Increasing industry use of encrypted email to combat cybercrime
Recognition amongst financial services businesses of the need to safeguard emails is increasing in the face of financial cybercrime and they are taking action. Origo’s Unipass Mailock recently marked its one millionth email sent though the encrypted system.
Industry providers such as Aegon and Royal London are using military-grade encryption email services to protect their email exchanges with financial advice firms, and other providers are also realising email protection is now essential.
Cyber criminals hack vulnerable email systems and employ sniffer programs which identify valuable emails and take copies of them, which the criminals can then exploit. For example, in just one email in which a client sends their personal and asset details to their financial adviser, there would be enough detail to help criminals commit fraud.
Putting in place a secure, military-grade encrypted email system, one which protects emails in transit, and ensures that only the intended recipient can access the email, as well as providing an audit trail for compliance purposes, now needs to be thought of as base-level security for product providers and financial advice firms, and without a doubt where confidential and transactional data is being sent.
It is also another way for providers and firms to demonstrate value to their respective customers in the precautions they are taking to safeguard their data.
Origo’s Unipass Mailock system has now surpassed one million emails through the system. Looking at industry benefits, not only has this protected over a million communications between providers, advisers and their clients, but we calculate that this equates to £1.9m saved in print, packaging and postage costs, as well as climate related savings of 459 tonnes of CO2 and 154,000 tonnes of water.
The risk to businesses is not just potentially having to compensate clients for losses, and meeting fines imposed by the Information Commissioner’s Office (ICO), but the effect on client trust and the reputation of the business.
As we move to a more digital advice experience, we expect to see companies of all sizes look to protect this potential point of vulnerability and employ encrypted email as a matter of course.
Standard security protocols advice firms can follow
Some general basic actions businesses can take to help protect their businesses against cybercrime, include:
- Having in place standard items of internet hygiene including firewalls, anti-virus software and a virtual private network (VPN) for off-site working.
- Identifying where the risks to the business lie – are they with providers or are they in unsecured communications with the end client?
- Implementing formal processes and procedures, and staff training, to raise awareness of the potential dangers, and how to protect the business against them.
- Having formal cybercrime processes written into a firm's policy documents, including written instructions for staff to follow where, for example, fraud is detected.
- Having in place appropriate controls for inward and outward communications – such as encrypted email.
- Letting your customers know the potential dangers and what you are doing to protect them.