Jay ButlerJay Butler, Project Manager

The Gramm-Leach-Bliley Act (GLBA) requires that financial institutions (FI) design, implement, and maintain safeguards to protect consumers’ personal financial information, and the related FFIEC IT Examination Handbook recommends sensitive information should be encrypted in transit.  Email is probably the number one information transit method used these days, so email encryption must be considered a part of any sound information security policy.  The FFIEC recommendation specifies the encryption should include:

  • Sufficient encryption strength to protect the information from disclosure until such time as disclosure poses no material risk
  • Effective key management practices
  • Robust reliability
  • Appropriate protection of the encrypted communication’s endpoints


Implementing an outbound email filtering solution that includes message encryption technology is the common way to ensure compliance.  Outbound email filtering scans all messages that leave your institution (outbound Internet email).  The ideal solution should include the following features:

  • Automatic encryption of any message that contains sensitive data such as personal financial information
  • Body, Attachment, and Subject scanning for sensitive information
  • Policy enforcement – users should not be able to bypass the encryption in any way
  • Forced encryption – user can type a keyword in the message subject to force encryption
  • User training program – your FI should schedule internal training sessions with employees known to send/receive sensitive information
  • Secure replies from the recipient
  • Reporting – reports that show encrypted email activity for auditing purposes
  • Foolproof –  outbound internet email flow stops if the filtering system fails
  • Transparency – encryption should be invisible to the recipient when possible
  • TLS – all outbound internet messages should be offered over a secure channel
  • User-friendly operation

If you presently have an in-house mail server without email encryption, you could install an outbound filtering appliance on the edge of your network, or you could use a cloud-based service.  An analysis of the two options usually lands our clients on the cloud-based solution because it is the better fit for community financial institutions.  Any cloud-based service should include the following characteristics:

  • Lower cost – the Total Cost of Ownership is lower than comparable locally deployed solutions
  • Scalable – the solution is able to grow with your business
  • Reliable – the solution has built-in redundancy to maintain service delivery
  • Secure – the solution follows industry security standards in accordance with FFIEC guidelines
  • Managed –  expert support and maintenance by the service provider
  • Monitored – the provider monitors the system performance and security

Safe Systems, Inc. service offerings include numerous managed “cloud” solutions that meet these criteria.  Our SafeSysMail hosted email solution and our E-Scan email filtering service include compliant email encryption through our partnership with ZixCorp.  ZixCorp is the leader in email encryption services and boasts the world’s largest email encryption community with tens of millions of members. (ZixCorp, 2012)  ZixCorp is SOC3/SysTrust audited and its solutions are used by the nation’s most regulated institutions, including Federal banking regulators, Divisions of the U.S. Treasury, SEC, and more than 1800 (1 in 5) U.S. financial institutions. (ZixCorp, 2012)

Through our partnership with ZixCorp, Safe Systems, Inc. provides email encryption services for more than 130 community financial institutions.  SafeSysMail is one of our fasting growing product offerings.  If you are interested in email encryption, please contact your Safe Systems Account Manager for assistance in finding the right solution.  If our SafeSysMail or E-Scan managed service is not the right fit, we can help in determining a solution that works best for your unique situation.