Email security for financial services: the gap in your DLP (data loss prevention) strategy

4 min read
Email security for financial sector

Email security for financial sector

When it comes to data security, wealth management and insurance firms have a bigger target on their backs than most businesses. However, when strategising for data loss prevention in email, the focus for IT leaders traditionally remains on incoming and malicious attacks - leaving finance organisations open to the most common risk of them all; human error.

Human behaviour and email security

Unlike other aspects of data security, email security relies heavily on human behaviour, not just technological solutions. A secure platform is not enough: email users need to know how to use it correctly in order to keep their customer data safe.

In the wake of the pandemic, email has become an even more essential tool for businesses. Yet as digital communication links have rapidly developed in the last year, so too have the number of vulnerabilities that cyber criminals can exploit. To close these gaps, wealth management and insurance firms need solutions which combine secure technology with watertight email practices.

Why email is the biggest security threat to wealth management and insurance firms today

The pandemic has permanently changed the way businesses deliver advice and serve their clients. It’s also changed the way people work: our workspaces have moved away from offices and conference rooms towards a heavier reliance upon email, instant messaging, and video calling for sharing confidential information. Employees have adapted to working from home; however, with our days busier than ever, it’s inevitable that, occasionally, mistakes will happen.

Did you know that most email users are sending around 30-40 emails a day? Now think about the fact that the wealth management sector in particular deals with extremely confidential, high-profile and/or high net worth proceedings. Those 30-40 emails could contain information relating to a client's savings, investments, income and financial commitments.

The missing link in your email client

Email may be simple to use, but most employees are not trained to appropriately safeguard sensitive information of their own accord. The built-in security of email platforms fails to deliver sufficient protection against these ‘outbound’ email-borne security breaches, because traditional email systems do not make allowances for human behaviour. Likewise, many employees do not know how to recognise emails sent with malicious intent and take action, opening new opportunities for inbound threats missed up by the platforms' shields and filters.

High-value fraud attempts via business email compromise (BEC) continue to make it through O365's native security solutions, leaving firms more exposed to data breaches. These organisations often hold as much personal information, corporate data, customer information and financial data as banking institutions, despite having smaller budgets or a smaller-headcount on their security teams to ensure their digital perimeters are secure. As reported by The Financial Times, The Boston Private survey found only 31 percent of smaller family offices had implemented cyber security measures, versus 60 percent of larger operations.

In fact, most email security solutions today don’t account for outbound email security

The fact is that most of today’s security solutions focus on threat protection and are built to keep ‘inbound’ risks – malware, phishing attacks and spam – at bay, as these are consistently viewed as the biggest risks to email security. But when it comes to misdirected emails (reported by The ICO as the number one non-cyber security incident faced by businesses in the finance, insurance and credit sectors) it is clear that data loss via human error or more insidious insider threats are security risks that are consistently overlooked.

It’s not enough to focus solely on inbound threats and keep the attackers from coming in; businesses need to ensure they prevent sensitive data being accidentally or maliciously sent out. But why aren’t existing email security solutions doing this?

As we discussed in a recent blog, popular email service providers may have outbound email filtering rules – but these are often too rigid to adapt to evolving ways of working, and often depend heavily on IT teams having to constantly update and configure them.

When preventing data from entering the wrong hands, organisations have to address the biggest contributor to data breaches: human error. Outbound emails accidentally sent to the wrong recipient, with the wrong document attached, with the wrong person cc’d, often result in a data breach, resulting in reputational damage, penalties due to a failure to comply with data compliance laws and a financial loss in more ways than one.

Business leaders must question; do their existing security solutions protect day-to-day communications from inevitable human error?

Enhance your outbound email security with Zivver

Where traditional email security fails, Zivver provides a purpose built solution to protect the daily communications on which financial organisations depend. Zivver helps increase resistance to both inbound and outbound email threats. Not only will the system automatically detect and prevent common mistakes before emails and files are sent, but it ensures data is properly encrypted with access with 2FA, and can’t be intercepted. Easily integrated with Outlook and Gmail, providing a more reliable solution to email recall if needed. Zivver provides organisations with a birds-eye view of their email security, allowing them to scope out and prevent data leaks and attacks coming from any direction.

For more info on how financial services companies can protect their companies against outbound email security threats, read Zivver’s guide to email security in the financial services industry, contact Zivver’s UK office on +44 20 3285 6300, or email


Written by

Kate O'Neill

Originally published on June 30, 2021

Last update on June 30, 2021