Community
When speaking to IT professionals in the finance sector about email security, they are often unaware that the majority of data leaks are caused by employee behaviour. Latest security incident reports from UK privacy regulator the Information Commissioner’s Office (ICO) quantify the extent of the problem. Its Q3 and Q4 figures show that from 1 October 2020 to 31 March 2021, 60% of data leaks reported by finance, insurance and credit firms were caused by a non-cyber security incident: ‘Data emailed to incorrect recipient’, ‘Failure to redact’ and ‘Failure to use bcc’, for example, all three being human errors. This is in stark contrast to the common misconception that phishing and hacking are the main causes of data leaks.
Weak passwords and lack of two-factor authentication exacerbate outbound email’s security vulnerabilities, increasing the threat of unauthorised data access still further. Yet many companies believe their email is adequately secured, and that information shared by employees in an ad hoc manner, using a technology protocol that is over 50 years-old, is safe. It is this lack of awareness, combined with the latter misapprehension, that leaves many organisations vulnerable to a data breach.
Failure to combat human error and fortify email security can specifically result in:
So what can be done to address email’s extensive security shortfalls?
Applying strong encryption and strong authentication will significantly improve the protection of sensitive information sent via email. Doing so, however, is increasingly a challenge for the multitude of organisations moving towards the cloud, and using email systems like Office 365 Outlook and Gmail, as those systems don't offer the encryption that guarantees only the sender and recipient have the keys to access information. (We’re one of the few email security companies in the world that doesn’t have access to our customers’ decryption keys.)
Protecting the confidentiality and integrity of email messages
The very data financial services firms are built on is what makes them the most vulnerable. In fact,
access to personal information and sensitive financial data means that the finance industry suffers the highest penalisations and costs from data breaches. It has, therefore, never been more crucial for financial institutions to close all communication security gaps and overcome the day-to-day mistakes made by employees.
A good first step for finance and insurance firms is to employ the services of a trusted IT partner – ideally a specialist in email data protection – to identify all pre-existing email security gaps, some of which are, most likely, outlined above. By achieving a bird’s eye view of the digital communication approach used by every department, job role and individual employee, it will then be possible to set about fixing the shortfalls in outbound email security once and for all.
Companies we work with include UK mortgage lender Paratus AMC and international financial services company Achmea, helping them to securely send digital information to their customers and prospects, while also ensuring compliance with ever-changing data protection regulations such as the DPA 2018 and GDPR. This approach not only prevents financial penalties from regulators including the ICO, but also preserves brand reputation and customer trust.
Strike the right balance between security and usability
To secure communications with the greatest efficacy, organisations need to strike the right balance between security and usability; providing employees with the right tools to prevent accidental data leaks. Easy to use security solutions that are intuitive and seamlessly embedded into everyday working lives, will enable even the non-tech savvy employees within an organisation to participate in cybersecurity efforts. Our email data protection technology, for example, adds a security and privacy layer on top of existing email systems, such as Outlook (desktop and Microsoft 365) and Gmail – ensuring that staff don’t have to change their usual way of working.
Financial services firms should strive to become enablers; ensuring that the secure outbound email technology they deploy is security compliant, integrates into existing workflows, that it is familiar and intuitive for the people using it, as well as intelligent in helping people to make better and safer decisions.
It is our belief that employees are not risks to be mitigated, but key assets to be enabled. When employees are equipped with the right digital tools and understand how their behaviour impacts the frontline of email security, they become much more efficient at detecting scams, preventing data breaches, and protecting sensitive information.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Boris Bialek Vice President and Field CTO, Industry Solutions at MongoDB
11 December
Kathiravan Rajendran Associate Director of Marketing Operations at Macro Global
10 December
Barley Laing UK Managing Director at Melissa
Scott Dawson CEO at DECTA
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.