Matthew Sharpton, Managed Services Engineer
Email has become an integral method of communication in the modern business world for both internal collaboration and external correspondence. While an efficient email solution is important to any business, financial institutions bear the added burden of securing the contents of email messages while in transit and in storage. Due to the nature of their job, employees of financial institutions are exposed to and trusted with sensitive nonpublic personal information (NPI) on a daily basis. Whether intentional or not, it is almost inevitable that NPI will be communicated over email. Even the best internal control processes can be compromised by simple human error and can lead to serious consequences. Safe Systems understands the unique needs of financial institutions and provides a secure hosted email solution, SafeSysMail, to over 120 financial institutions and over 5,000 users. For example, one feature from SafeSysMail that can help financial institutions protect customer data from exposure is email encryption. Safe Systems incorporates an industry-leading solution, Zix to encrypt email. The Zix system will scan emails and documents for NPI (SSN’s, HIPAA information, financial information, etc.) and will automatically encrypt messages that contain enough of this type of information.
Technology and the use of email is now allowing businesses and their customers to communicate with ever-increasing ubiquity; however, this ease of access also leaves financial institutions and their employees with a larger margin for error. A comprehensive security program must not only protect the network from external threats, but must also strive to protect internal users from themselves.
Here are 5 ways you can protect your financial institution from inadvertently leaking sensitive information via email:
1) End-user training – There is no replacement for having staff who understand the criticality of keeping sensitive information out of the wrong hands. When sending emails, stress the importance of double-checking recipients and protecting the data (encryption, password protected documents, etc.)
2) Keep personal email and work email separate – Enforce the use of separate email accounts for work related emails and personal emails or ban personal email use in the network entirely. This cultural change helps prevent issues presented by comingling personal and business contacts.
3) Adopt a security mindset – Ensure any data stored on the network is accessible by only those individuals authorized to use the information and ensure that any data being transmitted outside of the network is encrypted. Do not neglect physical means of data transmittal such as portable hard drives, laptops, and USB flash drive, as these devices can be lost or stolen.
4) Prompt incident response – Make sure your financial institution’s users acknowledge and communicate any potential NPI mistake quickly enough for effective action to be taken. The longer a potential security breach is ignored, the worse the potential for exposure becomes.
5) Take your time – Fast is not always effective. When sending out sensitive information, encourage network users to proofread messages and who they are sending the message to before they send. Costly mistakes can be easily avoided by a second look.