IT team reviewing email security using laptop at office desk
3 min

5 Email Security Mistakes Financial Services Firms Could Easily Avoid

For financial organisations, email remains a trusted method for communicating with clients, customers, and partners. However, it's also a target for cybercriminals. Without additional layers of security, email can be vulnerable to unauthorised access to sensitive data.

Let’s explore the top 5 email mistakes you might be making, how these can impact your business, and ways to counteract them effectively.

1. You Have Sent Sensitive Data ‘In The Clear’

If you haven’t encountered the term before, sending an email ‘in the clear’ means transmitting sensitive information without encryption.

Despite our responsibility to protect personal data, this is a common mistake in business communications.

Sending or receiving personal data through unencrypted emails exposes it to risks of email interception—where cybercriminals monitor and access messages to steal information.

Misdirected emails are a leading example of human error in cybersecurity, contributing to 95% of security breaches

One effective countermeasure is using a robust email encryption solution tailored for business use.

Email providers like Outlook and Gmail offer Transport Layer Security (TLS) encryption, but alone, this often isn't sufficient to safeguard against most attacks while ensuring delivery to recipients.

Investing in a dedicated email security system that employs end-to-end encryption is recommended by industry bodies worldwide.

For instance, the UK's Information Commissioner’s Office (ICO) advises email encryption to comply with GDPR and other regulations.

Read more about encryption and its role in data protection.

2. You Have Sent A Document Or Message To The Wrong Recipient

We've all experienced the dreaded moment of sending an email to the wrong person, especially if it contained sensitive information.

Misdirected emails are a leading example of human error in cybersecurity, contributing to 95% of security breaches.

While you can ask the unintended recipient to disregard the message, recalling or revoking an email is a more effective solution.

Microsoft offers email recall as part of its 365 plans, but this feature is often unreliable and depends on specific conditions being met.

Using a solution that automatically blocks access to emails can provide a safer alternative to relying on your email client's native features.

3. You Use Or Re-Use A Weak Password For Your Email Account

Passwords are your email account’s first line of defence.

However, using weak or re-used passwords is one of the easiest ways for threat actors to compromise accounts.

Common weak passwords include simple sequences like 123456, password, and qwerty. They also include personal information like pet names or street addresses.

Weak passwords expose your business to cyberattacks that can breach accounts and access the personal data within your emails.

It’s crucial to create strong, unique passwords for each account. Recommended passwords are at least 12 characters long and include a mix of numbers, symbols, and both uppercase and lowercase letters.

Common weak passwords include simple sequences like 123456, password, and qwerty

4. You Aren’t Utilising Multi-Factor Authentication

If unauthorised parties obtain your login details, accessing your account becomes straightforward. However, there is an additional layer of security you can add to reduce the chances of a successful attack.

Multi-factor authentication (MFA) requires two or more verification steps to access your account. These steps can include:

  • Something you know, like a password or the answer to a security question;
  • Something you have, such as a PIN code sent to your device;
  • Something you are, such as a fingerprint, facial recognition, or retinal scan.

Activating MFA for your email account significantly boosts its security. Additionally, authentication can also protect individual messages.

5. You Have Clicked An Unfamiliar Link In An Email

Phishing attacks occur when cybercriminals send emails pretending to be reputable organisations or individuals to steal data or install malware. They often encourage recipients to click on a link.

It’s crucial to verify the legitimacy of emails in your inbox. Here’s how:

  • Check the sender's email address. Is it familiar? Does it belong to the claimed sender’s domain?
  • Examine the grammar and spelling for errors.
  • Hover over the link to see if the URL directs to a legitimate website.
  • Be wary if the sender is pressing for urgent action or threatening negative consequences for not responding.

Investing in cybersecurity training and phishing awareness for employees helps keep security top of mind when dealing with suspicious emails.

Deliver sensitive information securely with Mailock


World Economic Forum Finds That 95% of Cybersecurity Incidents Occur Due to Human Error, Cybernews, 2023

Most Common Passwords List, Nordpass, 2023

How to Create a Strong Password, Cybernews, 2023

Security: Encryption, Information Commissioner's Office, 2022

Reviewed By:

Sabrina McClune, 18.06.24

Sam Kendall, 18.06.24


Originally posted on 02 11 22
Last updated on June 19, 2024

Posted by: Sabrina McClune

Sabrina McClune is an expert researcher with an MA in Digital Marketing. She was a finalist in the Women In Tech Awards 2022. Sabrina has worked extensively with B2B technology companies conducting and compiling thorough academically driven research to produce online and offline media. She loves to read fantasy novels and collect special edition books.

Return to listing