Blog article
See all stories »

Email isn’t fit for purpose for sending confidential information

Banks are struggling with email. It’s no longer an immediate form of communication, for most of us it’s a massive headache, and most importantly it’s risky. It’s too easy to send something from the wrong email address, or to the wrong person. Content can be leaked, or end up in the public domain. (Just ask Hilary Clinton, Michael Gove, or the Kremlin.) Anyone can download, print or screenshot content. It might be hacked – not just from your email server, but from your recipient’s. 

Essentially, once you send a message, you’ve lost control of both the email body and any attachments. Most companies still rely on email for most of their confidential and sensitive information. 

For financial services companies this is particularly problematic. This is the sector most at risk of being hacked, or of human error causing a major security breach. Banks tell their customers never to trust an email disclosing or asking for confidential information, while using the same channel to send sensitive materials internally. 

Even encrypted email doesn’t meet the security or corporate governance requirements. You still can’t track what happens to emailed content once you’ve sent it. It doesn’t remain static, but could be passed from person to person freely, outside the business. Confidential information can be – and regularly is - shared with unauthorised people, downloaded, posted online or sent to news papers.

The most common alternatives don’t look much better from a security or governance point of view. File sharing services like Dropbox have been subject to high profile hacks. Even messaging services like WhatsApp, which are encrypted, don’t address the issue of how to control the distribution of content once you’ve sent it. WhatsApp is now owned by Facebook and hosts the servers that communications take place over. Facebook have already started sharing user data from WhatsApp for Ad targeting. The scope for which Facebook can use data from companies owned within it network to feed it’s ad network is already giving cause for concern in the media.

There are ways to solve the problem. Have a clear policy on how you use email. Agree what content is ok to send on email, and what should remain firmly on your secured servers, within corporate control. Find an alternative to sending confidential information. And don’t allow unsecured, unauthorised messaging apps to bypass these rules. 

Email won’t go away completely. But it’s time to review how it’s used to share confidential information. 







Comments: (1)

Michael Wright
Michael Wright - Tilte, Taxd, Welleasy - London 02 February, 2017, 14:08Be the first to give this comment the thumbs up 0 likes

Hi John, I have penned a counter point to your views on email in banks.

Whereas your views may be focused on the use of email internally - my views are focused on the use of email externally.

regards - Mike

Now hiring