19 October 2017

44975

Retired Member

3,170Posts 11,344,648Views 3,405Comments

Email isn’t fit for purpose for sending confidential information

20 January 2017  |  5199 views  |  1

Banks are struggling with email. It’s no longer an immediate form of communication, for most of us it’s a massive headache, and most importantly it’s risky. It’s too easy to send something from the wrong email address, or to the wrong person. Content can be leaked, or end up in the public domain. (Just ask Hilary Clinton, Michael Gove, or the Kremlin.) Anyone can download, print or screenshot content. It might be hacked – not just from your email server, but from your recipient’s. 

Essentially, once you send a message, you’ve lost control of both the email body and any attachments. Most companies still rely on email for most of their confidential and sensitive information. 

For financial services companies this is particularly problematic. This is the sector most at risk of being hacked, or of human error causing a major security breach. Banks tell their customers never to trust an email disclosing or asking for confidential information, while using the same channel to send sensitive materials internally. 

Even encrypted email doesn’t meet the security or corporate governance requirements. You still can’t track what happens to emailed content once you’ve sent it. It doesn’t remain static, but could be passed from person to person freely, outside the business. Confidential information can be – and regularly is - shared with unauthorised people, downloaded, posted online or sent to news papers.

The most common alternatives don’t look much better from a security or governance point of view. File sharing services like Dropbox have been subject to high profile hacks. Even messaging services like WhatsApp, which are encrypted, don’t address the issue of how to control the distribution of content once you’ve sent it. WhatsApp is now owned by Facebook and hosts the servers that communications take place over. Facebook have already started sharing user data from WhatsApp for Ad targeting. The scope for which Facebook can use data from companies owned within it network to feed it’s ad network is already giving cause for concern in the media.

There are ways to solve the problem. Have a clear policy on how you use email. Agree what content is ok to send on email, and what should remain firmly on your secured servers, within corporate control. Find an alternative to sending confidential information. And don’t allow unsecured, unauthorised messaging apps to bypass these rules. 

Email won’t go away completely. But it’s time to review how it’s used to share confidential information. 

 

 

 

 

 

TagsSecurityRisk & regulation

Comments: (1)

Michael Wright
Michael Wright - Striata | Secure Document Delivery - London | 02 February, 2017, 14:08

Hi John, I have penned a counter point to your views on email in banks.

Whereas your views may be focused on the use of email internally - my views are focused on the use of email externally.

regards - Mike

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Retired's profile

job title
location
member since 2014
Summary profile See full profile »

Retired's expertise

Member since 2009
3119 posts3,405 comments
What Retired reads

Who's commenting on Retired's posts

Ketharaman Swaminathan
Dharmesh Mistry
Nicola Cowburn
Michael Wright
Charmaine Oak
Francis Chlarie
Raymond Lee
Deepthi Rajan
Melvin Haskins
João Bohner
Bob Lyddon
Urs Meier