19 August 2017
John Safa

John Safa

John Safa - Pushfor Ltd

6Posts 38,141Views 0Comments

Email isn’t fit for purpose for sending confidential information

20 January 2017  |  5072 views  |  1

Banks are struggling with email. It’s no longer an immediate form of communication, for most of us it’s a massive headache, and most importantly it’s risky. It’s too easy to send something from the wrong email address, or to the wrong person. Content can be leaked, or end up in the public domain. (Just ask Hilary Clinton, Michael Gove, or the Kremlin.) Anyone can download, print or screenshot content. It might be hacked – not just from your email server, but from your recipient’s. 

Essentially, once you send a message, you’ve lost control of both the email body and any attachments. Most companies still rely on email for most of their confidential and sensitive information. 

For financial services companies this is particularly problematic. This is the sector most at risk of being hacked, or of human error causing a major security breach. Banks tell their customers never to trust an email disclosing or asking for confidential information, while using the same channel to send sensitive materials internally. 

Even encrypted email doesn’t meet the security or corporate governance requirements. You still can’t track what happens to emailed content once you’ve sent it. It doesn’t remain static, but could be passed from person to person freely, outside the business. Confidential information can be – and regularly is - shared with unauthorised people, downloaded, posted online or sent to news papers.

The most common alternatives don’t look much better from a security or governance point of view. File sharing services like Dropbox have been subject to high profile hacks. Even messaging services like WhatsApp, which are encrypted, don’t address the issue of how to control the distribution of content once you’ve sent it. WhatsApp is now owned by Facebook and hosts the servers that communications take place over. Facebook have already started sharing user data from WhatsApp for Ad targeting. The scope for which Facebook can use data from companies owned within it network to feed it’s ad network is already giving cause for concern in the media.

There are ways to solve the problem. Have a clear policy on how you use email. Agree what content is ok to send on email, and what should remain firmly on your secured servers, within corporate control. Find an alternative to sending confidential information. And don’t allow unsecured, unauthorised messaging apps to bypass these rules. 

Email won’t go away completely. But it’s time to review how it’s used to share confidential information. 






TagsSecurityRisk & regulation

Comments: (1)

Michael Wright
Michael Wright - Striata | Secure Document Delivery - London | 02 February, 2017, 14:08

Hi John, I have penned a counter point to your views on email in banks.

Whereas your views may be focused on the use of email internally - my views are focused on the use of email externally.

regards - Mike

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Latest posts from John

What is the future of Know Your Customer?

13 July 2017  |  8909 views  |  0 comments | recomends Recommends 0 TagsSecurityRisk & regulation

GDPR and the redefining of personal data

26 April 2017  |  6611 views  |  1 comments | recomends Recommends 0 TagsSecurityRisk & regulation

The real impact of the Vault 7 CIA data leak

09 March 2017  |  6340 views  |  0 comments | recomends Recommends 0 TagsSecurityRisk & regulationGroupInformation Security

GDPR means taking a hard look at communications channels

13 February 2017  |  5393 views  |  0 comments | recomends Recommends 0 TagsSecurityRisk & regulation

Why all banks will follow Deutsche Bank and ban insecure messaging apps

06 February 2017  |  5817 views  |  6 comments | recomends Recommends 0 TagsSecurityRisk & regulation

John's profile

job title Founder and CTO
location Wimbledon
member since 2017
Summary profile See full profile »
John Safa is the founder of Pushfor, a new secure messaging and content sharing platform for business. He is a tech entrepreneur and security expert.

John's expertise

Member since 2017
0 posts0 comments
What John reads
John writes about
SecurityRisk & regulation

Who's commenting on John's posts

Dharmesh Mistry
Nicola Cowburn
Michael Wright