How the GDPR inspired a new approach to email data protection
Facing the risks of data leaks and breaches against the backdrop of a global pandemic and a mass move to remote working, we visit the number one trouble spot for security leaders in the financial services industry looking to better protect their organisation’s cybersecurity frontlines: combating insider threat.
You are a security professional in the financial services industry trying to prevent cyber criminals from infiltrating your organisation. You’re building advanced security into your company’s software systems, scanning hardware for any vulnerabilities, identifying risks, and trying to assess the advancing cyber threats of emerging technologies, such as deepfakes and 5G. The last thing you need is an employee accidentally sending a confidential email to the wrong recipient, causing a data leak that could sprout into a major security breach and stamp you with a hefty GDPR fine. But the chances are, you’ll already have faced this problem more times than you count.
For security professionals on the cyber frontlines, keeping email communications secure can feel like you’re constantly fighting a losing battle. Data leaks can spring up from anywhere, whether it’s in the form of confidential emails being sent to the wrong recipient, confidential information being incorrectly attached, or sending an email to multiple recipients using the ‘To’ or ‘Cc’ fields when ‘Bcc’ was required.
With millions of emails sent every day and 80% of data leaks caused by human error, security professionals spend much more time putting out fires than they need to combating this insider threat, largely thanks to email security systems that aren’t doing the job. The truth is, security professionals can fortify their defenses and benefit from a bird’s-eye view of their email security – but to do so, they need to understand the root causes of data leaks and why many existing security platforms are not up to the task.
This means adopting an ‘assume breach’ mindset whilst implementing the tools that provide you with the visibility you need. One that safeguards sensitive data, controls digital risks and minimises mistakes made by human error. Mistakes that attackers increasingly seek to prey on in order to carry out highly targeted attacks.
In a remote working world, human error is increasingly likely
Studies have repeatedly shown that human error is at the heart of email security pitfalls. With more than 300 billion emails sent daily in 2020, accidents are inevitable and can have dire results for security professionals. Take the Netherlands, for example, which recorded 27,000 data leaks in 2019. Of those leaks, only 3% were caused by hacking, malware and phishing. The main causes of these leaks included misaddressed emails, employees accidentally sharing sensitive information, using weak passwords, and a lack of authentication.
If it wasn’t difficult enough already for security professionals on the cybersecurity frontlines, the Covid-19 pandemic has layered on a new challenge: a global shift to remote working. A Gartner survey showed that 82% of company leaders are planning a hybrid approach to allow employees to work remotely some of the time as employees begin their return to the workplace. Many employees are now using their home networks and home devices, placing them at greater exposure to cyber attacks.
According to Global Year in Breach 2021 report, a higher reliance on email as the primary form of communication created a golden opportunity for cyber criminals, with phishing attacks from malicious attackers looking to obtain personal information increasing by a staggering 660% in 2020. The Verizon 2020 Data Breach Investigations Report further highlighted that within the Financial and Insurance sector, employees’ mistakes accounted for roughly the same number of breaches as those caused by external parties. The most common error was found to be ‘Mis-delivery’: sending information to the wrong recipient.
Why aren’t existing security solutions enough?
Existing email security solutions don’t force your employees to acknowledge mistakes. They don’t alert you when mistakes are about to happen. They don’t ensure you are complying with the latest data protection regulations, and they don’t give you a comprehensive view of where the gaps are in your security frontlines. In far too many cases, it's possible for employees to ignore the concept of email security entirely.
While the opportunities for human error are never ending, they are predominantly categorised into two: skill-based and decision-based errors. Mis-delivery, the most common error as highlighted by the Verizon report is an example of a skill-based error, a mistake that occurs when performing all too familiar tasks and activities. A brief lapse in attention or memory that can have dire consequences. A decision-based error on the other hand can look like this: an employee sends a customer of yours an encrypted attachment; the customer calls to let the employee know that they aren’t able to access it; and the employee takes the opportunity to ask whether they can send the file as an email attachment instead, deeming that as acceptable ‘consent’ to release permissions on the attachment.
We can see from both examples the role human error plays in how swiftly a company’s cybersecurity standards, systems and software can become irrelevant. Businesses might have platforms and tools in place but they are frequently ineffective, with there being a compromise – sacrifice security to improve usability, or vice versa, making it harder for employees to work in an unrestricted way.
At Zivver, we see security and usability as being two sides of the same coin. With more employees working remotely than ever before, your cybersecurity frontlines are fractured. You need a tool that can protect your emails from the prying eyes of cyber criminals as well as human mistakes and you need a platform that empowers your employees with the knowledge, skills and technology to stay cyber secure at all times (whether your employees are at home or the office).
How to enable your employees to fortify your cybersecurity frontline
Employees are not risks to be mitigated, but assets to be enabled. Yet, with the stresses of fending off cyber threats daily, security professionals are busy people. There isn’t always the time or resource to make sure every employee:
1) Is trained in the principles of cybersecurity
2) Fully grasps the technical features of the cybersecurity technology you have deployed to be able to correctly use it
3) Understands (or knows how to spot/address) the ramifications of what happens when they don’t
4) Or, better yet, actually follows the rules
Zivver fortifies your defenses against data leaks by enabling your employees to eliminate costly mistakes on email. Our smart technology will alert employees of any security issues before they hit send, whether it’s emailing the wrong person or attaching the wrong file. It gives them the ability to revoke access to a secure Zivver message and it empowers them to safely send emails to people outside your organisation, making your company protected with a highly encrypted email solution.
What’s more, anyone can receive a Zivver message without having to create an account – but because our platform features asymmetric zero-knowledge encryption, you can be confident that only authorised parties will be able to read emails.
And there’s no need to revamp your current email system – our platform integrates easily with Outlook and Gmail, while offering the most secure encryption methods possible to prevent malicious actors snooping on your data.
Security professionals can rest easy knowing that Zivver is watching employees’ backs and helping them comply with data protection regulations every day. More than that, they’ll benefit from a detailed dashboard that highlights the main risks, causes and impact of data breaches, giving them a complete bird’s-eye view of their business.
More than 3 million people have used secure email with Zivver, and more than 4,000 organisations have placed their trust in our platform. So, if you’re a security leader in the financial services industry looking to find a better way and enable your employees to eradicate the risks that breach your email security, schedule a free live demo, give us a call or +44 20 3285 6300 or send us an email at email@example.com.
Cybersecurity in the financial industry is not a technology problem. It’s a people problem. With Zivver, you can set your employees on a safer path, click here to learn more.