Are you considering secure email for your business? Don’t just think about the direct costs, but also the indirect costs that may come into play. In this blog, you will discover which factors determine the final price of secure email and how you can pay the lowest price.
What are the four most important price drivers?
The costs resulting from these four price drivers are direct costs and are shown on the invoice.
Number of users
First, you often pay the price of the secure email solution per user/per mailbox. The number of users is not always the same as the number of employees, so it is important to determine how many accounts need to be connected. It is advantageous to choose a solution that only charges for the number of users who are actually active. For example, if you agree on 500 users, but only 480 are active, would it matter to you if you only had to pay for the number of active accounts?
Sending large files
Are files larger than 40MB ever sent within your organization? If so, you may also need a solution that allows you to send files up to 5TB. You can choose to purchase a separate solution, such as WeTransfer for business. However, it is much more cost-effective to combine a solution for large files with secure mail from a single provider.
SMS costs
When sending secure emails, you also send SMS messages to recipients so that they can authenticate themselves. These costs may seem negligible, but if you have to pay 10 cents for every secure email sent, the costs can add up quickly.
SMS frequency
The NTA 7516 requires that the recipient be authenticated using two-factor authentication. This authentication can remain valid for longer. This depends on what your organization chooses; we recommend 90 days.
In daily use, you will send a maximum of four text messages per year to a non-NTA 7516 recipient. These are, for example, professionals who do not use a secure email solution themselves, patients who do not have a professional mailbox but a private mailbox, or healthcare professionals abroad. Ultimately, as an organization, you decide how often you want recipients to be identified. This is one of the choices where you can influence the price yourself.
Want to see our price structure right away? Click here for our pricing page
Free authentication?
If you want to avoid SMS costs, you can choose a different route. Consider an authenticator from Google or Microsoft, for example. Or think about setting up a PIN code. Agree on a fixed PIN code (e.g., postal code and house number) or send a unique PIN code after each email.
Why isn’t this the standard if it can save costs? In our experience, these solutions are not (yet) widely accepted in the Netherlands [Europe]. They raise questions among recipients, which means you will have to explain to your recipients how to open the email at least the first 2-3 times. This creates more work for you, which ultimately also adds to your costs. Our statistics on coronavirus-related traffic show that SMS is clear to virtually all users and raises few questions.
What internal issues cause costs?
In addition to the direct costs described above, there are also indirect costs. These costs often arise from internal issues. What choices can you make to ensure that you can save on these?
Your existing IT environment plays an important role here. Do you have an IT department where new functionalities can be rolled out easily? Or do you have a different license for each computer? Do you opt for a solution that uses a plug-in or a solution that links to the mail server?
Indirect costs of plug-ins
Many secure email solutions use plug-ins, such as plug-ins that can only be implemented in Outlook. Indirect costs arise from the additional management required: namely, you have to set up, arrange, and maintain things at each employee’s workstation. These solutions are often not suitable for emailing from mobile phones and do not work well with cloud workstations. It has also been reported regularly that these solutions do not work well in environments where other plug-ins are already used in Outlook. Finally, there are sometimes problems with, for example, collaboration with the Citrix environment. So, here’s a golden tip: if you opt for this type of solution, make sure you carry out a comprehensive POC in your own environment.
If you opt for a solution that links to the Exchange server or another email server, everything will remain the same at the employee’s workstation. You will not be bothered by maintenance or updates that need to be carried out by the IT department. But if you choose this route, you will need to arrange information security centrally.
Indirect costs of intensive decision support for users
If your organization chooses not to manage information security centrally, you are leaving the choice up to the user. This means that, in addition to their usual tasks, users also have to think about email security. This often involves various notifications and support in the form of questions such as: Do you want secure, do you want extra secure?
Which authentication methods do you want to use? Do you want to be able to withdraw the message? How long should it remain available? Do you think it contains sensitive information?
You can imagine that all of this disrupts your normal working routine. Imagine you work in accounting and are busy with annual accounts. You need to send an email to your client with an additional question about what the accounts look like and how certain items have been accounted for. You just want to be able to send an email without having to answer questions about information security.
What you often see in organizations where employees are presented with many choices is that few secure emails are sent. Apparently, employees are quick to opt out of security measures. And that can be very costly if it causes a data breach.
Recent research by Gartner shows that 74% of employees are willing to bypass security if it makes their job easier. It is therefore likely that if secure emailing is made difficult for the sender and recipient, most employees will easily opt for the unsecured way of emailing. And that is exactly what you want to avoid.
Centrally managed, it works as follows
Do you choose to work without plug-ins and let users do their work without having to make additional considerations? Then you are opting for central information security. As an organization, you decide which security measures are necessary for your users. Often, you will use multiple user groups: medical or legal data, confidential data, or a combination of both.
During implementation, your supplier can often help you carry out an information analysis and make the right, secure choices in just over an hour. This is ideal if you have a professional IT environment, where you already have most of this in place and can therefore integrate it well into your existing environment and processes.
All choices made when composing the email work like this
This is particularly suitable if you are a smaller organization or have less professional IT support at your current workplace, so you want everything in that secure email application. The recipient will then receive secure emails in a portal. To reduce costs, you can opt for 2FA methods other than SMS, such as Google Authenticator or a PIN code sent by email. This does increase the chance (by 40%) that the recipient will not open the email. This means that you have sent a secure email and think: I have communicated, but then almost double your workload because almost half of your recipients did not open the email.
If you opt for a solution that requires you to train your employees on how to use it, you should also take these indirect costs into account. Another indirect cost is the time it takes your employee to answer questions about the solution. The more complicated it is to open an email, the more questions the employee will receive. When looking for secure email solutions, therefore, also consider the situation from the recipient’s point of view.
Finally, there is the “unintended damage” to the communication experience. If your recipient is frustrated every time they receive an email from your organization because it is not easy to receive and read, you are creating a negative association with your customer every time. This is certainly not good for customer satisfaction.
How do you achieve low cost of ownership?
A good solution for secure emailing strikes a good balance between cost and functionality.
As we have just seen, there are direct costs, such as the number of licenses, additional features such as sharing large files and sending registered emails, and the biggest expense: the number of text messages sent.
The indirect costs can be managed by carefully assessing which IT environment suits you best:
If you are “not quite there yet” with security, it is a good idea to rely on a very complete product that manages everything in its own portal environment.
Are you professionally equipped, for example because you use modern, well-secured cloud workstations? Then you want to be able to work without plug-ins. This solution also ensures the lowest indirect costs, which can certainly add up in larger organizations.
Would you like to know more about this type of secure email solution? Request a meeting with our experts or ask for a quote. With SecuMailer, you choose:
A solution that does not change the way you work. Employees must be able to do their jobs. This prevents your employees from being distracted by additional tasks and questions that arise.
A solution that ensures that the email recipient receives the email directly in their inbox, where they want it. Not on a portal. Good for positive communication with patients, customers, and citizens.
Finally, you want secure mail to work everywhere. So you want to be able to send and receive emails from your phone as well.