Security

A light blue security lock with data pixels flying to the right side on a dark blue background
Danger for Data, Part One: 7 Back-End Breach Risk Factors 786 310 Bob Janacek

Danger for Data, Part One: 7 Back-End Breach Risk Factors

According to the Identity Theft Resource Center’s 2022 Data Breach report, 1,802 data compromises were reported in 2022 in the United States, just 60 shy of 2021’s total. That number of data compromises translates to over 422 million affected individuals. Additionally, the average cost of a data breach worldwide in 2023 rose from $4.35 million to $4.45 million.

As such, many organizations want to know how they can reduce their data breach risks and which of their current processes put them most at risk. In the first part of this blog series, we will cover the top five risk-prone areas that developers and software engineers should be aware of. We’ll also discuss the causes and different types of data breaches that can occur within organizations.

In parts two and three, we’ll focus on people-oriented processes that put you at risk of a breach, following up with actionable tips, recommendations and data breach prevention tools for organizations to protect themselves and their customers’ data.

How Do Data Breaches Happen?

There are multiple ways data breaches can happen, including hacking, phishing, malware attacks, inside threats and weak security measures.

Hackers may take advantage of software and system vulnerabilities to gain unauthorized access to important information. Malware, such as viruses or ransomware, can infiltrate systems and steal data. Social engineering tactics, like phishing and baiting, involve deceiving individuals into revealing their login details. Insufficient physical and network security measures, weak passwords and unpatched software can also lead to data breaches.

A minor vulnerability can turn into a major data breach catastrophe in the digital realm. Whether you’re a business, government entity or individual, the exposure of sensitive information can lead to costly complications.

Often, individuals underestimate the prevalence of modern security threats due to a lack of awareness. As such, it’s crucial to understand the different types of data breaches:

  • Ransomware: Malicious software encrypts user data, demanding payment for decryption.
  • Malware: Harmful software infiltrates systems to access, steal or manipulate data.
  • Phishing: Deceptive emails or messages trick users into revealing sensitive information or clicking on malicious links.
  • Password guessing: Hackers use trial and error to uncover weak passwords and gain unauthorized access.
  • Stolen information: Cybercriminals physically steal devices or data storage containing valuable information.
  • Recording keystrokes: Malware records user keystrokes to capture login credentials and sensitive data.
  • Distributed Denial of Service: Attackers flood a network with traffic, overwhelming it and causing service disruption.
  • Unauthorized access: This can occur due to weak passwords, compromised credentials or vulnerabilities in software.
  • Insider threat: This can occur when disgruntled employees misuse their credentials to compromise and steal data.
  • Physical theft or loss: This is associated with the physical theft or loss of devices such as laptops, smartphones or storage media.
  • Third-party breaches: Security vulnerabilities in third-party vendors, suppliers or services can expose your organization to data breaches.
  • Shared accounts: Sharing credentials or using shared service accounts makes it challenging to trace actions back to specific individuals, increasing the risk of breaches.
  • Structured query language injection: One of the most common types of data breaches is when an attacker injects malicious code that allows them to manipulate the database query and gain access to sensitive information.

These breaches exploit vulnerabilities to steal personal and confidential information or hold an organization hostage to extract a ransom. Data breaches ultimately lead to financial loss and reputational damage.

Back-End Processes Putting You at Risk

Your organization may be at risk of data breaches due to various system and application vulnerabilities. Some of the examples of these security vulnerabilities include:

1. Outdated, Legacy Systems

Legacy systems are tremendously costly. These systems often operate on outdated hardware and software, which can be challenging and expensive to maintain. The cost of finding replacement parts, skilled personnel and compatible software can add up quickly.

Costs aside, legacy systems pose an elevated risk of a data breach due to outdated code, obsolete standards and outdated methods and procedures. An example of this is the use of passwords in clear text and relying on a common service account for operational tasks. These vulnerabilities, combined with a scarcity of qualified personnel to maintain them, create an ideal environment for hackers to exploit.

Despite the risks, many organizations continue to rely on these outdated systems. The reluctance to update or replace isn’t from nonchalance — this is usually because the systems were created for a specific purpose. Removing them could lead to data loss or an inability for an organization to execute critical processes.

2. Vulnerable Data Access

Would you give the keys to your house to just anyone in your circle? Probably not, because you understand not everyone should have that kind of access. There is no reason for your college roommate to have your keys or your third cousin. If you wouldn’t give everyone unlimited access to your house, why would you grant every employee access to all the data in your organization?

Just as giving away house keys opens the door to serious problems, playing fast and loose with data permissions is risky, too. This isn’t merely because of the risk of malicious intent by insiders — which costs organizations an average of about $4.90 million in 2023, or 9.5% more than the average $4.45 million cost of a global data breach — but rather the much higher risk of sensitive data being mishandled internally.

So, just as you carefully limit access to your home, data permissions demand similar vigilance. Access control levels (ACLs) are crucial for granting appropriate access. Your team may need higher access levels, but sensitive data should remain off-limits to others.

It is important to periodically review access levels and question the necessity of those levels to minimize the risk of unauthorized access resulting from ACL misconfigurations, oversight or mishandling. These reviews should be conducted by a third party who is not involved in the security process.

3. Sloppy Code and Insecure APIs

As a developer, you are notoriously busy. There is almost always a new product or update to release in a tight timeframe while simultaneously fixing bugs and improving performance. High stress and low bandwidth can lead to errors slipping under your radar. If you aren’t given the time to rigorously test your code, your organization runs the risk of releasing a project with security holes, thus increasing the number of vulnerabilities and the risk of a data breach.

Vulnerabilities in your codebase and poorly secured APIs create opportunities for cyber assailants. These weaknesses could range from inadequate input validation to a lack of proper encryption. Flaws in your code and APIs can lead to unauthorized data access, manipulation or even full-scale breaches. The cost isn’t just financial — the aftermath might entail reputational damage and regulatory penalties. There are several real-life examples of data breaches due to insecure and unregulated APIs.

Knowing that big development projects are time-consuming and typically involve features outside of your bandwidth, you might consider using third-party APIs. This option can help curtail the time and financial burden associated with building a project from scratch, while you benefit from the expertise the API company brings. But don’t gamble on your data security — do your diligence and research your vendor and the API you’re planning to use before coding them in.

In short, selecting APIs that follow proper security measures is critical. APIs that use OAuth or SAML authentication, strong encryption such as AES 256 and TLS, and those with rate limits all reduce the risk of a breach. Choosing an API that uses a zero-trust model, while unfortunately rather rare, is also another best practice to enhance the security of your project.

4. No Protections for Data in Motion

Most people understand the risks associated with sending an email, including phishing, malware and ransomware, to name just a few. The topic of inbound email security is frequently discussed, but we’ll examine a less-discussed risk — sending sensitive information in an outbound email.

When you send an email, that message passes through many systems and network locations. Think of the process as traveling abroad. As a tourist, you would carry your driver’s license, insurance card, credit card and passport. If you are marked as a tourist, an experienced pick-pocket can steal these items without anyone noticing. But by taking steps to secure your belongings, such as with an RFID wallet clipped to your belt, your chances of theft significantly decrease.

Protecting your outbound data is a similar concept. Just as you’d act to secure your documents while traveling, securing any sensitive information sent from your systems is equally important. Like a pick-pocket, a capable hacker can intercept emails and access sensitive information before you even notice a problem.

Taking the proper measures to protect your sensitive data diminishes both the threat and impact of email interception. To enhance the security of your emails and safeguard against phishing and malware attacks, it’s crucial to utilize proper transport layer security (TLS) encryption, end-to-end encryption, S/MIME and secure email gateways. However, it’s also necessary to protect non-email-based data in motion, like electronic data interchange and web traffic. In addition to TLS encryption, you should follow other best practices, including SSL/TLS certificates, HTTPS implementation, virtual private network usage, multi-factor authorization deployment and network segmentation.

For instance, using an email encryption service renders the content in your exchanges useless to hackers, greatly decreasing the chance of a breach. Utilizing options such as secure emailcontent filters and customer channels for secure messaging can lower your risk and accelerate your business.

5. Lack of Encryption Between Frontend and Backend Applications

The seamless interaction between frontend and backend applications is crucial for smooth operations. However, overlooking the encryption of communication between these components can open a gateway for potential data breaches.

Cyber attackers can exploit this vulnerability through man-in-the-middle attacks, intercepting and tampering with the data flowing between frontend and backend systems. Organizations inadvertently expose sensitive information to prying eyes by failing to implement strong encryption protocols.

Unencrypted communications provide a fertile ground for hackers to eavesdrop, steal data or inject malicious code — jeopardizing the confidentiality and integrity of critical information.

6. Unpatched Software

Picture unpatched software as an unlocked door in an otherwise secure fortress — a glaring vulnerability that cyber adversaries are all too eager to exploit. When organizations neglect to apply timely software updates and patches, they inadvertently create a gateway for hackers to infiltrate their systems.

Hackers are adept at identifying known vulnerabilities in outdated software versions. They exploit these weaknesses to gain unauthorized access, manipulate data and even exfiltrate sensitive information. Think of it as a thief finding an unguarded entrance to a vault.

7. Security as an Afterthought

There’s a well-known phrase that says if you fail to plan, you plan to fail. Perfect examples of this include failure to assess overall risk factors and proactively identifying and addressing software vulnerabilities before they become an issue. Another back-end breach risk factor is falsely assuming that your organization is not susceptible to a breach. Building your solutions without security as top-of-mind invites hackers in and you’ll find yourself in a race against the clock to find uninvited guests in your production systems before they gain control of sensitive data.

Make no mistake — it’s not a question of if you’ll suffer a data breach, but rather, a question of when. Being proactive about protecting your systems and data is much better than being reactive.

Fortify Your Defenses, Choose DataMotion for Secure Data Exchange

In an interconnected digital landscape, your data’s safety is crucial. Our exploration of seven back-end breach risk factors underscores the urgency of modernizing data protection. Ignoring these threats may expose your organization to avoidable risks. Don’t let complacency compromise your security.

As you analyze your current practices, remember that prevention is key. Stay vigilant against data breaches by adopting cutting-edge data breach prevention tools. DataMotion offers a comprehensive suite of services — honed by two decades of experience — to fortify your digital ecosystem.

Contact us online for more information on how you can upgrade your data protection.

Be sure to read the other parts of this series:

Updated September 8, 2023

Join our Newsletter

Blue lock in shield surrounded by a blue circle and data points
DataMotion: A Zero Trust Model You Can Trust 786 310 Bob Janacek

DataMotion: A Zero Trust Model You Can Trust

It’s a safe bet to say that your organization is concerned about cybersecurity. Your IT team is likely well-staffed and has implemented the latest security tools, and trained non-IT staff on the ills that befall those who click on external links and attachments without checking. Your organization has trusted but verified, perhaps verified then trusted. But is the “trust but verify” standard enough? Are you really operating as safely as you could, or rather, should be in today’s cyber climate?

The answer is no. Let us explain.

A Tale of Two Strategies

I’d like to take a moment to discuss two of the more prominent schools of practice in IT security– “trust but verify” and “zero trust” (or “trust no one”).  To illustrate these examples, let’s draw upon a well-known bastion of high-stakes security—the White House.

“Trust but verify” focuses on a strong external defense through establishing a solid perimeter. The White House employs precisely that—the iconic iron fence, a no-fly-zone, bullet-proof windows (which cannot be opened), monitored alarm systems, and of course, the Secret Service detail. Your organization’s IT security architecture has likely built the equivalent of the White House perimeter, using firewalls, proxy gateways, system alerts, password requirements and vendor training. (Perhaps you also have a no-fly zone!) In theory and perhaps in practice, any external hackers are going to have a rough time accessing your organization’s data or compromising your servers or mainframe.

Reading this, “trust but verify” sounds sufficient on paper. However, the complacency zone is the danger zone, and this is where the “zero trust” concept comes in. You have a strong exterior, but what about your organization’s interior? Like the White House, your most valuable resource is also your biggest risk: people. Which takes us to our second concept, that of “zero trust” or “trust no one.”

Let’s go back to 1600 Pennsylvania Avenue. Once you (lawfully) gain access, you’ll find scores of people milling about, including legislative and household staff, guests from Capitol Hill, tourists, etc. While everyone has gone through a standard security check, ranging from a metal detector to an FBI background check, the Secret Service cannot afford the standard “trust but verify” approach, and must rely on “zero trust” as a consistent, elevated means of security.

Zero Trust is, at its core, an enhanced level of managing access, with hyper-awareness of who is on, and has access to, your network and data. For instance, while a White House intern or assistant has been vetted at hiring, and perhaps passed through a couple of checkpoints for that workday, does it make sense for that intern or assistant to have unfettered access to the Situation Room, or the Residence?  Should a tourist be able to simply walk into the Oval Office? And would just anyone have access to the President? Of course not. Vetting should not equal full access.

Back to your organization. Those who have access to systems, including company email and other communication tools are likely your staff, or trusted third parties, such as vendors and contractors. However, you’re not likely to hand over, say, a master list of security passwords to the Marketing team if they ask. Nor would you give a list of the home addresses and contact information of staff to a software vendor. Sure, you trust these folks, but do they need this level of access to sensitive information? We’ll go out on a limb and say no.

Essentially, trust but verify relies on a strong defense, vetting then trusting people and systems. Zero trust is an internal strategy, focusing on hypervigilance around not only system security compliance, but access.  Here at DataMotion, we abide by both.

Read More

Case Study: Health Insurance Technology Startup

eBook: The Guide to Protecting Data in Motion

A Service for Secret and Sensitive Information

In the United States alone, statistics reflect as many as 2,500 security breaches daily, with insider activity accounting for up to 58% of this number. (1)  An internal breach has various causes, including BYOD practices, malicious activity, carelessness, or from plain, old-fashioned ignorance or human error. Additionally, 52% of employees surveyed do not feel that sharing login credentials poses a security risk to their employer. (2) Whatever the cause, a zero-trust strategy greatly reduces your organization’s chances of an access-related security lapse.

Like the Secret Service, DataMotion employs the “zero trust” approach (albeit, for us it is sans earpieces and guns—for some of our customers, it’s both). We provide a strong, multi-layered, security-and-compliance-centered strategy for your organization’s secure exchange —here are a few examples of how we apply this concept to keep your data safe:

Zero Visibility We facilitate your secure exchanges, but our team cannot view your messages, data or documents. Ever. They are seen by the sender and the intended recipient; after that, your organization’s protocols come into effect.

Limited Physical Access Only those employed by the data center may access servers running our systems. Any third parties that require access for critical functions are authorized and under contract by the data center.

Key Management The DataMotion system automatically handles encryption key management, creating a secure, easy to use system in which the encryption seeds are unique to each message and megabyte (MB) of document exchanged between users.

Governed Data Access All actions are validated by the data layer before data is accessed. Application servers have no direct access to data tables, and have to ask “may I please” to interact with the encrypted data store. The type and scope of every request must be approved by the data layer, producing a “need to know” environment that greatly reduces the attack surface.

Separation of Duties Data breaches can occur when there is overlap between access to source code and production systems. At DataMotion, developers have access to the code, but not the systems, and our operations team has access to the systems, but not the code. There is no Venn diagram of access, thus greatly reducing risk.

Background Checks In addition to a series of interviews and reference checks, all DataMotion employees also undergo additional background checks when hired.

DataMotion’s zero-trust architecture is only part of protecting your organization’s data.  In addition to the steps we take behind the scenes, each exchange meets your industry’s regulations and requirements, such as HIPAA, GLBA, PCI-DSS, HITECH, GDPR, PIPEDA, FINRA, FERPA, CCPA and CJIS,ensuring that your securely-sent communications are fully compliant.

While we trust no one, we are pleased to be trusted by others, with the following certifications:

We are also, as of this writing, working on HiTrust certification.

DataMotion’s zero trust model helps achieve all these certifications and helps you, the customer, remain compliant with many different requirements and regulations.

Zero Trust in Beast Mode: Exchanging Securely with DataMotion

When the US President travels, he’s not flying commercial, nor driven around in a standard sedan. No, this is where secure transit is employed, including Air Force One and the Beast. And secure transit just happens to be our specialty.

The presidential limousine (dubbed “the Beast”) is no ordinary car—its many security features include eight-inch-thick, armor-plated doors, Kevlar-reinforced tires, a specially-encrypted phone, and a Secret Service driver that is highly trained to be prepared for any driving condition or maneuver. Given this level of security, the President has excellent odds of travelling safely from Point A to Point B and arriving unscathed.

Your organization’s secure data and documents shouldn’t have to fly coach, nor be strapped into a 1960 sedan. DataMotion’s zero trust, security-first design is like the Beast—while we might not use Kevlar tires or armored plates, we do have the technological equivalent in our FIPS 140-2 encryption and our governed core (with need-to-know control and full activity reporting) ensuring that your data and documents in motion and at rest in our system are protected and arrive unscathed on their journey from Point A to Point B.

We know that like the president, your data can travel anywhere at any time, so we have built this same Beast-mode level of secure exchange into our new DataMotion app (available in the Apple App Store).

Security in Plain Sight

Let’s take a final jaunt back to the White House, where members of the First Family will have Secret Service agents tailing them wherever they go. If you are a teenager with a detail, chances are you’re going to try to give them the slip because let’s face it, it’s hard to blend in when you’re followed around by a bunch of serious-looking guys in suits. However, that same teenager will likely be more amenable to having their detail around if the suits are replaced by jeans, khakis and maybe a concert tee shirt. This way, the teen feels more at ease, and there are still layers of security surrounding the teen while they are in motion (or “on the move”) but blending in better.

This principle applies to DataMotion’s philosophy that security that is transparent is used. If it’s clunky or requires several additional steps, no matter how well-meaning or earnest an employee may be, bypassing security protocols might be the easiest way to quickly send documents and data, putting your organization at risk. Unobtrusive, transparent security is the way to go, enabling an employee to easily follow protocol and keep your data secure.  DataMotion’s APIs can easily integrate into any workflow, offering a seamless, frictionless experience for your staff and clients, keeping people productive and data secure.  By leveraging a zero trust architecture that offers a smooth experience, you have just elevated your organization’s security and productivity. We’d call that beauty and the beast.

There you have it. You’ve likely realized that the trust but verify approach, while providing a high perimeter, doesn’t do anything for your organization’s soft underbelly. We encourage you to leave your cybersecurity comfort zone, learn more about DataMotion, and about how our security-first approach can benefit your organization and clients.

Still have questions? Send us a note.

 

Sources

  1. Insider Threat Statistics on Data Breach (pilixo.com)
  2. Insider Threat Statistics: The seriousness of insider threats, intentional or not (isdecisions.com)

Join our Newsletter

Hand holding a phone with data on the screen and a lock hovering above it
The Role of a Secure Channel in an Omnichannel Strategy 768 303 Bob Janacek

The Role of a Secure Channel in an Omnichannel Strategy

In previous blogs, we’ve touched upon how using an omnichannel strategy is a great way to provide a better experience for your customers. We’ve also discussed that an integrated, secure email channel is missing in most omnichannel experiences. However, we’ve yet to really dive into the demands for omnichannel and the benefits of successfully implementing the strategy, or provide a real-life example of how a secure channel in your omnichannel strategy can elevate customer experience and make things easier for your organization.

We’ve all heard it before — putting all customer interactions in one place allows you to provide an excellent experience and makes your job easier. But do you know the omnichannel data that backs this up?

Introduction to Omnichannel Strategy

An effective introduction to omnichannel strategy begins with understanding its fundamental concept — the integration of multiple communication and distribution channels to provide customers with a seamless and consistent experience. Today’s consumers expect a unified and cohesive brand experience across various touchpoints, whether a physical store, website, mobile app, social media or even customer service. The success of an omnichannel strategy lies in breaking down silos between channels and departments to improve brand consistency, streamline operations and enhance customer satisfaction.

Benefits of a Secure Channel in an Omnichannel Strategy

Secure channels are integral to the success of an omnichannel strategy, offering a range of invaluable benefits. When customer information is protected, your company will enjoy better customer satisfaction and long-term success.

A secure channel’s significance lies in safeguarding customer trust, reputation, financial stability and legal compliance. With secure channels in your omnichannel strategy, you can use your omnichannel for heightened customer experience management.

Here are a few of the benefits you can expect when you use a secure channel:

  • Improved data security: Secured channels help protect sensitive customer data, which is essential to building and maintaining customer trust.
  • Improved regulatory compliance: Many locations have strict data privacy regulations — one example is the California Consumer Privacy Act. Secured channels help businesses comply with these regulations.
  • Customer trust: Security breaches can severely erode customers’ trust in the business’s ability to keep their sensitive data safe. This lack of trust can severely damage a company’s reputation and loss of business.
  • Fraud prevention: Secured channels are essential to preventing fraudulent activities, such as identity theft or unauthorized transactions.
  • Competitive advantage: Customers are more likely to choose a business that they trust with their data.
  • Unified customer experience: Your customers will enjoy a seamless experience across multiple channels, resulting in improved satisfaction and retention.

Examples of Secure Channels

Secure channels encompass a variety of technologies and practices that safeguard data and communications for your company and customers. Here are some secure channel examples you might invest in:

  • Encryption: Use encryption protocols like SSL/TLS for web traffic, end-to-end encryption for messaging apps or data-at-rest encryption to protect stored data. DataMotion offers secure digital engagement solutions, including secure messagingsecure forms, and secure document exchange, that allow for secure communication between your business and its customers.
  • Virtual private networks (VPNs): VPNs establish encrypted tunnels over public networks, ensuring secure and private data transmission for remote access.
  • Multi-factor authentication (MFA): MFA requires users to provide multiple forms of verification — passwords, biometrics or tokens — before granting access, enhancing security significantly.
  • Secure Sockets Layer (SSL) certificates: SSL certificates validate website authenticity, ensuring users connect to legitimate and secure web platforms.
  • Firewalls: Network firewalls filter incoming and outgoing traffic, protecting against unauthorized access and potential threats.
  • Secure messaging platforms: Messaging apps with end-to-end encryption, like DataMotion’s secure message center, keep conversations private.
  • Tokenization: Replacing sensitive data with non-sensitive tokens reduces the risk of exposing valuable information.
  • Secure cloud storage: Cloud providers with robust security measures, such as encryption at rest and in transit, safeguard data stored in the cloud.

Balancing Convenience and Security for Regulated Industries

Providing an excellent and secure omnichannel customer experience in financial services and other regulated industries is equally important as in retail or e-commerce spaces.

In fact, DataMotion conducted a survey to hear what IT and Financial Services Executives have to say about their own company and their customer communications. Almost half complained about inefficient workflows involving fax and postal mail. They also expressed complaints over limited ways to interact with their customers while maintaining regulatory compliance and the multiple user IDs needed to access their legacy methods of secure document exchange or email encryption. Unsurprisingly, this survey also revealed a desire to see all interactions with their customers in a unified interface.

The push for an omnichannel strategy and seamless interactions in regulated industries has only grown since this survey. If not just because of social distancing and the coronavirus halting face-to-face business and pushing for all interactions to take place digitally, but also because of the generational shift and increasing influence of Millennials and Generation Z.

These generations don’t just want businesses to be “digital-first” — they prefer to do business with vendors whose digital experience is polished and slick. If they have a problem with a transaction, a question about their bank statement or something else, they expect to be able to easily exchange messages and supporting documents digitally in their customer app to get their questions answered. If their problem-resolution experience is difficult, time-consuming or requires too many steps, consumers from these generations especially will not hesitate to take their business elsewhere.

Investing in secure channels for your omnichannel strategy allows your business to maximize convenience for customers and staff while safeguarding sensitive data. You will gain a competitive advantage, and bring a superior experience for all.

Ensuring a Secure, Frictionless Customer Experience

So, tying this all back to omnichannel, how can we meet these demands for a frictionless, digital-first customer experience without sacrificing security and compliance for those in regulated industries? We need to make the customer app or portal part of this omnichannel strategy and allow simplified and secure exchanges of sensitive information between your customers and internal customer service agents.

This experience needs to be native in the app. Your customers shouldn’t have to receive a secure email from their bank, and then be taken outside of your app to some other portal to access it. Why is this? Because your employees, and especially your customers, do not want to deal with any extra logins or portals – they should be able to send, receive, and review messages and documents, even those containing sensitive data, in a seamless and natural way.

How can we accomplish this? By using application programming interfaces (APIs) to integrate a messaging center behind the login of an organization’s application, customer portal, or mobile app, we can allow all of these interactions to occur in one place. With DataMotion’s secure message center, you can natively integrate the system that your customer care agents use with the portal and mobile app that your customers use – allowing simple, secure and compliant exchange. Your agents and customers can then easily initiate, retrieve and review sensitive exchanges from within the interface they’re already using.

A Real-Life Example of an Omnichannel Strategy in a Regulated Industry

Instead of diving into the details of how a secure message center can fit into your omnichannel strategy, what it is, and how it works, it would be better to provide you with a real-life example.

Below is an actual graph of an integrated message center in use by a large wealth management firm with over 2 million customers. They actively use our secure message center, peaking at about 100 API calls per second. On the left-hand side of this graph, you can see that they reach about 750 new messages or documents per hour. These are messages that are exchanged between the organization from their internal support systems and customers that are logged in to their customer app.

Graph of messages/documents exchanged per hour
Graph of message center access per hour

Over time, individual customer repositories or message folders continue to grow with exchanged messages and documents. This turns a customer’s message center into a personalized knowledge base of their relationship with the organization. In fact, on the right-hand side of the graph, you can see message center access peak at 14,000 per hour. So, for these 750 message exchanges per hour, customers are referring to prior exchanges over 18 times to 1 over sending a new message. They’re often able to find the answer they need in a prior exchange before asking a new question.

There are also other benefits of implementing this secure message and document exchange, which cannot be seen in the above graph. First, this organization’s customers are using the message center twice as much as they were the year before. Despite this increase in usage, the number of support requests that the organization now receives from its 2+ million customers has dropped by 30%. Not only that, but since the beginning of the year, the average size of messages has tripled, indicating that more documents are being attached and exchanged digitally.

So, as the usage of this private message channel grows, the repository of prior exchanges grows, and the customer’s relationship with the organization grows as well. This is because their customers rely on and trust this channel to get answers to their questions – it becomes a familiar touchpoint to them. Not only does secure message center allow this organization to provide a superior customer experience, but this knowledge base aspect has also allowed them to increase the retention of their customers as well.

In Summary

Let’s summarize the key points we covered in this blog:

  • Implementing an omnichannel strategy is important for improving your customers’ experience and helping you retain customers in the long run.
  • Customers are demanding efficient, secure and frictionless experiences with the organizations that they do business with, including those in regulated industries.
  • Secure exchange in your customer app or portal helps you provide a superior customer experience and allows you to make your agents’ job easier, create a personalized knowledge base of information for your customers, and improve customer retention.

Transform Your Omnichannel Strategy with DataMotion’s Secure Message Center

Invest in quality and compliant omnichannel security with DataMotion’s secure message center. Our state-of-the-art platform ensures your sensitive customer data remains confidential and protected across all communication channels. Whether you’re engaging with customers through email, websites, mobile apps or messaging apps, our secure message center guarantees end-to-end encryption and robust security measures.

By choosing DataMotion, you’ll enhance your omnichannel interactions’ security and build lasting trust with your customers. Don’t compromise on data security — take the proactive step to safeguard your omnichannel strategy. Put your data in safe hands by contacting us today.

Updated November 1, 2023

Are you interested in adding a secure channel to your omnichannel strategy?

Learn more about our secure message center to get started today!

Request a Demo

Join our Newsletter

COVID-19 icon
Securing Customer Data Amidst the Coronavirus Push for a Greater Digital Experience 560 221 Bob Janacek

Securing Customer Data Amidst the Coronavirus Push for a Greater Digital Experience

As we enter into our fifth month working from home during the Coronavirus Pandemic, we felt it was a good time to discuss the impact the virus has already had on some businesses and what lasting impacts it will likely have on businesses and organizations in the future – especially when it comes to improving the digital experiences they offer their customers. We sat down with DataMotion CEO, Bob Janacek to hear his thoughts on the topic. Our questions are in bold.

First things first, I hope you and your family have been staying safe and healthy during this time. Like many other organizations throughout the country, DataMotion has been working from home the past several months. Can you elaborate on how the Coronavirus impacted the way the company works and communicates with one another?

Bob Janacek: Fortunately, DataMotion has always been a cloud-first company, both in our product offering and also in the way that we run our business.  Our customers utilize our cloud-based APIs and software as a service from anywhere, so that hasn’t changed.  And as a company, our employees use cloud-based services to get their work done.  We’re heavily invested in Microsoft’s cloud stack, including Office 365, Teams and Dynamics 365.  Those work just as well for employees working from home as they do from the office.

It sounds like there was a relatively seamless switch for the company to remote communications. I can imagine that some companies, such as those that frequently have in-person interactions with customers and clients, had some trouble adjusting the way they communicate internally and externally. What kinds of challenges have these companies had to navigate?

Bob Janacek:  States have implemented various restrictions to increase social distancing and help combat the spread of the Coronavirus.  Among our customers, especially for those in financial services, insurance and healthcare, the most disruptive event is the reduction or elimination of face to face visits. So, business that used to get done in person, such as opening up an account or CD in a bank branch, or face to face interaction with an insurance agent, is difficult if not impossible. This makes it harder for customers to do business with these organizations, damaging their brand and reputation, and affecting their bottom line.

Can you give an example of a customer that DataMotion helped modernize and secure the way they do business in response to the Coronavirus?

Bob Janacek: We’ve helped a wide variety of enterprises during the pandemic, ranging from financial services firms in the wealth management, consumer loan and retail banking sectors to healthcare companies providing services for clinical trials, pharmaceutical benefits and care coordination. In each case, they turned to DataMotion to make it easier to do remote business with their customers. The most common use case is API integration of our DataMotion PaaS to add secure message and document exchange after the login of their customer portal or mobile app, and inside the CRM and contact center solutions their employees use to service their customers.

So, based off of this customer story and other stories that you can think of, what tips or best practices can you give for other companies who are still trying to find a way to do business in this challenging environment?

Bob Janacek: Living through a pandemic is understandably causing people to experience a great deal of stress, hardship and uncertainty. Organizations that are easy to do business with, especially in these challenging times, reduce customer stress, build their loyalty and position themselves to grow. There’s been a lot of talk about the things businesses need to do to adapt in the current and post-pandemic world. Having a high competency in doing business remotely is often at the top of this list. Many leading organizations are taking this opportunity to up their customer experience by offering simple, remote, digital ways for their customers to do business with them.

So far, we’ve talked mostly about how companies have reacted, or are currently reacting, to the shift to work from home that the Coronavirus has caused. Let’s look a little bit into the future now – what permanent changes do you foresee the coronavirus having on the way organizations work and communicate in the long term?

Bob Janacek: The need to remotely support and do business with customers is not going away. Younger generations of consumers expect a mobile-first relationship with their suppliers. We’ve seen the pandemic force companies out of their comfort zone and reimage their business processes for a digital future. This will serve them well in today’s environment and for years to come.

Is there anything organizations can do now to start preparing for these changes?

Bob Janacek: Organizations need to look at their existing workflows and processes and determine which ones can be modernized or at least be offered as a digital alternative. Legacy processes including courier, postal mail and fax are slow and expensive, and can typically be replaced or supplemented by digital equivalents. This is especially effective for organizations that already have a customer-facing app or portal. In this case, offering a richer digital experience accelerates business process, reduces costs, and increases customer retention and revenue recognition.

So, you talked a little bit about a push for greater digital experiences. In recent months, Telehealth visits have become the new norm – do you think this is something that will stick after the coronavirus has subsided?

Bob Janacek: Absolutely. Between driving, parking and waiting rooms, we’ve all spent hours to receive ten minutes of time with a doctor. Telemedicine brings convenience to routine care. It also makes it easier for care encounters to occur, allowing patients to receive care and be monitored more frequently, resulting in better outcomes.

With these visits happening virtually, it’s likely that there’s an increase in doctors and nurses needing to send medical records or other information to patients through some sort of online channel. Are there any issues to look out for in this situation?

Bob Janacek: Telehealth visits often generate clinical information that must be shared with the patient and the patient’s primary care provider. Since this data is covered under privacy regulations such as HIPAA, care must be taken to exchange this information in a secure manner. Physicians typically use an EMR system and prefer to receive this information electronically using Direct Secure Messaging.  This is a secure message exchange protocol built into EMR systems that’s designed to replace fax, saving time and money by importing clinical data in digital form. Patients will typically receive their results in a patient portal or through a HIPAA-compliant secure email system.

Do you have any other thoughts on any of the topics we discussed that you would like to share?

Bob Janacek: Yes, absolutely. We’re seeing a paradigm shift in consumer expectations, driven partly by the pandemic and social distancing, but also by the digital-first, smartphone-first generations of Millennials and Gen-Z’ers. Organizations that evolve to meet and exceed the expectations of their customers will grow and thrive, while those that stick to traditional legacy methods will rapidly fall behind. We’ve seen this disruption happen to eCommerce firms, and there’s no reason to believe that it won’t happen to every firm that services consumers. The expectations of customers are high, as is the need to provide a superior customer experience. For many organizations, supplementing traditional business processes with modern digital equivalents isn’t just a nice to have, it’s absolutely necessary for their growth and survival. Those organizations that have mastered doing business in a remote, digital way, while providing a superior customer experience, are well positioned to grow and thrive today and in the future. It’s a small expense that generates big returns.

As we finish up the interview, I have two more, fun questions to ask. First, are there any new activities or hobbies that you’ve picked up to keep yourself busy during quarantine? 

Bob Janacek: Funny you should ask. At the urging of my son, I’ve set up a three-hole disc golf course around my property.  It’s good to get outside and have a little family competition, but I’m getting beaten regularly because my son is home and has a lot of time to practice. I’m home too, but my time is usually spent on the computer working remotely.

My final question, what’s the number one thing you are looking forward to doing once all quarantine restrictions are lifted?

Bob Janacek: I’m looking forward to freedom.  The ability to go anywhere and visit anyone without restrictions. That would be amazing. It’s the simple things, sometime, that mean the most.

Looking to take the next step to provide a greater digital experience while securing customer data?

Contact Us

Join our Newsletter

Row of locks with a large red lock in the center
5 Signs Your Self-Service Portal Needs a Secure Message Center 600 237 Christian Grunkemeyer

5 Signs Your Self-Service Portal Needs a Secure Message Center

5 Signs your self-service portal needs a Secure Message Center

  1. You are a financial services, insurance or healthcare company
  2. You have a self-service portal or app
  3. Your customers want to use email and share documents and secure messages electronically
  4. Your employees need to manage inquiries from a single desktop
  5. Security and privacy regulations require it

You are a financial services, insurance or healthcare company

Exchanging sensitive, regulated information with your customers is required to resolve many contact center inquiries and cases. Whether it’s answering sensitive questions, exchanging completed forms, supplying supporting documentation or exchanging a medical record – to resolve customer issues, you need to accelerate and track actionable communications supported by documents that may contain PII and or PHI. And that must be done in compliance with privacy and security regulations.

You have a self-service portal or app

You already provide customers a secure, self-service portal  or mobile application which gives them access to a wide range of information and services they can utilize to get more value from their relationship with you. That’s excellent – but when they get stuck and need to contact support – what options do you offer to secure message, email or share documents necessary for a streamlined resolution? If you limit their choice to out-of-band options (call us, fax us or send us a letter), or if you put restrictions on what they can discuss or share (“email us – but no sensitive info please”) – your CX score will suffer. A recent report by IDC indicates that companies growing at high rates are focused on digital transformation and customer experience – so this REALLY MATTERS to your top and bottom lines.

Your customers are asking for it

Customers want to engage your organization using smartphones, tablets, and laptops – online and through your secure self-service contact center or mobile application. They want to use secure messaging, email, file sharing – and they need to trust you when asking financial or health questions, and when they are sharing their private information and documents. They don’t want to use yesteryear’s technologies – fax, stamps, FedEx or in-person delivery. They would prefer not to call your support number and wait in queue on hold. They want you to make it easy to process their requests and meet their needs thru safe, digital transactions.

Your employees need it

Productive employees are happy employees. Happy employees make happier customers. Happier customers do more business. It’s a virtuous cycle. If you limit the ways your employees can communicate and resolve customer issues – less of those things happen. Customers are disappointed with communication and info exchange options, employees are often left waiting on slower delivery processes, are transcribing information, or working in multiple systems to cobble together a resolution (or get a complete customer history view). If you light up an integrated secure message channel with document sharing capabilities in their contact center desktop – it makes their job less cumbersome – so productivity, happiness and growth can thrive. The virtuous cycle of business life. The wheel of good fortune. (There may just be an Elton John / Disney song in there somewhere….)

Security and privacy regulations require it

And…. that’s the sticky wicket. HIPAA, GLBA, PCI-DSS, HITECH, DPA, GDPR – all there for the right reasons – protecting your customers sensitive information is your obligation – but it sure adds a lot of friction to digitizing your business processes.

And that’s where a Secure Message Center delivers its fundamental value. It allows you to get all the benefits of integrated messaging channels such as tracked email with file attachments, webforms, eforms, native webmail interfaces – with contact center integration. It enables – an efficient flow of inquiry and resolution that moves your business forward, all while providing the trusted security and verifiable compliance your organization needs, and your customers expect.

So what is a Secure Message Center and how easily can it drop into your current ecosystem to light up a secure messaging, email and file sharing channel in your contact center? Happily, there’s no ocean to boil. Learn more about it here, or contact us with your situation – we exist to make implementing this light work for you, and the contact center experience better for your customers.

Learn more about the Secure Message Center
Learn More

Join our Newsletter

Blue globe, keyboard and numbers
Achieve Office 365 CJIS Compliance 1024 403 Christian Grunkemeyer

Achieve Office 365 CJIS Compliance

Moving from an on-premises Exchange server to Microsoft Office 365 (O365) can have numerous benefits. Microsoft promotes its cloud productivity suite to yield better collaboration, increased productivity and a reduced cost of ownership.  Many state and local government agencies eager for those benefits are making a move to the cloud with O365. According to Microsoft, approximately 5.2 million people use Microsoft Cloud for Government services including Azure Government, Office 365 Government, and Dynamics CRM Online Government, an impressive figure. However some government agencies need to access the FBI’s Criminal Justice Information Systems (CJIS) database to fulfill their mission. These agencies must achieve Office 365 CJIS compliance for security rules that restrict their ability to use O365 to exchange CJIS information, or CJI for short. This information must be protected in motion and at rest whenever it is outside a secure CJIS datacenter.  Specific rules and the entire FBI CJIS Security Policy are posted here.

According to its website, Microsoft will sign a CJIS Security Addendum for Office 365 CJIS compliance in states where they have established CJIS Information Agreements. At this time there are 26 states where Microsoft has a signed CJIS Security Addendum – the most recent being with Missouri (February 2017).   States that don’t have CJIS approval for O365 as of March 2017 include Alabama, Connecticut, Florida, Idaho, Indiana, Iowa, Louisiana, Maine, Maryland, Mississippi, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, North Dakota, Ohio, Oklahoma, Rhode Island, South Dakota, Vermont, West Virginia, Wisconsin and Wyoming.

While these states are not prohibited from using cloud services, they must be able to demonstrate Office 365 CJIS compliance if using those services.   For them to use O365 to transmit CJI and PII (Personally Identifiable Information), the following CJIS security policy sections must be addressed.

“5.8        Policy Area 8: Media Protection

Media protection policy and procedures shall be documented and implemented to ensure that access to digital and physical media in all forms is restricted to authorized individuals. Procedures shall be defined for securely handling, transporting and storing media.

5.8.1      Media Storage and Access

The agency shall securely store digital and physical media within physically secure locations or controlled areas. The agency shall restrict access to digital and physical media to authorized individuals. If physical and personnel restrictions are not feasible then the data shall be encrypted per Section 5.10.1.2.

5.8.2      Media Transport

The agency shall protect and control digital and physical media during transport outside of controlled areas and restrict the activities associated with transport of such media to authorized personnel.

5.8.2.1   Digital Media during Transport

 Controls shall be in place to protect digital media containing CJI while in transport (physically moved from one location to another) to help prevent compromise of the data. Encryption, as defined in Section 5.10.1.2 of this Policy, is the optimal control during transport; however, if encryption of the data isn’t possible then each agency shall institute physical controls to ensure the security of the data.”

When an agency moves from an on premise secure Exchange server to O365, emails containing CJI must be protected – and that is commonly done through encryption. While O365 does contain an email encryption capability, that encryption occurs after the O365 cloud receives the unencrypted data.  For those 24 states without a Microsoft CJIS Security Addendum, this is a violation of CJIS security policy. To achieve Office 365 CJIS compliance, the email must be encrypted before it arrives in the O365 cloud, and must remain encrypted until it is received or retrieved by the intended recipient.

One solution to this issue is to employ a third party email encryption solution designed to enhance the security of O365 and address the CJIS security policy issues.  Such solutions offer more depth in encryption features and capabilities and integrate well with the Office 365 suite of applications. To achieve this end-to-end encryption requirement, the email can be encrypted at the Outlook client using an encryption plug-in, and routed through O365 to the recipient, or to an email encryption platform in a CJIS compliant datacenter to await recipient retrieval. In this way – O365 can be adopted, while maintaining CJIS compliance for PII and CJI. You can learn more about securing email in Office 365 here.

Office 365 is a great tool and can offer state and local agencies many benefits – and with proper implementation can meet the stringent requirements for CJIS security.

Learn more about how we can help state and local agencies meet CJIS compliance requirements

Learn More

Join our Newsletter

Inside of a data center
Best Practices: Securing Data at Rest, in Use, and in Motion 1024 403 Team DataMotion

Best Practices: Securing Data at Rest, in Use, and in Motion

Sensitive business data is more vulnerable today than ever before. Corporate trade secrets, national security information, personal medical records, Social Security and credit card numbers are all stored, used, and transmitted online and through connected devices. The proliferation of valuable data provides cybercriminals with an increasingly wide range of opportunities to monetize stolen information and intellectual property. In addition, foreign governments and organized crime rings have embraced hacking as one of their most potent tools. Organizations are also at risk from insider threats and social engineering attacks. A negligent or disgruntled employee can expose confidential information even faster than a hacker if there aren’t adequate safeguards in place to prevent the accidental or intentional release of sensitive data.

Security is critical, but it can’t come at the expense of your ability to complete daily tasks. For over 20 years, DataMotion has led the information security industry in cutting-edge data and email security, providing pre-built solutions and APIs that offer flexibility, security, and ease of use while enabling compliance across industries. In this article, we’ll examine best practices around securing data at rest, in use, and in motion as well as how to conduct a holistic data security risk assessment. We will also show you how DataMotion’s secure messaging and document exchange solutions keep your data platforms safe.

The Three Critical Components of a Total Information Security Strategy

Data needs to be secured in three states: at rest, in use, and in motion. Each state presents unique security challenges.

Data at Rest

Data is considered to be “at rest” when it is stored on a hard drive. In this relatively secure state, sensitive information such as Personal Identifiable Information (PII), Personal Health Information (PHI), and otherwise confidential enterprise data is primarily protected by conventional, perimeter-based defenses such as firewalls and anti-virus programs. However, these barriers are not impenetrable, and a data breach is still possible. Organizations need additional layers of defense to protect sensitive data from intruders in the event that the network is compromised.

Encrypting hard drives is one of the best, most effective ways to ensure the security of your enterprise’s data while at rest. In the event of a data breach, your data will be rendered unreadable to cybercriminals, making it worthless. There are other steps you can take that also help, such as storing individual data elements in separate locations. This extra step greatly decreases the likelihood of attackers gaining enough information to commit fraud or other crimes. One way in which DataMotion mitigates risk in this area is through our zero-trust security approach, which goes beyond perimeter protection, offering high-level data security from the inside out.

Data in Use

We just spoke to the importance of strong data security measures, such as data encryption, when sensitive information is at rest. But data in use is especially vulnerable to theft, and therefore requires additional security protocols. This is because, by the “in use” definition, the data must be accessible to those who need it. The greater the number of people and devices that have access to the data, the greater the risk that it will end up in the wrong hands.

There are two major keys to securing data while in use. The first is to control access as tightly as possible. Not everyone in your enterprise will need access to every piece of data, and there should be data permissions and protocols in place. The second key is to incorporate some type of authentication to ensure that users are who they say they are and aren’t hiding behind stolen identities. This is known as multi-factor authentication (MFA) and can include one small extra step, such as a verification code being sent to an email address or a phone. This small step can be a giant leap toward improved data security.

Organizations also need to be able to easily track and report relevant information so they can detect suspicious activity, diagnose potential threats, and proactively improve security. For example, an account being disabled due to a certain number of failed login attempts could be a warning sign that a system is under attack.

Data in Motion

Data is at its most vulnerable when it is in motion and securing information in this state requires specialized capabilities and strong security. Our expectation of immediacy dictates that a growing volume of sensitive data be transmitted digitally—forcing many organizations to replace couriers, faxes, and conventional mail service with faster options such as email. Today, more than 333 billion business and consumer emails are sent and received every day.1

When you send an email, it typically takes a long and winding journey through the digital infrastructure at enterprises, healthcare organizations, universities, government facilities, and other network locations. Anyone with the right tools can intercept your email as it moves along this path, which is where the need for increased email security and secure email gateways comes in.

There are a number of effective ways to secure data in motion. The best method to ensure that your messages and attachments remain confidential is to transmit them through an easy-to-use data encryption platform that integrates with your existing systems and workflows. This not only prevents careless mistakes, but ease of use helps mitigate risky shortcuts. Users should be able to send and receive encrypted messages directly from their standard email service. More than 29% of organizations place this capability on their email encryption and customer experience ‘wish list’.2

Email is considered the largest threat to data security in most organizations and sending data and documents (especially those containing sensitive information) in an unsecured manner is risky business. Email is vulnerable to a number of types of cyberattacks, including phishing, spoofing, and spam. It is easy for hackers to steal sensitive data while it is en route from Point A to Point B. Encrypting data while in motion is an ideal first line of email security, as encryption will render stolen data unreadable to thieves. In addition to strong encryption, your enterprise should include security controls such as employee security training, secure email gateways (which act as a policy-based filter based on the rules set forth by an admin) and multi-factor authentication.

The encryption service your organization uses should be used for desktops and all user devices with data access. It is also important that the service offers and supports mobile email applications. It is reported that 59% of Millennials check their email using their mobile device3, but more than 39% of organizations currently using email encryption say the number of ways users can securely interact with them is limited.2

How can you further protect your data in motion?

Download our eBook.

Get the Guide

How to Conduct an Effective Risk Assessment

Unless your organization has recently conducted a data security risk assessment, the threat of a data breach is probably much larger and more immediate than you realize. Organizations often underestimate their risk because they believe all their sensitive data is contained within a few secure systems. They feel access to this sensitive data is restricted to only those who need it. This is rarely true.

Think about the situation from a workflow perspective. Do employees access corporate systems from their personal devices, or use company-issued devices to work from home? What happens when employees take their laptops on business trips? How is data transferred between devices or communicated to other stakeholders? Have you thought about what your customers or business partners do with sensitive files you send them?

Inevitably, information is going to end up spread across multiple devices and networks with varying degrees of security and risk. Before you can take effective action to mitigate your risk you need to identify where your risks of a data breach lie. You should conduct a thorough security risk assessment, starting with a data and email security review. Such a review will identify vulnerabilities within your organization and where they lie. This assessment should provide answers to core questions, including:

  • What types of sensitive data does your organization store, use, or transmit?
  • Who has access to this data?
  • Where, when, and why are they using it?
  • How is data stored when it is not in use?
  • Is data kept beyond periods stated in your data retention policy?
  • How is access to databases controlled?
  • What mechanisms are used to transport data?
  • What are the pertinent laws, regulations, and standards?
  • How is data shared in collaboration tools?

Once you have a solid grasp of the potential risks, we recommend that you work with data security experts to determine the steps needed to implement a total information security strategy. This strategy will likely include aspects such as a data retention policy, data sharing policy, an incident response plan, and implementing a policy based on the principle of least privilege.

Data vulnerability assessments should be truly holistic and not just look for threats within your organization for an effective risk management strategy. If your vendors have vulnerabilities, then your enterprise does as well. We recommend checking in regularly with your vendors about current and planned security protocols and exploring a vendor consolidation strategy. When checking in or vetting a single vendor as part of a consolidation strategy be sure to ask the right questions about security protocols.

Don’t wait for the risks to your data and email security to make themselves known; by that time, it will be too late to take any effective action.

Summary

Your enterprise data is incredibly valuable to both your organization and cybercriminals. Data security strategy should be high on your business process priority list. Leaving security to chance puts you at risk of joining the long and growing list of organizations that have learned painful first-hand lessons about data security, including Target, Home Depot, Anthem, the Federal Office of Personnel Management, and the National Security Agency.

DataMotion’s platform protects data at rest, in use, and in motion by offering ironclad security that includes military-grade encryption, a governed database, a zero-trust security approach, and data tracking and monitoring. Visit our website to learn more about how we can help your enterprise’s data and email security efforts or contact our team of security experts today for an introductory call.

1. The Radicati Group. “Email Statistics Report, 2021–2025.”
2. DataMotion. “Compliance Issues Plague Customer Engagement: Customer Engagement Trends in Financial Services and Insurance.”
3. HubSpot. “The Ultimate List of Email Marketing Stats for 2022.”

Updated April 12, 2023

Empower Your Connections, Safeguard Your Interactions. Contact Sales Today to Get Started.

Secure Digital Engagement Made Simple

  • 1
  • 2