Secure Communication – Utilising Secure Encrypted Mail Technology and Passwords
A heightened awareness of the rules around GDPR and its consequences has ensured that the Advice community has increasingly looked to embrace the need to communicate securely with any party, in respect of the clients’ personal and sensitive personal data.
It is well known that larger firms have paid incredibly high fines, such as Amazon’s fine of more than $700 million for a cookies policy that contravened European GDPR principles.
This short paper considers when you should think about looking to employ encrypted mail, alternative secure communication such as peer-to-peer (portals), and the importance of password strength and integrity.
The Case for using encrypted mail.
At this point, you may be expecting a paragraph describing the best mail system and approach. But the case for using encryption is based in the main on human beings and their propensity for making errors in judgement. Errors are often unintentional but would not be forgiven by the data regulators.
How many emails are sent (internally and externally) with personal client data? How many clients does the business receive emails from that contain important personal data, often of a sensitive nature?
The advice business has a responsibility to both it and its clients to allow the secure flow of data between these parties. Particularly as more and more of the relationship with the client is carried out in a remote environment. Good practice around the use of encrypted email will help greatly reduce the risk of human error.
How hard is it to obtain and install an encrypted mail system?
The secure email systems look to integrate into Microsoft Outlook (as a minimum) and build their functionality around what you already do and already know.
The reality is that you should look for a proven well-tested system that is able to support you through their implementation and answer any questions you and your staff may have.
The installation is usually very quick but should always be done in partnership with your IT support provider.
As a footnote to this section, it is important to add that in terms of security typical Gmail, Yahoo and Hotmail accounts, etc. were set up for personal messaging. They were not set up for a business to use to send data securely. If you are doing so, please speak to your IT support for greater clarification and ensure that you are satisfied it supports the security levels you need. Most of these operators now also offer a business email account as a more secure option.
What exactly does it do?
Once you have created the email you would receive a pop-up window that asks, “how would you like to send it” with the choice of unsecure or securely.
Once you have selected securely the email is encoded and a link is sent to the recipient asking them to provide the appropriate security to obtain access.
Once access has been secured it then means that the recipient can also return the email securely to the originator.
Today we are seeing two-factor authentication on the rise and the use of approval for spending through application technology. By comparison, secure email encryption is very straightforward, and in general terms it is.
Peer to Peer Comms
In recent years we have seen the rise of peer-to-peer technology through portals. Effectively using a portal means that the client is on the same system as you. They will have accessed the portal with their username and password just like yourself, so messages can be sent and received in real-time. If the client is not on the portal when the link is sent through then a push notification is sent to their preferred method of contact, namely email/SMS.
It is easy to see how the use of peer-to-peer communication will grow, but whereas not everyone who is computer literate will use a portal, it is fair to say that the vast majority of clients will use email, so also enabling secure email becomes a must for any business.
The myth of the client barrier
Some businesses who have not adopted any secure method of communication to this point, often cite the lack of willingness of their clients to use such a means of engagement.
It is fair to say that COVID has put to bed many of the myths about remote client contact. In turn, this went a long way to dispel the belief that clients would not like to use secure communication methods over the internet.
The opposite is probably true now. I have an approval process using my banks app for less usual or larger purchases or gifts, something I am glad to do for peace of mind. In fact, as awareness in the client community grows, I would now expect my financial advice firm to be able to offer me other ways of gathering and transmitting my data securely and remove the possibility of it being compromised.
Training and ongoing awareness
It is important to invest in the standards you would expect from your staff. Mistakes will be made, but good practice helps minimise the mistakes and ensure that those that are made could be less consequential.
Be sure that they understand when to use encryption and how to use it properly. Inform them of the consequences, in particular of the reputational and monetary effects of a data breach.
Good Password Protocol
Alongside the use of email encryption, the use of a strong password protocol will also help ensure that the chance of someone accessing your data and communicating with clients/third parties is minimised.
There is software available that randomly generates passwords and stores them securely so that you can utilise them when logging on. This also means that the user will never know them, relying on their main username and password/bio-metric security routine when they initialise their log-on at the start of their day.
This should forever remove the need for post-it notes with passwords or easy-to-guess ones!
Good password protocol accompanied by the utilisation of a secure means of emailing your clients and third parties will help significantly reduce the risk of cyber security issues. It gives the clients the comfort of knowing that their advice practice has taken significant measures to ensure the safe transmission of important personal data between the parties involved.
If this is still something you are yet to do, I would urge you to do so.
Our Cyber Security Month is Supported By Our Sponsors
Beyond Encryption is the industry standard for secure digital communications, working with major household brands such as Aegon, HSBC, Royal London, Origo, Paragon Customer Communication and Westcoast Cloud.
We’ve built the world’s most secure encrypted communications network, protecting and connecting advisers, providers and platforms throughout financial services and other aligning industries with our secure email solution, Mailock.
Mailock is our versatile software platform, enabling organisations to send customer communication securely via email. Mailock protects sensitive data through end-to-end encryption and multi-factor authentication capabilities, helping our customers to remain compliant, reduce costs, and improve operational efficiencies – not to mention achieving a positive environmental impact through the reduction of print, pack, and post.
With nearly 100,000 customers across 1.8k companies, we give organisations the freedom to exchange information confidently, cost-effectively, and with full compliance, supporting businesses on their digital transformation journey.
Westcoast Cloud are a pureplay cloud distribution partner, enabling over 750 partners to make the most of public cloud services, and the associated security that is needed to support their use.
From email security, anti-phishing software for Microsoft365, to advanced tools and security for Microsoft Azure, we educate and train partners to be able to provide the best-in-class Microsoft security solutions to over 34,000 end user customers.
Alongside these tools we partner with best in breed solutions such as Beyond Encryption. This ensures markets that need that extra layer of security such as financial services and legal organisations, can stop potential attacks and disrupters accessing your customer information without your knowledge. With Beyond Encryptions advanced toolset, customers can control, manage, and maintain the security layers around their emails to ensure that the right information is reaching the right people all the time.