With the average employee receiving around 80 emails per day, email is the most commonly used communication channel for business. Even with the explosion of instant messaging apps and social media, email remains a favoured tool for business with an estimated 140 billion business-related emails expected to be sent worldwide in 2018, up from 109 billion in 2014.
Email’s success lies in its pure pervasiveness as well as its convenience of communication. Ironically, it’s these very factors which also cause email to be one of the most cited information security risks for companies, because as a technology alone, email is not very secure.
For financial services companies, where information security is of paramount importance, ensuring email communications are secure is critical to business continuity. However, the challenge lies in making email secure, without affecting its usability. And this is particularly challenging when using email for external communications.
Today, individuals commonly use an email/password combination to access their corporate mailbox whether on their corporate-owned or personal mobile device. With the rise of Bring Your Own Device (BYOD) many financial institutions have implemented additional technologies such as Mobile Device Management (MDM) solutions to secure access to professional mailboxes. MDM technologies use a container model which creates an authenticated and encrypted area of an employee’s device that separates sensitive corporate information from the owner’s personal data. While this technology adds security and enables internal employees’ email communications, it also puts a lot of restriction on what the user can do and is not applicable to people outside of the organization.
Consequently, banks have had to adopt additional services in addition to MDM to cater for external users such as clients and partners. Such services are often third-party redirection services, where a notification gets sent to the recipient (instead of the actual email) and redirects him or her into a third-party portal. The user receives a different login and password linked to that redirection service to access every email received. In addition to being susceptible to fishing attacks, redirection services offer a poor user experience and significantly decease productivity for all users as their multi-step processes create a lot of friction (i.e. redirection takes time, users must enter additional credentials, etc.).
These security solutions pose considerable challenges for financial institutions which must balance security and convenience in the workplace. On the security issue, there is often one unique authentication tool (a login credential where the email address is public and the password can be easily hacked). On the convenience side, the concern is around the fact that there are two different mailboxes in two different locations which can be complex in their access and use.
Fortunately, data security has evolved. In the same way that we moved from perimeter security to the container model – the upcoming trend is now on data-centric security. By securing the data itself (and not the application), encryption can be applied at the email level, allowing users to only have one mailbox with both personal and corporate emails, all in one place. In other words, the mailbox is secured using the traditional email address and password combination, but each corporate email is encrypted individually. This approach preserves and enforces the security needed by corporate while bringing the convenience user expect.
Data-centric security solves the email challenges previously mentioned:
– By securing the data directly at the byte level, both personal and corporate mailboxes can co-exist in one place.
– Data security removes the need for software, a container and/or a redirection service for the bank’s clients.
– Preferred email apps can be used securely, facilitating multiple mailboxes while improving the user experience which becomes both native and seamless.
– Finally, even if the email account has been compromised, the corporate email remains secure.
APrivacy Secure Email solution enables financial institutions to move beyond MDM and redirection portals that no longer meet customer demands for excellent user experiences. If you would like to know more about the APrivacy Secure Email solution, please contact us.
Digital Security Perfected – APrivacy Ltd. is an award-winning company which combines military-grade data security with a seamless user experience on any platform, any device, anywhere. APrivacy Ltd.’s enabling technology now allows the financial services industry to confidently communicate with clients using their favourite channels leading to increased revenues and reduced costs while meeting the strictest regulatory requirements.
