We are used to email electronic documents to partners and customers containing business information. With more stringent regulations and legislation such as GDPR, the possibilities for this are more limited.
Transferring information that contains sensitive data requires an encryption that ensures that only the intended recipient is able to receive the information.
The most common way of exchanging information between organizations is today by email. Mail is basically based on an outdated technology that can easily be hacked. Additionally, the human factor makes many mail coming by way of departure. An email can very easily happen to be a completely wrong recipient even without anyone trying to make a problem.
Alternatives to sending information unencrypted in mail may be to introduce different types of encryption solutions that make the contents of the mail not read by anyone other than the intended recipient. However, this imposes the requirement that transmitter and recipient first agree on how this should be done and may mean that the work is perceived as much more difficult.
Use the customer portal instead of email
A good alternative to using mail to send sensitive information is to leave the information in a customer portal. The customer portal allows only defined users from the supplier and customer to log in via a secure login and then access the information.
This makes it possible to limit that the information does not happen to be sent to the wrong person or inadvertently forwarded by the recipient.
If the customer portal is designed to make all communications via SSL (encrypted web traffic), it is also ensured that it can not be intercepted.
Another effect achieved by this technique is that it is easier to ensure that it is the latest version of the information that the user reaches. Instead of mailing out new versions of documents that may then be misunderstood, clarity is created that the latest documentation is available in the customer portal.
Notification by email
But how should users know that there is new information to retrieve in the customer portal? The objection may be that the customer can not be expected to log in to check if there are new or updated documents at all times.
Therefore, use the mail to report that there is new information, without sending the sensitive information unencrypted. One possibility may be to let the user specify how they want to be notified of changes in the form of periodicity etc.
It is important that the email does not contain the secret information, but only information about an update. In the mail, there is a link directly to the information in the customer portal, which allows the customer with a simple click to get the customer portal in their browser with the current document in front.
Communication between customer and supplier will of course be secured in both directions. Even when the customer is to provide sensitive information for the supplier, the customer portal is used to upload this. For example, it can take the form of protected discussion forums, file areas per project or structured case management.
By consistently using the customer portal to transmit sensitive sensitive information, the risk of improper spread is minimized, and it allows for practical compliance, such as GDPR, etc. Correctly designed, the clarity of the customer portal not only increases security but also significantly enhanced collaboration.
Often collaboration between organizations takes place in the form of groups with several people in each organization. In the event that mail is sent with information that is then forwarded internally, there is a risk that everyone will not get the latest information. Alternatively, users who only have a certain interest will be flooded with mail, as they do not currently have an interest.