Blog article

See all stories »

Channels

External | what does this mean?

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Email isn’t fit for purpose for sending confidential information

Banks are struggling with email. It’s no longer an immediate form of communication, for most of us it’s a massive headache, and most importantly it’s risky. It’s too easy to send something from the wrong email address, or to the wrong person. Content can be leaked, or end up in the public domain. (Just ask Hilary Clinton, Michael Gove, or the Kremlin.) Anyone can download, print or screenshot content. It might be hacked – not just from your email server, but from your recipient’s.

Essentially, once you send a message, you’ve lost control of both the email body and any attachments. Most companies still rely on email for most of their confidential and sensitive information.

For financial services companies this is particularly problematic. This is the sector most at risk of being hacked, or of human error causing a major security breach. Banks tell their customers never to trust an email disclosing or asking for confidential information, while using the same channel to send sensitive materials internally.

Even encrypted email doesn’t meet the security or corporate governance requirements. You still can’t track what happens to emailed content once you’ve sent it. It doesn’t remain static, but could be passed from person to person freely, outside the business. Confidential information can be – and regularly is - shared with unauthorised people, downloaded, posted online or sent to news papers.

The most common alternatives don’t look much better from a security or governance point of view. File sharing services like Dropbox have been subject to high profile hacks. Even messaging services like WhatsApp, which are encrypted, don’t address the issue of how to control the distribution of content once you’ve sent it. WhatsApp is now owned by Facebook and hosts the servers that communications take place over. Facebook have already started sharing user data from WhatsApp for Ad targeting. The scope for which Facebook can use data from companies owned within it network to feed it’s ad network is already giving cause for concern in the media.

There are ways to solve the problem. Have a clear policy on how you use email. Agree what content is ok to send on email, and what should remain firmly on your secured servers, within corporate control. Find an alternative to sending confidential information. And don’t allow unsecured, unauthorised messaging apps to bypass these rules.

Email won’t go away completely. But it’s time to review how it’s used to share confidential information.

9291