5 reasons financial services must reevaluate security training to secure their outbound email

4 min read
5 reasons to reevaluate email security

5 reasons to reevaluate email security

The belief that there is no way of preventing human error-caused data breaches leaves your organisation at risk of big mistakes.

This interpretation of employee mistakes and outbound email is incorrect. Accidents caused by people can be avoided; but only when employees are provided with the right tools and training. 

Here are the top five reasons why your data loss prevention (DLP) strategy must prioritise real-time awareness training and innovative user-friendly tech to be truly effective.

Reason #1 - Email is here to stay

Portals, file sharing platforms, or data rooms are no replacement for email. In the face of a global pandemic, we’re relying on email more than ever. And, with more than 300 billion emails sent each day, mistakes are inevitable - and it only takes one for a major breach to occur. What could go wrong?

     Hitting reply all accidentally

     Using BCC incorrectly

     Spelling errors

     Adding the wrong attachment

     Replying to a phishing email

Even more startling? Around 29% of financial service employees have admitted to clicking on a phishing email at work. Consider the number of emails an employee in the financial services sector might send every day – with each having a risk of data loss or a leak attached. Now scale that up across 100s or even 1,000s of employees. Traditional security training not only skips human error caused issues but simply does not meet the needs of every single employee. That’s why training in real-time, to both secure outbound emails and teach best practice, is the best solution today.

Reason #2 - Emails remain at risk in transit

Financial services companies need to ensure emails are sent safely and securely with the right encryption methods so that they (a) aren’t intercepted and (b) reach the right destination. Around 12% of emails were sent unencrypted in 2020, according to Google’s Transparency Report - a huge issue for a sector built on highly sensitive personal and financial data.

Standard encryption methods don’t always do enough to prevent the possibility of data being intercepted. The basic security measure, STARTTLS, for example, attempts to deliver the email encrypted but, if this isn’t possible, will either deliver it unencrypted or fail to deliver it at all.

Reason #3 -Third parties can still access financial info

Next up is the issue of who holds the key that can unlock that data. If it’s anyone other than the sender and their intended recipient, the data still isn’t secure.

When scouting for an email security solution, it is vital to establish whether the provider holds the encryption keys; if they do, they can access your data - and so can any hacker who accesses their servers, or governmental organisations upon request.

Widely used email security products – including O365 and Gmail – retain access to your keys. To guarantee privacy, it’s an important aspect of your email security to prioritise.

Reason #4 - Your current solution might not do everything you think it does

O365, for example, may allow users to set DLP rules that scan emails for sensitive information - but often these are too rigid and aren’t dynamic enough to react to changing circumstances e.g. a global move to hybrid working.

Most “traditional” email security platforms protect against inbound and malicious security threats only, leading IT and security professionals to assume that data incidents resulting from human error are unavoidable. This misconception is where the real issue lies. A mix of real-time awareness training and user-friendly technology is the answer; and Zivver delivers exactly that.

Reason #5 - Bad email recall won’t stop data leaks

The two leading email clients today still don’t enable users to recall emails sent in error. O365 will only allow you to recall an email if the recipient is using O365 and hasn’t already opened the email; Gmail gives you the opportunity to ‘unsend’ an email, but only if you click the relevant button in under 30 seconds.

A birds-eye view of your email security 

Today, financial organisations can transform their weakest security link (their people) into their greatest defence. The solution is real-time training to instill best practice, without interfering in existing processes.

How does Zivver work

Disruptive in all the right ways, Zivver observes the content of emails and attachments to catch mistakes before they happen; automated notifications appear to alert users to potential security errors (incorrect recipients, misuse of BCC, missing attachments, confidential information etc) so they can act wisely before pressing ‘send’. Users maintain control after sending, with the ability to redact (quickly and effectively, with no stipulations), set expiration periods, and apply two-factor authentication (2FA) rules to ensure security.

Zivver integrates easily with Outlook and Gmail (including O365), adding an extra layer of security to your existing email client. Employees want to be wise to data breaches - and, with a 99% customer renewal rate, it is proven that employees want to use Zivver.

Zivver’s highly encrypted email security solution provides a birds-eye view of your email security, putting you in the best possible position to prevent data loss and protect information, balancing security with usability to keep your business communications moving without a hitch.

It’s time to revisit your email security strategy so that you have full oversight of the outbound email threat landscape. For a comprehensive lowdown on Zivver’s email security solution and how it can protect your business, read our guide to email security in the financial services industry, contact Zivver’s UK office on +44 20 3285 6300, or email contact@zivver.com.

Written by

Kate O'Neill

Originally published on July 21, 2021

Last update on August 4, 2021