In the financial services, maintaining a good reputation for your business is a high priority, especially for IFAs (independent financial advisers). Reputation can be damaged in many ways, but one of the most impactful events IFAs are at risk of is a data breach.
46% of businesses who suffer from a data breach see negative repercussions affecting reputation and brand value, with 85% of consumers stating they wouldn’t work with a company if they had concerns over their security. When you also consider that 79% of financial losses can be attributed to cyber security shortcomings, you can see why safeguarding company and client data is vital for protecting your business.
Email is commonly used by IFAs to send and receive documents that contain client data, including fact finds, evaluation reports, and service agreements. This makes email a prime source of data breaches through email interception or human error, with the latter noted as the cause behind 60% of reported data leaks within financial services.
There are several things you can do to ensure information held within your messages is kept secure. Following these simple email security best practices will ensure you’re doing everything you can to comply with regulatory guidelines on keeping data safe.
Strengthen your Passwords
Due to ‘password fatigue’, people often find themselves reusing the same or similar passwords across different accounts to remember their logins. The Nation Cyber Security Centre (NCSC) recommends that you use a strong, separate password for your email, avoiding easily guessable phrases such as children or pet names. Instead, try combining three random words, along with a number and symbol. Your email is the key to passwords for your other accounts (through the “I forgot my password” route). If access is compromised, not only is your message data wide open, so is access to everything else.
Apply Two-Factor Authentication
Two-factor authentication (2FA) is an extra layer of security that identifies email recipients to make sure only the right people can gain access to messages and attachments. 2FA involves the recipient having to complete one of two tasks, 1. answering a question only they would know the answer to, or 2. proving they have access to a device such as their mobile phone, by entering an SMS code. If the user is not able to access their inbox (with their password) and pass the set challenge, they will be unable to open your message.
Use Email Encryption
Email encryption is when the contents of your message and attachments are disguised to prevent third parties from reading the sensitive data inside. There are two types of email encryption to be aware of, the first being Transport Layer Security (TLS), which is free and included with email providers such as Microsoft Outlook, and the second being end-to-end encryption, business-grade email security deployed with specialist software.
TLS security offered as standard by email services gives the contents of your email some protection during transit but gives them no protection at rest on a serve. This is a problem in business, because servers could be accessible by any number of IT people, managed service providers, email providers, or partners. Does everyone with access to your infrastructure have a legal need to be accessing the sensitive information in your emails?
End-to-end encryption adheres to ICO and FCA guidance by encrypting messages in transit and at rest. It also utilises military-grade AES-256 keys, which it is often said would take more time than the universe has existed for to crack. End-to-end encryption does what it says on the tin. It makes sure the only places a message can be read is when it reaches the inbox it was sent to. Combine it with 2FA and you ensure only the right person can read.
2FA and Encryption for Your Emails
Mailock combines the best cryptographic technologies available, 2FA and end-to-end AES-256, into a secure outbound email encryption solution designed for financial services. Mailock is easy-to-use, deployed to your mail server or with a simple add-in to Outlook. It ensures regulatory compliance and your client’s data remains secure.
Thousands of financial services professionals are already using Mailock to secure their client communications. We’re building the world’s most secure community of advisers and providers one message at a time.
Get live updates
Subscribe to our exclusive secure communications content for professionals in regulated sectors.