Banks are struggling with email. It’s no longer an immediate form of communication, for most of us it’s a massive headache, and most importantly it’s risky. It’s too easy to send something from the wrong email address, or to the wrong person. Content can
be leaked, or end up in the public domain. (Just ask Hilary Clinton, Michael Gove, or the Kremlin.) Anyone can download, print or screenshot
content. It might be hacked – not just from your email server, but from your recipient’s.
Essentially, once you send a message, you’ve lost control of both the email body and any attachments. Most companies still rely on email for most of their confidential and sensitive information.
For financial services companies this is particularly problematic. This is the sector most at risk of being hacked, or of human error causing a major security breach. Banks tell their customers never to trust an email disclosing or asking for confidential
information, while using the same channel to send sensitive materials internally.
Even encrypted email doesn’t meet the security or corporate governance requirements. You still can’t track what happens to emailed content once you’ve sent it. It doesn’t remain static, but could be passed from person to person freely, outside the business.
Confidential information can be – and regularly is - shared with unauthorised people, downloaded, posted online or sent to news papers.
The most common alternatives don’t look much better from a security or governance point of view. File sharing services like Dropbox have been subject to high profile hacks. Even messaging services like WhatsApp, which are encrypted, don’t address the issue
of how to control the distribution of content once you’ve sent it. WhatsApp is now owned by Facebook and hosts the servers that communications take place over. Facebook have already started sharing user data from WhatsApp for Ad targeting. The scope for which
Facebook can use data from companies owned within it network to feed it’s ad network is already giving cause for concern in the media.
There are ways to solve the problem. Have a clear policy on how you use email. Agree what content is ok to send on email, and what should remain firmly on your secured servers, within corporate control. Find an alternative to sending confidential information.
And don’t allow unsecured, unauthorised messaging apps to bypass these rules.
Email won’t go away completely. But it’s time to review how it’s used to share confidential information.