Insights for Zivver Secure Email

Introduction

Insights for Zivver Secure Email shows how well you prevent email data leaks and where you can improve.

You can also prove to senior management and external auditors that you have the necessary security and compliance procedures in place.

Watch this video by our product manager Tjebbe Bodewes.

Please click if the video isn’t loading.

What is Insights for Zivver Secure Email?

Insights provides a variety of out-of-the-box dashboards and flexible data export capabilities to help answer questions including:

  • Do employees adopt Zivver to send sensitive emails securely?
  • Do users use Zivver effectively to prevent data leaks?
  • Is two-factor (2FA) authentication used effectively to send sensitive emails?
  • Are email open rates affected as a result of senders encrypting emails?
  • What types of sensitive information is Zivver flagging as sensitive?
  • Do users use Zivver to securely send large files?

Overall, you can assess how well Zivver is protecting against email data leaks and determine where you can make continuous improvements.

Overall, it helps organizations assess how successfully their Zivver implementation is protecting against email data leaks and enables them to make continuous improvements.

User adoption

Using Insights, you can report on the number of users sending emails using Zivver. You can also monitor the trend of users and messages over time. These reports help you ensure that the initial adoption rate increases and is maintained over time.

With the Accounts sending Zivver messages dashboard below, you can see how many accounts have sent Zivver messages. Based on your experience of your organization, you can quickly assess how well protected you are. If you expect significantly more users to handle sensitive information, you must determine which users are not protecting their emails.

Using the Statistics by Sender dashboard, you can do further investigation on a sender-by-sender basis. Combined with a list of employees you’d expect to be handling sensitive information, this dashboard shows

  • Which users are sending Zivver messages
  • The percentage of recommendations followed
  • Which users potentially expose your organization to an email data leak.

As well as a one-off assessment of user adoption, you can view trends over time to assess user adoption and spot changes to the norm. The Messages Sent Over Time and Accounts Sending Messages Over Time graphs below clearly show that user adoption increased significantly in February as Zivver was rolled out.

If you monitor these two graphs regularly, you can clearly see significant changes to the business. You should report any significant changes to the security team so they can be addressed.

For example, a sudden drop of messages or accounts could indicate that users became less attentive. They may not be adopting recommendations to secure emails containing sensitive information.

Data leaks prevented

It is important to prove that Insights is working by looking at the number of potential data leaks that were prevented. Insights splits data leaks prevented into those stopped before sending and those revoked by users after sending.

Zivver recommends that messages should be secured once a business rule is triggered. The Potential Data Leaks Prevented Before Sending dashboard shows how many of these recommendations were followed. These messages could have caused a data leak if they had been sent unsecured.

The dashboard Potential Data Leaks Prevented After Sending shows the number of revoked emails. The sender successfully revoked these emails manually before they were read by the recipient. If these messages had not been revoked by the sender, they could have caused a data leak.

In addition, the Revoked Messages Over Time graph shows whether messages were opened or not by the recipient before they were revoked. Messages that were revoked before they could be opened prevented a potential data leak.

It is important to track this ratio. If the number of opened messages increased significantly, you probably have an increased risk of email data leaks. You should investigate and address any increase.

When you combine these reports, you can explain the value of the Zivver implementation to your senior managers. Also, you can prove to auditors that you have procedures in place to prevent email data leaks.

Assessing User Compliance

As well as the number of successful data leaks prevented, you should look at the types of business rules that are being triggered and the percentage of them being followed by users. The Recommendations Followed by Rule report shows you whether users follow recommendations to send emails securely by category (financial, fiscal, confidential, medical, employee, intellectual property, personal, SSN).

With this graph, you can assess whether the protection of sensitive information in your business is adequate. If you see that a particular rule type is lower than you expected, you should investigate further using tables like Statistics by Sender (above) to determine which users are not adopting recommendations as a result of a business rule being triggered. You can then target these users with additional security awareness training to ensure they understand the significance of protecting sensitive information against email data leaks.

Measuring Open Rates

To assess whether encrypting emails affects the recipient open rate, use the Message Open Rate statistic. This statistic shows the number of recipients that have opened their message at least once.

The success rate will vary depending on your organization and the recipients. However, you should investigate further if this number is lower than you expected or lower than the best practices average of 75%. There may be a particular company that does not open emails that you sent. You should use the Top Recipient Domains table to investigate. With this information, you can set up countermeasures to address the poor message open rate such as sending an explanation email ahead of the encrypted email so that recipients know what to expect.

File Transfer Usage

Zivver enables users to address the file size limitation imposed by traditional email systems, which is often as low as 25 MB. With Zivver, senders do not need to use a third-party file transfer website to securely send files. Senders can send files of up to 5 TB directly from their email client.

The File Transfer Usage dashboard allows you to see how many attachments of a particular size Zivver has sent securely. If you expect a higher number of emails with attachments due to the nature of your business, you need to investigate further. Maybe users use third-party file transfer websites instead. This might not be secure enough to protect your sensitive data. Also it is more difficult to control and audit.

Integrating with third-party reporting solutions

As well as default, out-of-the-box reports, you can export data. With this data, you can answer questions from senior management and from auditors that are specific to your organization. For example, with the Statistics by Sender dashboard, you analyze the sending patterns of individuals. But you might also need to assess the level of adoption or security awareness of a department. For example, the employees in the accounts department have access to sensitive information that they need to handle securely.

Insights provides a high degree of flexibility to do this. With Insights, you can export the data for further manipulation and analysis. You can produce granular, team-level reports to answer questions that are unique to your situation with a combination of Insights data and your employee records.

For an explanation of the the content of the export from the Insights dashboard, refer to Data export from Zivver Insights.

FAQ

Accessing Insights

Q How do I get access to Insights?
A Click here to access Insights directly or navigate to Statistics in your Zivver administrator environment.
Q How can I impose granular access controls on who can see the data?
A It is not possible to restrict access in the Zivver admin panel. To control access, we recommend that you export the raw data and create bespoke reports in your own business intelligence platform. Then you can apply apply the standard access controls you use across your entire organization.
Q Why does the Insights page look different from the rest of the admin settings?
A We are developing an improved overall admin interface which will have more functionality and better navigation. The new Insights page already has this new improved interface. This is also why the Insights page URL may look like ‘app.zivver.com/beta’ in the short term.

Interpreting KPIs

Q How do I interpret and use the dashboards?
A The table below describes how to interpret Insights dashboards.

Dashboard Description Use Action
Accounts sending Zivver messages Indicator of adoption Analyze how it compares to the number of people in your organization you expect to be emailing sensitive information If this number is lower than expected, investigate who is not sending secure email using Statistics by sender dashboard
Potential data leaks prevented before sending Indicates the value of Zivver to your organization when preventing sensitive data from being sent insecurely Show how often data marked as sensitive is sent securely thus preventing a potential data leak Share with management how many potential data leaks are prevented due to sensitive information being sent securely
Potential data leaks prevented after sending Indicates the value of Zivver to your organization when recalling sensitive emails that were sent in error Show how often sensitive emails sent in error were successfully revoked before being read by the recipient and thus preventing a potential data leak Share with management how many potential data leaks are prevented due to successful revoking of messages sent in error
% of messages sent with Zivver after a rule is triggered Reports how well the organization’s secure communication policy is being followed Verify that sensitive data is being sent securely once Zivver flags it to the sender. Generally, you should expect it to be between 10-30%. If this number is low, investigate to determine whether the business rules setup could be improved and/or more security awareness training is needed for employees.
% of messages sent with recommended verification method Shows whether the organization is following best practice on recipient verification. Show that secure recipient verification methods (SMS, access code or Zivver account) are being used. Check that the atul email verification methods being used match your security policy. If not, check the breakdowns of recipient security and how it breaks down by domain.
It may be necessary to work with recipient companies to ensure higher levels of security (for example, setting up access codes, sharing mobile numbers).
% of Zivver messages opened by recipient Shows how well recipients are accessing secure messages Check that the important information is being read by recipients. If this statistic is low (typically below 80%), then look at the ‘recipient security’ dashboards to determine which organizations are unable to open Zivver messages.

Assessing User Behavior

Q How can I determine how many users have sent Zivver messages?
A The Account sending Ziver messages dashboard shows the number of accounts that have sent at least one Zivver messaging during the filtered timeframe.

Q Can I drill down to see which individual users are sending Zivver messages and how many they are sending?
A Yes. The Statistics by sender dashboard provides a breakdown of statistics for individuals.

Q Can I assess whether encrypting emails is affecting recipients ability to open and read emails?
A Yes. Insights reports on the Message open rate which gives a clear indication of how many users are not opening emails. It is also possible to drill down to recipient domains to establish whether the problem is with a specific company that your organization regularly communicates with.

Q I am concerned that users might be using third party file transfer websites that I cannot monitor. Can I ensure that Zivver is being used to send large attachments?
A Insights reports on the number of messages sent split by total attachment size.

Getting more granular/specific information

Q Can I generate a report that is different from the out-of-the-box dashboards?
A Yes. You can to can export data to CSV so that you can manipulate the raw data in a spreadsheet or BI tool. This export provides all the data that is powering the dashboard, allowing for much more analysis that is shown in the dashboard alone. When downloading data, date filters applied to the dashboard also apply to the data export.

Q How can I generate reports on individual departments?
AYou can create custom reports in your preferred reporting tools by matching the data exported from Insights with the email addresses of employees from individual departments.

Q How can I see more detailed logs under the dashboard?
A While it is not possible to drill down to more detailed information directly from the dashboard, you can export the underlying data to view the individual records. Information on specific users can be viewed by searching for their email address.

Reports

Q How often is the dashboard data refreshed?
A The data is refreshed on a nightly basis which means that information displayed in the dashboards will be lagging by up to a day.

Q Why are the numbers in Insights different from the old statistics dashboard?
A Insights uses more refined definitions than the old statistics dashboard. Therefore, you should rely on the statistics in the new dashboards for greater reporting accuracy.