How financial services can reduce the risk of a breach

By Rick Goud, CIO & Founder, Zivver

With so many communications being handled digitally, and new channels emerging almost all the time, it’s not surprising that data and information quantities have exploded. But these days, safeguarding data goes beyond strong encryption and defending against cyber attacks. For a number of reasons, many financial companies have yet to adopt a more holistic approach to communication security, which in turn can put sensitive data at risk.

For data security, wealth management and insurance firms have a bigger target on their backs than most businesses. However, when strategising for data loss prevention in email, the focus for IT leaders traditionally remains on incoming and malicious attacks, leaving finance organisations open to the leading cause of data incidents. According to ICO reports, these are most commonly non-cyber related issues.

In the wake of a widespread adoption of remote working, email has become an even more essential tool for businesses. Yet as digital communication links have rapidly developed in the last year, so too have the number of vulnerabilities that cyber criminals can exploit. To close these gaps, wealth management and insurance firms need solutions which combine secure technology with watertight email practices.

Remote working has permanently changed the way businesses deliver advice and serve their clients. The way we work has changed; our workspaces have moved away from offices and conference rooms towards a heavier reliance upon email, instant messaging, and video calling for sharing confidential information. Employees have adapted to working from home; however, with our days busier than ever, it’s inevitable that, occasionally, mistakes will happen.

Did you know that most email users are sending around 30-40 emails a day? Now think about the fact that the wealth management sector in particular deals with extremely confidential, high-profile and/or high net worth proceedings. Those 30-40 emails could contain information relating to a client’s savings, investments, income and financial commitments.

Outbound security is key

Built-in security of email platforms fails to deliver sufficient protection against these ‘outbound’ email-borne security breaches. Likewise, many employees do not know how to recognise emails sent with malicious intent and take action, opening new opportunities for inbound threats missed up by the platforms’ shields and filters.

High-value fraud attempts via business email compromise (BEC) continue to make it through O365’s native security solutions, leaving firms more exposed to data breaches. These organisations often hold as much personal information, corporate data, customer information and financial data as banking institutions, despite having smaller budgets or a smaller-headcount on their security teams to ensure their digital perimeters are secure. In fact, research revealed only 31 percent of smaller family offices had implemented cyber security measures, versus 60 percent of larger operations.

The fact is that most of today’s security solutions focus on threat protection and are built to keep ‘inbound’ risks – malware, phishing attacks and spam – at bay, as these are consistently viewed as the biggest risks to email security. But when it comes to misdirected emails (reported by The ICO as the number one non-cyber security incident faced by businesses in the finance, insurance and credit sectors) it is clear that data loss via human error or more insidious insider threats are security risks that are consistently overlooked.

It’s not enough to focus solely on inbound threats and keep the attackers from coming in; businesses need to ensure they prevent sensitive data being accidentally or maliciously sent out. But why aren’t existing email security solutions doing this?

Popular email service providers may have outbound email filtering rules – but these are often too rigid to adapt to evolving ways of working, and often depend heavily on IT teams having to constantly update and configure them.

Outbound emails accidentally sent to the wrong recipient, with the wrong document attached, with the wrong person cc’d, often result in a data breach, resulting in reputational damage, penalties due to a failure to comply with data compliance laws and a financial loss in more ways than one.

Business leaders must question; do their existing security solutions do enough to empower employees in protecting day-to-day communications? After all, preventing data leaks requires organisations to increase their focus on outbound email security, which includes preventing unauthorised access with two-factor authentication. If done in a way that is user-friendly, while also being simple to implement and maintain, financial organisations can unlock business value.