Aviva Zacks
Aviva Zacks of Safety Detectives had the distinct honor of interviewing Rick Goud, CIO & Founder of Zivver, and asked him about his company’s digital communication protection services.
Safety Detective: What motivated you to start Zivver?
Rick Goud: About six and a half years ago, I saw everybody using normal email, Dropbox, WeTransfer, WhatsApp, fax machines, courier, snail mail, insecure SaaS tools, or user-unfriendly portals to share very sensitive information. With GDPR coming up, I saw that that was not sustainable because those tools were not safe, secure, or user-friendly enough for people to use on a day-to-day basis. Then I noticed that nobody in the world had ever tried to solve that problem, and it was the starting point of Zivver.
SD: How does Zivver help protect digital communication?
RG: You don’t want sensitive information to end up in the wrong person’s hands or to rephrase, you don’t want a data leak.
Every European country has their own reporting system for companies to be reporting data leaks, and if you look at statistics and numbers since GDPR, the three countries that do that the best from a numbers perspective are Germany, The Netherlands, and the UK; those three countries combined have reported around 200,000 data leaks in total since GDPR. A significant number allows you to look at the actual cause of those data leaks, and if you look at them, you can see that only 5% to 10% of all the data leaks are caused by hacking, malware, and phishing in total. All the other causes of data leaks were an organization making a mistake.
Two weeks ago in the Netherlands, we had a very big data leak of one of the biggest construction companies when an employee accidentally sent an Excel file, which contained all the personal information of all their customers. She didn’t realize she had exposed a lot of sensitive data by sending an email with the wrong attachment.
The way our system contributes to a secure communication is that when you start to compose a message, we classify in real-time what you are doing—is it medical, legal, financial? Does it contain social security numbers or credit card numbers? We look at your emails and your attachments and we look at who you are sending it to. And we ask you if you are sure you want to share them.
The second one is security measures. When your email is very sensitive, like financial information leaving your organization, you want to make sure it is encrypted and ideally protected with two-factor authentication.
And the third one is the recipient itself. If we share very sensitive financial information on a daily basis, it is normal behavior, but if I suddenly share it with someone with whom I have never shared similar information, it is unusual behavior. We detect it while you’re typing, before sending, integrated into the interface with co-workers, helping people make better decisions by helping them select the right recipient, the right content, and the right security measures.
During sending we use encryption, ensuring that nobody besides the sender and recipient can access your data. This sounds logical but it is something that Google, Microsoft, Mimecast, Egress, and Proofpoint cannot do because while they encrypt, they also have your keys on their infrastructure which they need to offer their services. That makes them vulnerable to insider threats, attractive to hackers, and subject to governmental subpoenas.
We don’t have your keys. We’re one of the only companies in the world that are able to live up to that promise.
We provide authentication, so if you want to send very sensitive information via email, there’s no way to authenticate that the recipient is the only one that can access the data. While it is the only way to prevent unauthorized access, we provide it out-of-the-box. We provide you with the possibility to retract messages if you made a mistake, allowing you to see who already got your data so you know what your risks are. Then we log it all so the organization can understand the impact of errors and identify risks, which helps secure digital communication from the moment somebody starts drafting an email and every step on to delivery. We integrate it into Outlook, Gmail, Microsoft 365, and directly in source systems like Salesforce to enable people to communicate securely. Our decision support helps people to make better choices and safeguard against data leaks in every phase of the communication process.
SD: What types of companies and verticals does your company service?
RG: Every company that deals with private or business-sensitive information and typically shares that in an email, SharePoint, or Dropbox. But the more sensitive the data gets, the more valuable it is for those companies to have a solution in place.
If you look at our typical client base, we have healthcare organizations, central and local governments, insurance and other financial services companies, accounting and law firms, and in The Netherlands, every court, judge, and clerk uses our system to communicate to the outside world. We do not try to be a vertical-specific solution because we know that if you’re in a hospital you will also communicate with a lawyer, an accountant, the government, the local council, and a GP at your local corner.
We are a solution that typically has no boundaries in terms of geo, vertical, and company size. We have self-service customers. You can self-service if you have less than 50 employees in a couple of minutes. And we also have the entire Ministry of Justice and Security in The Netherlands including all the subsidiaries, totaling over 40.000 employees. We’re also in talks with big worldwide banks and accounting firms with 250.000+ employees.
SD: What do you think is the biggest threat to cybersecurity today?
RG: I think the biggest threat organizations have is that there is a big dependency on old technology, like email, or even fax and EDI messaging. However, that is difficult to change as you have to make sure that you align with the technology that the people you communicate with use, and that sooner or later there will be a break in functionality because the technology that we use now for digital communication is so old, they are not built for cybersecurity. Unless the market becomes more creative in finding solutions that allow communication without having to change the way your partners communicate, that will eventually be the bottleneck for digital transformation and will be the biggest cybersecurity risk.
SD: How do you see cybersecurity developing in light of the pandemic?
RG: Last year, every organization had to rush to digitization—I think 300 million people were active daily on Zoom in Q2 of last year. Microsoft Teams saw a growth of 900% in Q2. We saw organic growth of 60% of secure email as a company ourselves. But on the other side, we did see that business continuity was more important than building a business case and making sure it was secure.
With the pandemic, digital transformation has exploded in every company, but the level of information security and cybersecurity was left behind and now a lot of companies are trying to catch up.