched to SecuMailer.
Scalability
The first organization encountered some problems with emailing to and from shared mailboxes, but a workable solution was found. At a certain point, however, a large number of emails had to be sent to a large group of people at the same time, which was not possible with the chosen solution due to the numbers involved. The customer approached us, and within a week we created a combination of our secure emailing features and a small extension (mail merge) on our own platform. This created an automated, secure email flow that could deliver very high volumes of emails within 10 minutes, with multiple batches per day. To this day, we continue to deliver this specific solution to this customer with great satisfaction.
What made our solution so suitable/effective? Firstly, thanks to our serverless architecture, we have a fully scalable processing process that can scale up from 1 email to 10 million emails without delay. Secondly, we really listened to the customer, analyzed what was needed together, and because we have our own techies in-house and don’t need to consult investors for approval, we can come up with technical innovations that can be operational within days. Our REST API connection forms the heart of this architecture.
Dissatisfaction
The second organization had already been working on connecting the previously chosen solution for a year. Not all problems could be solved, and the Kanban board with outstanding issues was far from empty. In particular, the collaboration with Citrix proved technically difficult to implement. As a result, the information processed by the required plug-in could not be applied, preventing some users from using the secure email solution. Unfortunately, these employees did not realize that they were missing a solution because it was simply not visible on their workstations.
At a certain point, this customer actively asked its users how they experienced the secure email solution. Only then did it become clear that the majority of users were dissatisfied. Subsequently, the decision was made to make a new selection, which ultimately resulted in our solution being chosen. After implementation, there is a high level of satisfaction, particularly with regard to ease of use for the sender and the smooth integration into the organization’s complex IT environment. The biggest compliment was: “We don’t even notice that you are working in the background to secure our emails. We can just continue to email as usual.”
Ease of use
Finally, a third organization that had been using a secure email solution for several years. When considering the renewal of this solution, a surprising evaluation emerged.
What did they find? For three years, the solution had hardly been used by employees, despite being available via a plugin in the email environment (Outlook). This was mainly because employees found it inconvenient, and the organization’s recipients were not “savvy” enough to open the emails.
After this evaluation, the organization decided to explore the market for secure email solutions again and ended up with SecuMailer. Now, all emails from this organization are always sent securely, and both senders and recipients enjoy a positive email experience that is suitable for the confidential sharing of medical data.
Would you like to discover the differences between secure email solutions? Read here about the factors that determine the choice of a solution that suits your organization. If you have experience with secure email and would like to investigate whether switching is a good idea for your organization, make an appointment with our experts. We will be happy to advise you, without obligation.
]]>Many products have extensive lists of available features, which, combined with the sometimes unclear certification status of suppliers in the healthcare sector, can cause confusion. When drawing up a shortlist of secure email providers, it is crucial to consider various factors. It is essential to use your own organization’s wishes and priorities as a guide.
At SecuMailer, we stay up to date on developments in secure emailing of confidential information and keep a close eye on our competitors. This allows us to know what is going on in the industry and what is and is not effective. To help you, we have compiled an honest list of the best solutions on the market that are our strongest competitors.
To compile this list, we used information from reliable, independent sources* and the official websites of various suppliers. These sources include Gartner reports, research by AG-Connect in collaboration with Zivver, the Faexit program, Informatieberaad Zorg, and NEN.
The list of top secure email providers was compiled by evaluating the criteria we outlined in our previous blog [link].
Disclaimer: The information in this blog is based on customer reviews, user surveys, and the websites of the sources mentioned*. Careful efforts have been made to avoid the author’s “own opinion.”
1: Zorgmail secure email from Enovation:
Biggest advantage: Extensively used in healthcare, at the lowest price
Technical solution: Zorgmail Secure Email is a messaging solution that allows connected users to exchange messages securely, both unstructured (ad hoc) emails and structured EDIFact messages. Zorgmail users can choose to use a zorgmail.nl address or connect to their own domain name with associated email addresses.
Security: Zorgmail meets the requirements for secure email. However, to reduce the recipient’s authentication, a TAN code has been chosen for the same email address as the notification message. This means that the lock and key are close together.
In addition, Zorgmail users who are unable to provide a self-declaration are excluded from the NTA 7516 security measures. This means that they cannot participate in interoperability and cannot send emails via NTA 7516 security that comply with the Dutch requirements for sending medical information (NTA 7516).
Zorgmail’s decision to serve both groups of users has created a gray area in which a false sense of security can arise.
Ease of use: Exchanging messages between Zorgmail users is safe and easy. Thanks in part to the address book available to users, other connected healthcare professionals are easy to reach. Ease of use remains high, even between healthcare professionals and other NTA 7516 users such as municipalities and the legal sector.
Receiving email messages from non-connected users, such as patients and other professionals, is however considered cumbersome, especially on mobile devices, where it is not a pleasant experience.
From a practical point of view, there is currently no good solution for sending emails from group mailboxes.
In addition, it is striking that users can decide for themselves whether an email is sent via Zorgmail; this is therefore not automatically configured for all outgoing emails from the user or organization. Often, only part of the organization uses Zorgmail, particularly for specific communications where extra attention is paid to the security of medical data.
Integrated into email environment: Zorgmail offers the possibility of integration with the workplace, for example via MS365, and various EPDs thanks to an available plugin. It is important to note that this plugin does not work with mobile phones and cloud workplaces.
Certifications: Enovation is certified for ISO 9001, ISO 27001, ISO 27799, NEN 7510 and was certified for NTA 7516 until May 2022.
Specialization: Enovation is strongly focused on the healthcare sector. This ensures a well-organized and secure exchange within healthcare regions and between hospitals and their ecosystem of primary and secondary care providers. In addition, there are also many integrations between Zorgmail and other digital applications, such as EPDs, HIS, and ZIS, which are widely used by healthcare providers.
Price level: For healthcare institutions, Zorgmail is by far the cheapest option. This makes them the best value for money on the market. It should be noted, however, that there is an alternative revenue model based on Edifact messages, which means that hospitals in particular bear a large part of the costs for general practitioners.
Investors: Enovation Group is wholly owned by private equity firm Main Capital.
2. Zivver:
Main advantage: Extensive functionality, a streamlined environment, and a completely independent platform.
Technical solution: Zivver is a messaging solution that allows connected users to exchange messages securely. Recipients who are not connected are invited to retrieve or view their messages via a guest portal. This portal approach gives the sender a high degree of control over the message. Zivver offers extensive options, such as making a message temporarily available, withdrawing it, multiple authentication methods for the recipient, and the option for the sender to see who has opened the message and whether it has been viewed.
Security: Zivver meets the requirements for secure email. By actively presenting the user with various choices via pop-ups and issuing warnings, the user is guided and supported in choosing the secure settings when composing the secure email. This makes it very clear to the user and the recipient that a secure email is being sent.
Ease of use: Zivver offers many options for active decision support for the user, resulting in a wide range of choices. This ensures that the difference between standard email and secure email is very clear. However, many users find the pop-ups and extra choices somewhat disruptive when composing an email. In addition, the recipient experience for guest users leads to extra interaction, as the emails raise additional questions. In practice, Zivver is often used selectively by the user.
Integrated into email environment: Zivver offers a handy plug-in for MS365 and Gmail, among others, which makes the secure email functionality available within your own email environment. The plug-in does require the right technical IT environment to function properly. Zivver also has integrations with various other applications, including Salesforce.
Certifications: Zivver has various certifications, including SOC2 type 2, ISO 27001, NEN 7510, and Privacy Verified. Until May 2022, Zivver was certified for NTA 7516.
Specialization: Because Zivver offers its users a very comprehensive proprietary platform, the product is highly suitable for immediate use in mature and immature IT environments. However, this may sometimes require additional effort to ensure a good fit with highly professional IT environments and large organizations. A careful approach, including extensive proof of concept (POC), is therefore recommended. Zivver is widely used in sectors such as business services, healthcare, government, and education. Zivver is currently focusing strongly on the UK and the US as growth markets.
Price level: Zivver offers the option of very small subscriptions, which is advantageous for smaller healthcare providers and SMEs. In addition, Zivver uses a pricing structure in which adding to the basic functionality quickly leads to an increase in the subscription price.
Investors: Zivver has completed several rounds of financing, with parties such as HenQ, DN Capital, and SmartFin involved.
3. Bastion 365:
Main advantage: Very easy to use for MS365 users thanks to seamless integration; suitable for cloud workplaces.
Technical solution: Bastion365 originated from a digital fax solution called Fenestrae and was developed entirely on Microsoft and MS365. Sending emails between addresses that use MS365 is seamless and secure. For users outside MS365, Bastion365 offers a portal solution.
Security: Bastion365 meets the requirements for secure email and integrates well with MS365’s DLP (Purview) and security policy capabilities. This makes it easy to choose a good setup that securely regulates the GDPR and the exchange of medical data via email.
Ease of use: As long as users send emails to other (business) users who also use MS365, the user experience is excellent. All support runs in the background and is available without the need for a plug-in. The recipient’s experience depends heavily on their use of MS365.
Visibility: Because Bastion365 relies heavily on integration with Microsoft, visibility for the user is low. This ensures a seamless email experience that is virtually identical to regular email. This makes it easy to always have it “on,” and the user needs to be less aware of information security and the associated choices.
Integrated into email environment: Fully compatible with MS365, as well as the cloud workplace and mobile phones.
Certifications: Bastion is certified for: ISO 27001; BIO. Until May 2022, Bastion 365 was certified for NTA 7516.
Specialization: Aimed at B2B users who mainly send secure emails to other Microsoft users. They focus specifically on the healthcare, government, and legal services sectors.
Price level: Average
Investors: Fenestrae has been acquired by an American partner, Dura.
Choosing the right secure email product for your organization:
The qualities and product features, prices, and certifications of the best-known secure email solutions in the Netherlands are described above.
Not sure which supplier is best for you? Take another look at our blog: selecting a secure email product for tips.[link]
If you are looking for a secure email solution in healthcare at the lowest price, Zorgmail from Enovation is definitely a good choice.
Are you looking for a product with extensive options, comprehensive support, and advisory functions? Then Zivver offers a secure product that is well suited to both the healthcare sector and (local) government organizations.
Do you and your employees mainly work with MS365? Then Bastion 365 offers the best user experience.
However, if you often share confidential information with private individuals, such as patients with sensitive information, citizens, and customers, none of these products are a good solution. A more suitable option would be to explore the possibilities of SecuMailer for emailing private individuals on our website.
Even if your employees are specialists in their field but have little affinity with information security, it is not a wise choice to replace the familiar email experience with a solution that leaves many choices up to the user. This is because they will then experience secure emailing as a lot of hassle. In addition, freedom of choice also offers the possibility of ignoring secure emails, which leads to data leaks, because people do sometimes make mistakes.
SecuMailer is Secure Emailing 3.0
SecuMailer’s Secure Email 3.0 approach focuses on seamless, organization-wide security. It no longer relies on awareness, but aims for “security by default.” Senders no longer have to make choices and don’t have to worry about the secure transmission of their emails. Security is managed centrally within the organization by specialists, such as privacy officers or IT administrators. This allows users to continue to focus on their work. Recipients no longer need to identify themselves for each message, unless the sending organization sets different rules. Emails arrive in the inbox, where the recipient expects them. Thanks to seamless integration with cloud workplaces, it doesn’t matter which device or email client is used to send emails. Human error is eliminated by default settings from the organization rather than awareness. This means that the sender can never accidentally send an email insecurely.
Read our blog [link] if you want to know more about the differences between the 1st, 2nd, and 3rd generations of secure email.
Emailing private individuals
Does your organization regularly send emails to citizens, patients, and private individuals? If so, it is important that the recipient of the secure email can easily receive the emails. Preferably directly in their inbox, so that the emails are always available where you expect them to be: on your phone, in your mailbox on your computer, everywhere at your fingertips, whenever you need them.
Of course, you want to be sure that the recipient is the right person, which is why the recipient must authenticate themselves via SMS message up to four times a year.
Automated emails via API link
Does your organization send large volumes of automated emails containing the recipient’s private data? For example, insurance policies, invitations to medical appointments, or do you want to inform a whole group of citizens in your municipality about an upcoming change?
Then it is good to know that SecuMailer is suitable for sending NTA 7516-secured emails directly to private individuals, linked to your information systems (EPD, case management system, mailers). These systems combine the automated emails with your recipients’ data.
In control of information security
Do you want your organization to be in control of information security and leave this choice to the IT security specialists? Then don’t ask your employees to make all kinds of considerations when sending emails. Research by Gartner shows that 74% of employees do not prioritize cybersecurity when making decisions. This makes them unsuitable for deciding whether or not to send secure emails. That is why it is wise to choose a third-generation secure email product, which allows employees to simply do their work while the secure email solution takes care of security.
Data minimization
Finally, it is important to consider whether you want to store a third copy of confidential emails for a longer period of time. The above-mentioned portal solutions all opt for data concentration, while the GDPR legislation requires data minimization. Would you like to know how we approach this differently? Click here to download SecuMailer’s white paper on data minimization.
Full integration with cloud workplaces
Because SecuMailer works entirely without plug-ins, integration with all cloud workplaces is completely seamless. Whether you work from your phone, iPad, at the office in the cloud, or from home on your business account, you can always send secure emails without having to make any additional choices. SecuMailer is always running in the background. Read more about the plug-in-free setup here [link].
If you would like to know more about our service, the steps required for implementation, or would like a quote, please contact our experts.
]]>In their search for secure email solutions, many organizations fall for the apparent convenience of plug-ins, small software modules that add extra functionality to programs such as Outlook. But behind this convenience lie some hidden costs. An important aspect is the extra management involved in implementing these plug-ins on employees’ workstations. The indirect costs arise because organizations have to invest time and resources in setting up, configuring, and maintaining these plug-ins. Management can range from varying technical configurations to resolving compatibility issues. A notable disadvantage is that these solutions often do not work optimally on mobile phones and cause problems when used in combination with cloud workstations.
Compatibility issues and mobile limitations
Another important point is the compatibility of plug-ins with existing software. In environments where other plug-ins are already used in Outlook, conflicts can quickly arise, which can lead to reduced performance or even complete malfunction of the plug-ins. Users regularly report problems when using these solutions in conjunction with Citrix environments. If your organization is considering switching to plug-in-based solutions, opt to carry out a Proof-of-Concept (POC) in your own work environment. A POC will provide a clear picture of potential problems, compatibility issues, and the overall impact on daily operational workflow.
The alternative to secure email with plug-ins
An alternative approach to secure email is to choose a solution that connects directly to the Exchange server or another email server. This means that everything on the employee’s workstation remains the same. This approach eliminates the need for additional management, updates, and configurations on individual workstations. However, with this route, it is essential to centralize information security.
Choose what suits you best
Are you going for secure email with or without a plug-in? Ultimately, it’s about making a well-considered decision that fits the specific needs and infrastructure of your organization. Both setups have their advantages and considerations. It’s up to the organization to find the right balance between ease of use, security, and compatibility.
Would you like to know which solution is best suited to your organization? Make an appointment with our experts.
]]>What are the four most important price drivers?
The costs resulting from these four price drivers are direct costs and are shown on the invoice.
Number of users
First, you often pay the price of the secure email solution per user/per mailbox. The number of users is not always the same as the number of employees, so it is important to determine how many accounts need to be connected. It is advantageous to choose a solution that only charges for the number of users who are actually active. For example, if you agree on 500 users, but only 480 are active, would it matter to you if you only had to pay for the number of active accounts?
Sending large files
Are files larger than 40MB ever sent within your organization? If so, you may also need a solution that allows you to send files up to 5TB. You can choose to purchase a separate solution, such as WeTransfer for business. However, it is much more cost-effective to combine a solution for large files with secure mail from a single provider.
SMS costs
When sending secure emails, you also send SMS messages to recipients so that they can authenticate themselves. These costs may seem negligible, but if you have to pay 10 cents for every secure email sent, the costs can add up quickly.
SMS frequency
The NTA 7516 requires that the recipient be authenticated using two-factor authentication. This authentication can remain valid for longer. This depends on what your organization chooses; we recommend 90 days.
In daily use, you will send a maximum of four text messages per year to a non-NTA 7516 recipient. These are, for example, professionals who do not use a secure email solution themselves, patients who do not have a professional mailbox but a private mailbox, or healthcare professionals abroad. Ultimately, as an organization, you decide how often you want recipients to be identified. This is one of the choices where you can influence the price yourself.
Want to see our price structure right away? Click here for our pricing page
Free authentication?
If you want to avoid SMS costs, you can choose a different route. Consider an authenticator from Google or Microsoft, for example. Or think about setting up a PIN code. Agree on a fixed PIN code (e.g., postal code and house number) or send a unique PIN code after each email.
Why isn’t this the standard if it can save costs? In our experience, these solutions are not (yet) widely accepted in the Netherlands [Europe]. They raise questions among recipients, which means you will have to explain to your recipients how to open the email at least the first 2-3 times. This creates more work for you, which ultimately also adds to your costs. Our statistics on coronavirus-related traffic show that SMS is clear to virtually all users and raises few questions.
What internal issues cause costs?
In addition to the direct costs described above, there are also indirect costs. These costs often arise from internal issues. What choices can you make to ensure that you can save on these?
Your existing IT environment plays an important role here. Do you have an IT department where new functionalities can be rolled out easily? Or do you have a different license for each computer? Do you opt for a solution that uses a plug-in or a solution that links to the mail server?
Indirect costs of plug-ins
Many secure email solutions use plug-ins, such as plug-ins that can only be implemented in Outlook. Indirect costs arise from the additional management required: namely, you have to set up, arrange, and maintain things at each employee’s workstation. These solutions are often not suitable for emailing from mobile phones and do not work well with cloud workstations. It has also been reported regularly that these solutions do not work well in environments where other plug-ins are already used in Outlook. Finally, there are sometimes problems with, for example, collaboration with the Citrix environment. So, here’s a golden tip: if you opt for this type of solution, make sure you carry out a comprehensive POC in your own environment.
If you opt for a solution that links to the Exchange server or another email server, everything will remain the same at the employee’s workstation. You will not be bothered by maintenance or updates that need to be carried out by the IT department. But if you choose this route, you will need to arrange information security centrally.
Indirect costs of intensive decision support for users
If your organization chooses not to manage information security centrally, you are leaving the choice up to the user. This means that, in addition to their usual tasks, users also have to think about email security. This often involves various notifications and support in the form of questions such as: Do you want secure, do you want extra secure?
Which authentication methods do you want to use? Do you want to be able to withdraw the message? How long should it remain available? Do you think it contains sensitive information?
You can imagine that all of this disrupts your normal working routine. Imagine you work in accounting and are busy with annual accounts. You need to send an email to your client with an additional question about what the accounts look like and how certain items have been accounted for. You just want to be able to send an email without having to answer questions about information security.
What you often see in organizations where employees are presented with many choices is that few secure emails are sent. Apparently, employees are quick to opt out of security measures. And that can be very costly if it causes a data breach.
Recent research by Gartner shows that 74% of employees are willing to bypass security if it makes their job easier. It is therefore likely that if secure emailing is made difficult for the sender and recipient, most employees will easily opt for the unsecured way of emailing. And that is exactly what you want to avoid.
Centrally managed, it works as follows
Do you choose to work without plug-ins and let users do their work without having to make additional considerations? Then you are opting for central information security. As an organization, you decide which security measures are necessary for your users. Often, you will use multiple user groups: medical or legal data, confidential data, or a combination of both.
During implementation, your supplier can often help you carry out an information analysis and make the right, secure choices in just over an hour. This is ideal if you have a professional IT environment, where you already have most of this in place and can therefore integrate it well into your existing environment and processes.
All choices made when composing the email work like this
This is particularly suitable if you are a smaller organization or have less professional IT support at your current workplace, so you want everything in that secure email application. The recipient will then receive secure emails in a portal. To reduce costs, you can opt for 2FA methods other than SMS, such as Google Authenticator or a PIN code sent by email. This does increase the chance (by 40%) that the recipient will not open the email. This means that you have sent a secure email and think: I have communicated, but then almost double your workload because almost half of your recipients did not open the email.
If you opt for a solution that requires you to train your employees on how to use it, you should also take these indirect costs into account. Another indirect cost is the time it takes your employee to answer questions about the solution. The more complicated it is to open an email, the more questions the employee will receive. When looking for secure email solutions, therefore, also consider the situation from the recipient’s point of view.
Finally, there is the “unintended damage” to the communication experience. If your recipient is frustrated every time they receive an email from your organization because it is not easy to receive and read, you are creating a negative association with your customer every time. This is certainly not good for customer satisfaction.
How do you achieve low cost of ownership?
A good solution for secure emailing strikes a good balance between cost and functionality.
As we have just seen, there are direct costs, such as the number of licenses, additional features such as sharing large files and sending registered emails, and the biggest expense: the number of text messages sent.
The indirect costs can be managed by carefully assessing which IT environment suits you best:
If you are “not quite there yet” with security, it is a good idea to rely on a very complete product that manages everything in its own portal environment.
Are you professionally equipped, for example because you use modern, well-secured cloud workstations? Then you want to be able to work without plug-ins. This solution also ensures the lowest indirect costs, which can certainly add up in larger organizations.
Would you like to know more about this type of secure email solution? Request a meeting with our experts or ask for a quote. With SecuMailer, you choose:
A solution that does not change the way you work. Employees must be able to do their jobs. This prevents your employees from being distracted by additional tasks and questions that arise.
A solution that ensures that the email recipient receives the email directly in their inbox, where they want it. Not on a portal. Good for positive communication with patients, customers, and citizens.
Finally, you want secure mail to work everywhere. So you want to be able to send and receive emails from your phone as well.
]]>Generation 1: the digital ‘registered letter’
The first solutions came onto the market in 2010. This first generation of solutions works by encrypting messages or attachments individually outside the normal email environment. Senders and recipients have to follow extra steps to send and open the message securely. Examples of these early European solutions include ZorgMail, CryptShare, and AttachtingIT (the predecessor of SmartLockr). American names include Proofpoint and FileCap.
Experience has shown that these solutions are considered quite cumbersome due to the extra steps involved. Nevertheless, they remain a secure option to this day. You can use them when necessary, and as a user, you can choose per message or file whether to send it via the secure route.
Compare the first generation to sending a registered letter, but digitally.
Generation 2: awareness as a user-friendly solution
Innovation did not stand still, because after the first version, more user-friendly solutions were developed. Secure mail 2.0 focuses on user support and decision assistance. Private cloud environments help senders with rules and warnings. This reduces errors and data leaks, because before sending, the sender receives a notification that the email may contain sensitive information. The sender can then choose to send the email securely. This generation relies on awareness.
Solutions such as Zorgmail from Enovation, Zivver, SmartLockr, and Bastion 365 are examples of this second generation. They are considerably more user-friendly than the first generation, but opening emails remains difficult for the recipient. At least 40% of emails sent are not opened by the recipient. With every email, the recipient must verify themselves and can only read it on a platform outside their own email environment. This can be too much hassle for the recipient or even too complicated.
In addition, people make mistakes. We tend to take the path of least resistance. And sometimes, even with warning messages on screen, emails still slip through the net and are sent unsafely.
Awareness alone is not enough. Research by Gartner shows that 74% of employees surveyed sometimes deliberately handle information in an unsafe manner. So why should we rely on awareness?
Generation 3: security by default
SecuMailer’s approach with secure mail 3.0 is all about seamless, organization-wide security. It no longer relies on awareness, but goes for “security by default.”
Senders no longer have to make choices and don’t have to worry about the secure transmission of their emails. Security is managed centrally within the organization by specialists, such as privacy officers or IT administrators. This allows users to continue to focus on their work. Recipients no longer have to identify themselves for each message, unless the sending organization sets specific rules. Emails arrive in the inbox, where the recipient expects them. Thanks to seamless integration with cloud workplaces, it doesn’t matter which device or email client is used to send emails. Standard settings from the organization, rather than awareness, eliminate human error. The sender can never accidentally send an email insecurely.
Evolution towards secure and simple email communication
In a rapidly changing digital world, secure email has evolved from awareness to seamless protection. From the early stages of individual encryption to the current organization-wide approach, secure email has adapted to offer both convenience and security. This transformation allows us to exchange sensitive information securely and easily via email.
1 Source: GGD GHOR
]]>About ECSO
The European Cybersecurity Organisation (ECSO) is responsible for implementing a public-private partnership in the field of cybersecurity, in collaboration with the European Commission. ECSO is a recognised player in the European institutional landscape. It supports various initiatives and projects aimed at developing and promoting European cybersecurity. With members ranging from large companies and SMEs to start-ups, research centers, and universities, ECSO creates a dynamic environment in which innovation can thrive.
Label
The ECSO label acts as a market differentiator based on geographical location, giving European cybersecurity companies that develop their business based on European values recognition and visibility. By carrying the label, companies increase their visibility to potential business partners, end users, and investors, enabling them to attract new opportunities and partnerships.
We are eligible for the ECSO label because:
SecuMailer is based in Europe. To be eligible for the certificate, an organization must be based in Europe.
SecuMailer is European-owned. This means that we can demonstrate that SecuMailer is European-owned and that there are no non-European owners or interested investors.
Europe is SecuMailer’s primary market. We can demonstrate that more than 50% of our cybersecurity research and development and more than 50% of our employees are located in the EU27, EFTA, EEA countries, and/or the United Kingdom.
SecuMailer has credible products and services. We have declared that we comply with ENISA’s basic requirements. (‘Indispensable baseline security requirements for secure ICT products and services’).
SecuMailer complies with all privacy laws and regulations. We can demonstrate that we comply with all requirements of the GDPR (General Data Protection Regulation). This is the European name for the Dutch AVG (General Data Protection Regulation).
Proud
SecuMailer is proud to be the only company for secure mail recognized as a complete European Cyber Security solution. We are happy to share our expertise on privacy legislation and help you secure your confidential emails in the most user-friendly way possible. Secure email is a must for all companies in the healthcare, government, and legal sectors. It is important to communicate securely with patients, citizens, and clients. We ensure that email is not only secure, but also easy for both the sender and the recipient.
]]>Does the recipient of your mails have to make an effort to find, open and read them? Then more than half of your messages will be lost. And that while they are so important! In this way, data protection easily overshoots its target.
With SecuMailer you can email in the most secure way so that your messages arrive directly in the recipient’s mailbox. That seems so logical, but it is still unique: Secure mailing with the greatest ease for both the sender and the recipient? SecuMailer is the first and only one to make this possible!
Who, what, where of the NTA 7516
Are you crazy about all those pick-up messages in your email?
In recent years, a lot of electronic information has been exchanged in portals in healthcare. This was necessary because e-mail traffic could not be sent securely. A logical step was to also place messages intended for patients in a portal. Here, both the patient or another healthcare professional can click to the portal via a pick-up message and then view the message with an extra code or password. Very difficult often, and sometimes even impossible. Just think of my message box from the government, that is never a pleasant experience.
The good news is: This is no longer necessary.
By choosing SecuMailer you prevent that the security of email is perceived as “hassle” by the recipients. The use of portals, file share servers and / or local plug-ins is not necessary with SecuMailer. This gives you a solution that resembles the “normal” way of emailing as much as possible, but with the guarantee of encrypted delivery.
Many organisations are now looking at a portal solution for secure e-mailing because they have seen this before. However, the major disadvantages for the recipient and the great burden on their own IT environment are good reasons to consider the modern solution for secure emailing without retrieval messages and portals.
But how do you do that with the professional secrecy of the (care) professional?
The doctor’s oath was introduced in the Netherlands in 1878 and since then it is already good practice that medical information does not just end up with the wrong person. Nothing new, therefore, that medical data cannot just be sent by email. The healthcare professional must first establish that the recipient is entitled to the information.
The first time a patient comes to a doctor, he has to register. The citizen service number is recorded, the identity is checked with an official proof of identity and the address details are put in the medical file. After that, you really don’t have to show your passport to your doctor every time.
Two Factor Authentication. Maximum 4 times a year
For confidential emails, establishing the recipient’s identity can be done in the following way. The healthcare professional (or at least the organisation) has the recipient’s email address and telephone number. You can then check the identity of the recipient by a combination of an e-mail and a message to the telephone.
From that moment on it has been carefully demonstrated that the recipient is who he says he is and can be securely reached via the e-mail address. All emails can then securely reach the recipient’s mailbox. After 90 days it is again necessary to send a combination of email and message on the phone again.
Legal framework
Since May 2020, there are new rules for secure emailing with personal health information. These are laid down in the NTA 7516 for secure emailing in healthcare. These rules are based on the following legal frameworks:
The GDPR:
Privacy legislation that requires sufficient technical and organisational measures to be taken to prevent confidential data from falling into the wrong hands. Email must be sent encrypted according to this law.
The WGBO:
This is the law on the medical treatment agreement. The professional confidentiality of the healthcare professional is laid down in this.
Because these two laws are the basis of the NTA 7516, the NTA 7516 itself does not have to be a law, but the requirements are mandatory for everyone with medical confidentiality. Many local authorities and ministries will also work with the rules of the NTA 7516, because they also regularly need or send personal health information.
Requirements Forum Standardisation:
The open standards for secure digital internet traffic that the forum imposes standardisation on (semi) governments have also been applied in the NTA 7516 requirements. This is another reason why many municipalities and ministries want to apply the NTA 7516 standard for secure e-mailing.
Unknown, unloved.
As initiator for the NTA 7516, SecuMailer has a very smart solution for secure emailing that ensures that both the recipient and the sender can continue to email effortlessly.
Do you want to know if the NTA 7516 is necessary for you? Please contact Yvonne Hoogendoorn via the SecuMailer website.
SecuMailer, send and receive with the greatest ease.
]]>As a supplier of secure email and initiator for the NTA 7516, we have worked hard for this standard at the Ministry of Health, Welfare and Sport and the “Information Council for Care” for the past two years and are proud that the NTA is now available. SecuMailer has made the necessary technical changes to provide secure emailing according to the NTA 7516 standard.
Every professional who wants to send personal health information by e-mail must use an NTA 7516-safe email product such as SecuMailer and also meet the requirements of NTA 7516. Firstly, these are healthcare organisations, but also municipalities , health and safety services and emergency rooms. In addition, the security measures that the NTA 7516 regulates are also very suitable for other confidential (LoA level 3) information that, for example, is subject to professional discretion, such as lawyers, financial service providers and insurers.
A login method where you use something you know, something you have or something you are and then combine two of these three properties. For example, a message on your phone with a login code. The two factors are then: something you have: your phone number; and something you know: the login code.
Because the personal health information cannot be read by just anyone, it is important that both the sender and the recipient are really who they are. To determine this, it is not enough to use a personal email address. Additional measures must be taken to establish identity.
For healthcare professionals, identifying who they are is easiest when they first log into their workplace during their shift. As a result, there is no need for extra security on the e-mail message, but this is done at the workplace.
SecuMailer does this by having the sender (our customer) log in to his workplace with extra measures and by sending the recipient a message on his telephone, after which the e-mail is delivered to the inbox.
If the recipient is an NTA 7516 healthcare professional, the recipient also logs in with 2FA at his workplace and receives the email.
There are several providers of NTA 7516 secure email services. Agreements have been made between these different providers so that messages can be delivered securely without additional hassle for the healthcare provider. In practice, this means that you only need SecuMailer to be able to receive and deliver from the other providers free of charge and without additional login procedures. Every healthcare professional therefore only has to choose a provider and the providers take care of the settlement behind the scenes.
An important condition here is that the healthcare professional himself has taken sufficient measures to comply with NTA 7516.
To make the organization NTA 7516 compliant, organizational measures and technical measures are required. The main ones are:
SecuMailer connects with a mail relay on the mail server of the customer and therefore has no negative impact on the customer’s client environment. This has the following advantages:
SecuMailer can be used by all applications and on all devices, also in collaboration with back office systems.
Yes, SecuMailer has an active link with Khonraad. All municipalities and GGZ institutions that use SecuMailer are ready for the WvGGZ.
SecuMailer is suitable for professional organisations that like to email securely with the confidential data of their patients. The user-friendliness of SecuMailer is the best in the market because it does not use portals or plug-ins. If you want to experience this yourself, request a test connection today.
]]>Email has become indispensable in most organizations, yet security and reliability remain important concerns. With the introduction of stricter regulations, such as the GDPR, NIS2, DORA, and increasing cyber threats, it is more important than ever to protect confidential information properly. This also applies to your customers’ data: you expect your external suppliers to handle it with the utmost care, but how can you be sure? Data leaks, unauthorized access, and a lack of control over email traffic pose major risks. How can you be sure that your supplier has taken measures to prevent this?
What does SOC 2 mean for SecuMailer users?
SOC 2 certification is recognized worldwide as a leading standard for data security and risk management, especially in the context of cloud and IT services. The certificate provides assurance that a service organization complies with five core principles: security, availability, confidentiality, privacy, and processing integrity.
For SecuMailer users, this means that email communication is not only secure, but that this security is also demonstrably guaranteed. An independent external audit has proven that confidential information is guaranteed to be protected against manipulation, loss, or unauthorized access. This makes emailing with SecuMailer reliable and secure.
Ready for the future with SOC 2 and NIS2
SOC 2 also forms an important basis for compliance with future regulations, such as DORA and NIS2. This legislation requires organizations to bring their cybersecurity up to standard. SecuMailer’s certified services support organizations in minimizing risks and increasing digital security, ensuring that you always comply with relevant laws and regulations.
Would you like to know what our ISAE 3000, SOC 2, type 2 certification can mean for your organization? Or are you curious about how you can email securely without using cumbersome portals? Feel free to contact Yvonne Hoogendoorn.
Call +31 320 337 381 or send an email to [email protected].
]]>