Preventing data leaks via outbound email security

For the financial services industry, the vast majority of outbound emails include sensitive data; credit card numbers, addresses and other personally identifiable information (PII)... data that you really wouldn’t want to end up in the wrong hands.

Yet many financial services firms are either struggling to prevent data leaks with the email security solutions they have in place, or don’t have efficient enough measures in place at all. According to a VMware report, despite 81% of organizations suffering a data breach in the past 12 months, just two in five C-suite professionals have updated their security policies and measures as a result.

Clearly, existing data loss prevention methods aren’t enough – there needs to be an extra layer of security added to prevent data breaches and the financial and reputational damage they can wreak in this sector. But to do this, it’s crucial that companies recognize the root cause of data loss. We’re not talking about malware or malicious attacks; we’re talking about technology which isn’t fit for purpose today.

At the end of the day, we’re all human and we all make mistakes. When it comes to emails, these mistakes can come in the form of adding the wrong recipient, attaching the wrong file or forgetting to remove data from documents or a larger email. Sometimes this might be innocuous, but other times it can lead to a data leak that could result in a lost client, a lawsuit or possibly millions of pounds in fines.


According to the data security incident trends for Q4 2020-21, published by the ICO, ‘data emailed to incorrect recipient’ was the leading cause of non-cyber-related security incidents for businesses in the finance, insurance and credit sectors, with 46 out of the reported 159 incidents in this category (nearly 1 in 3).

So why aren’t existing DLP solutions good enough?

To find the answer to this question, let’s look at Office 365 (O365) – the biggest workplace productivity platform with 240 million active users and home to Outlook, one of the most popular email providers worldwide. However, when it comes to email security, Office 365’s in-built data loss prevention (DLP) doesn’t plug all the holes that data leaks can slip through.

Why is this? After all, users are able to set DLP rules that scan emails for sensitive information, apply configurable IT policies and then filter the message or inform email senders they may be about to break the rules – so why are users of O365 experiencing comparatively higher numbers of leaks than those who don’t?

It might seem efficient, but in reality, these rules don’t reflect how emails are sent, the way human behavior changes and the fact that even the most pedantic employee can be prone to errors – particularly when they are tired, stressed or too busy to double check an email before they press send.

Recently, Zivver carried out research to identify the major gaps in the O365 offering. We found that it doesn’t have the functionality to eliminate common (but costly) mistakes that can occur when sending. It doesn’t do enough to prevent the interception of email data, authenticate recipients after delivery, or compel the user to understand the potential impact of a mistake over email.

You can’t even guarantee that the vendor and other third parties won’t have access to decryption keys used to unlock your data, which for all intents and purposes means they could access and pass on data without our involvement.

Clearly, financial services leaders can’t just stick to the same old security conventions that are no longer fit for purpose. With businesses making more permanent shifts to hybrid/remote ways of working, the number of data breaches within organizations continues to increase. They need to understand that existing data prevention methods aren’t enough, and that businesses that constantly deal with sensitive and personal data – such as wealth management and insurance firms – must look into measures that bolster their outbound email security and protect against the human element.

Zivver empowers employees to secure sensitive data without disrupting workflows

As cyber threats evolve, so too are cybersecurity regulations that are imposed on financial services firms. GDPR is a famous example, with businesses expected to implement new controls to prevent data leaks.

As we know, failure to comply with regulations can result in huge fines, making them as damaging for financial services organizations as a DDOS or ransomware attack. That’s why businesses must assess how regulation changes will affect them and ask how prepared they are to comply with new rules.

You may already be aware of insider threats. Perhaps you have policies in place to ensure that staff are aware of the consequences of accidentally (or purposefully) leaking data via email. You might even have introduced some form of email security in the past. However, can you guarantee that your employees won’t ever make a mistake that could lead to a catastrophic data breach? We’d be surprised if you did.

That’s where Zivver’s highly encrypted email security solution is able to fill a crucial gap left by most email providers – it sends real-time alerts whenever an email looks like it could be in danger of causing a data breach, whether that’s due to the wrong recipient being added, a wrong document being attached or data not being removed from an email chain. And here’s the rub – Zivver integrates easily with Outlook and Gmail, adding an extra layer of security to your existing email system without requiring everyone to shift onto a new platform.

Our solution gives IT security leaders a complete birds-eye view of their email security, ensuring they can prevent silly mistakes over email, remain GDPR compliant and snuff out data breaches before they happen. To find out more about the insider threat and why it’s vital to apply to an extra layer of security to your outbound emails, contact Zivver’s UK office on +44 20 3285 6300, or email contact@zivver.com.