In financial services, safeguarding your business's reputation is crucial, especially for IFAs (independent financial advisers). One of the most significant risks to this reputation is a data breach.
46% of businesses who experience a data breach suffer negative impacts on their reputation and brand value. Additionally, 85% of consumers say they wouldn’t work with a company if they had security concerns.
Given that 79% of financial losses can be linked to cyber security failings, it's clear why protecting company and client data is vital for your business.
Cyber Security In The ‘New Normal’
An interview with Tim Morris, IFA at Russell & Co Financial Advisers, highlighted the difficulties advisers faced in acquiring new clients during the pandemic.
Lockdowns forced a shift to online platforms, with 89% of advisers adopting new technology due to COVID-19.
IFAs also leaned on existing technologies like email, with an 81% increase in email use in financial services. Nearly 1 in 4 advisers realised they needed to use email in ways they hadn’t before.
This surge in email use makes cybersecurity, particularly email security, more critical than ever for advisers.
The Importance Of Email Security
IFAs frequently use email to send and receive documents containing sensitive client data, such as fact finds, evaluation reports, and service agreements.
This makes email a common source of data breaches, whether through interception or human error. In fact, human error is responsible for 60% of reported data leaks in financial services.
83% of businesses have faced email data breaches in the last year, and 62% of financial services firms expect email threats to increase in the coming year.
Surprisingly, only 43% of advisers currently secure their emails to protect their own and their clients' confidential data.
How To Protect Sensitive Email Data
There are several steps you can take to secure the information in your emails.
By following these email security best practices, you can make sure you’re complying with regulatory guidelines on data safety.
Strengthen Your Passwords
Due to ‘password fatigue’, people often reuse similar passwords across different accounts to remember their logins.
The National Cyber Security Centre (NCSC) advises using a strong, unique password for your email, avoiding easily guessable phrases. Instead, combine three random words with numbers and symbols.
Your email is the key to many of your other accounts through the “I forgot my password” function. If compromised, not only is your email data at risk, but access to everything else could be too.
Apply Two-Factor Authentication
Two-factor authentication (2FA) adds an extra layer of security, verifying email recipients to make sure only authorised people can access messages and attachments.
2FA typically requires the recipient to complete one of two tasks: answering a security question or proving access to a device like their phone by entering an SMS code.
If the user can't access their inbox and pass the security challenge, they won’t be able to open your email.
Use Email Encryption
Email encryption disguises the contents of your message and attachments to prevent unauthorised parties from reading sensitive data.
There are two types of email encryption: Transport Layer Security (TLS), included with many email providers like Microsoft Outlook, and end-to-end encryption, which is a more robust, business-grade solution.
TLS offers some protection during email transit but no protection at rest on servers.
This lack of protection can be a problem in business, as servers might be accessible by various IT personnel, service providers, or partners.
Do all these individuals with server access have a legal need to view the sensitive information in your emails?
End-to-end encryption aligns with ICO and FCA guidelines by encrypting messages in transit and at rest.
It employs military-grade AES-256 keys, which are considered practically uncrackable.
End-to-end encryption ensures that only the intended recipient can read the email, especially when combined with 2FA.
References:
Does a Data Breach Really Affect Your Firm’s Reputation?, CSO Online, 2023
Email Security Is Broken: How Finance Firms Can Plug the Gaps and Prevent Costly Data Leaks, Finextra, 2023
The Relevance of Email Security in the Finance Industry, DuoCircle, 2023
Three in Ten Advisers Suffer Profit Cut During Pandemic, FT Adviser, 2023
Digital Transformation Is a Legacy of COVID-19 for IFAs, IFA Magazine, 2023
Is Email Security a Ticking Time Bomb for the Financial Services Sector?, Financial Reporter, 2023
Email Data Breaches: What You Need to Know, HelpNet Security, 2023
Financial Client Data, Money Marketing, 2023
Password Fatigue: What It Is and How to Avoid It, Macmillan Education, 2023
Top Tips for Staying Secure Online: Use a Strong and Separate Password for Email, National Cyber Security Centre, 2023
Reviewed By:
Sabrina McClune, 19.06.24
Sam Kendall, 19.06.24