Making email security and DLP easier for financial services and their customers

4 min read
email vs online portal

email vs online portal

There’s a reason why we aren’t all sending important financial information via fax machine, snail mail or carrier pigeon. It’s because email is easy to use. It’s fast, reliable, and everyone understands it. So why should email security be any different?

The average office worker receives around 121 emails and sends around 40 on average each day - now consider a financial services company, which can have hundreds or even thousands of employees. All it takes is one slip-up, one misdirected email or wrong attachment circulated via outbound email, and your company could be at risk of leaking confidential data, resulting in lawsuits or a GDPR fine that could cripple your reputation and damage your bottom line.

More than most, financial sector companies need email security with effective data loss prevention (DLP). However, if they opt for solutions that add too much complexity to daily processes, employees will be tempted to cut corners, putting their company at risk with every confidential document they send. More importantly, these companies need to think about their customer experience; if they are having to jump through hoops, by signing up to client portals or remembering encryption passwords every time they need to access a secure message, chances are, they won’t stick around for very long.

So how can a financial organisation strike the balance between security and usability, for all involved?

Email security is complex by nature

There are three levels to email security: before sending (is this going to the right recipient?), during sending (can anyone intercept or view info in transit?), and when receiving (how can we know if it is delivered to the right recipient?). Any one of these stages can constitute a risk to your email security – the potential consequences of which we’ve previously outlined.

There’s a lot to think about when it comes to delivering an email security solution that can successfully secure each of these stages, whilst remaining easy-to-use.

By their very nature, achieving security is difficult, particularly if users need to take extra measures; for example, if a recipient is required to enter a mobile phone number so they can protect their data with a verification code, or if they need to correct an error in their email before sending. The challenge is making email security as friendly as possible, but with current solutions this isn’t always the case.

A better alternative to email encryption and secure client portals

Some firms might use encryption to manage documents. However if done incorrectly, this can add a whole heap of complexity to the process. For example, some email clients require two to three clicks via a submenu to encrypt a message, adding another layer of difficulty. Some firms might add advanced encryption to documents, meaning they have to manage hundreds of passwords for them. And how are these passwords passed onto the intended recipient? Via a potentially unsecured email, or course. Not to mention, so many email clients and security solutions still store encryption keys, which raises the real question - are your emails really encrypted if they can be accessed by a third party?

Another option could be a client portal that stores documents securely online. This allows financial services companies to provide a secure link instead of having to attach secure info directly to emails. However, the recipient would need to be able to access that information easily. If they have to sign up for an account and fill in a password every time just to receive messages from your company, recipients might not respond to the message or ask your employee to send it through a normal email. At that point, you’ve lost any of the security benefits that you were trying to achieve with the portal in the first place.

Marrying security and useability for advanced email security

If you make email security too complex and cumbersome, you’re driving a wedge between your company and your customers. What you really need is a way to protect email data securely without compromising on useability – giving customers security, without forcing them to create an account with a password attached every time you need to contact them.

Zivver is all about offering security and useability as two sides of the same coin. Our ultra-secure, highly encrypted solution detects and alerts users to potential mistakes before users hit send, whether that’s emailing the wrong person or attaching the incorrect file. All files are sent using Transport Layer Security and zero-knowledge encryption, so users can share confidential files with confidence. But the best part is that our solution provides free and easy access for recipients. Anyone can conveniently receive a Zivver message, regardless of where they are or what email they use, and unlike with some other solution providers, they won’t need to create an account in the process.

We give financial services teams the security they need to safeguard sensitive information, without compromising on useability. By doing this, we give companies a birds-eye view not just of the potential impact of data loss via email, but your customer's satisfaction too.

If you’d like to find out more about our highly secure and yet highly useable email security solution, read Zivver’s guide to email security in the financial services industry. Or contact Zivver’s UK office on +44 20 3285 6300, or email contact@zivver.com.

 

 

Written by

Kate O'Neill

Originally published on July 12, 2021

Last update on July 12, 2021