team sitting around table in meeting
Blog
4 min

5 Email Security Mistakes Financial Services Firms Could Easily Avoid

For financial organisations, email is a reliable way of communicating with clients, customers, and partners. However, it is also a medium that cyber criminals can exploit. Without additional protection, email provides insufficient security to prevent unauthorised access to sensitive data.

Let's look at the top 5 mistakes you could make when using email, why this could affect your business and how to counteract these going forward.

 

1. You have sent sensitive data ‘in the clear’

If you haven’t come across the term before, sending a sensitive email ‘in the clear’ means using an unencrypted email to deliver confidential information. Though we all have a responsibility the protect personal information, in business this happens more than you would think.

If you are sending or receiving personal data using unencrypted email, you are putting it at risk of email interception - the act of monitoring and accessing messages on their digital journey to harvest information. One of the most effective ways to counteract this is to utilise a strong layer of email encryption designed for business use.

While email providers such as Outlook and Gmail use Transport Layer Security (TLS) encryption, this is not robust enough to protect against the majority of attacks while still guaranteeing delivery to recipients.

Investing in a dedicated email security solution that uses end-to-end encryption is advised by industry regulators around the world, including the UK's ICO (Information Commissioner's Office) who recommend email encryption to align with GDPR among other compliance mandates.

Read more about encryption and the role it plays.

 

2. You have sent a document or message to the wrong recipient

I think it’s safe to say that most of us have experienced that ‘oh no!’ moment of sending an email to the wrong person. This can be especially troublesome if the email in question contains sensitive documentation or personal data.

Misdirected email is one of the top examples of human error within cybersecurity, and is responsible for 95% of security breaches. While you can contact the recipient and ask them to ignore the missent message, recalling or revoking an email is the most effective way of fixing your mistake.

Currently, Microsoft offers email recall as part of its 365 plans. However, this is unreliable and relies upon a strict set of rules being met. Implementing a solution that efficiently blocks access to emails each time presents a safer alternative.

 

3. You use or re-use a weak password for your email account

Passwords are the first line of defence when it comes to protecting your email account. However, weak or re-used passwords are one of the easiest ways that threat actors can gain access to accounts.

Weak passwords include popular, easy-to-guess phrases, with the most common including 123456, password and qwerty. Weak passwords also include those based on personal information, such as your pet's name or the street where you live. A weak password can leave your business vulnerable to cybercriminals attacks that compromise accounts and expose the personal data contained within your emails.

Creating strong passwords that are unique to each account you own is vital. The recommended password length is 12 characters long, with a mixture of numbers, symbols, uppercase and lowercase letters.

 

4. You aren’t utilising multi-factor authentication

If unauthorised third parties get hold of your login credentials, accessing your account is an easy next step for them. However, there is another barrier you can implement that can reduce successful attacks.

Multi-factor authentication requires you to provide two or more verification factors to gain access to your account. This can include a mixture of:

  • Something you know, such as a password or answer to a personal question
  • Something you have, such as a pin code sent to your device
  • Something you are, such as biometric factors like your fingerprint, facial recognition and retinal scans

Ensuring multi-factor authentication is switched on for your email account can significantly improve the security of your emails. But did you know that authentication can also be implemented to protect individual messages?

Our secure email solution, Mailock, offers ID verification for your messages. You can choose between SMS authentication, which requires the recipient to input a code sent to their phone, or Q&A authentication, where recipients must answer a question only they know the answer to.

 

5. You have clicked an unfamiliar link in an email

Phishing is when a cyber criminal sends an email claiming to be from a reputable organisation or individual, to gain access to a recipient’s data or install malware on their device. One of the ways in which they can achieve this is by encouraging the recipient to click a link.

It is vital to check the credibility of emails entering your inbox. You can do this by:

  • Looking at the email address the message was sent from. Is it one you recognise? Does it have a domain that is legitimately tied to the proposed sender?
  • Are the grammar and spelling correct?
  • Does the link URL appear to direct to a legitimate website?
  • Is the sender demanding urgent action or negative consequences for not responding?

Investing in cybersecurity and phishing training for employees will keep security front of mind when dealing with potentially harmful emails.

 

If you have made any of the above 5 mistakes, it may be time to start thinking about a secure email solution for you and your organisation. Implementing dedicated email software such as Mailock, which offers encryption, email recall, and multi-factor authentication capabilities will keep your business and clients safe from cyber threats.

Return to listing