Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Business

Posted By Gbaf News

Posted on September 5, 2014

PREVENTING ACCIDENTAL DATA LEAKAGE

By Eitan Bremler, Director Product Marketing and Management Safe-T

Businesses today suffer greater consequences if data is lost or compromised.  Customer personal details, financial data, and merger and acquisition plans, in the wrong hands can damage a company’s reputation, undermine its brand, or jeopardize its competitive edge. Breaches of regulatory requirements for handling sensitive customer data can reduce customer confidence and lead to fines.

Despite the attention to hackers, and insider fraud some of the worst damage can be caused inadvertently. An employee could attach the wrong file, select the wrong recipient in the email, or even be tricked into sending a document through social engineering. Unknowingly, innocently employees engage in behaviours that heighten the risk of data loss

According to Reuters, this actually happened on June 23rd 2014, when a contractor at Goldman Sachs sent an email containing confidential client data to a stranger’s Gmail account by mistake.

This is not an isolated incident. According to various news reports and the court filing, a customer of Rocky Mountain Bank in Wyoming, asked a bank employee to email loan statements to a third-party representative. Unfortunately, the bank employee sent the information to the wrong Gmail address. To make matters worse, the data file attached to the erroneously-sent email contained confidential information on 1,325 accounts of other customers. The file included names, addresses, tax identification numbers, and loan information.

There are four main ways that confidential information can be leaked through email transactions:

  1. Entering the wrong email address – the (bank’s) email sender is not required to choose for a closed list of email address, and is allowed to enter manual email addresses, in addition there is no validation on the email recipient. This means, the sender might accidently enter a wrong email address (as per the stories above), or even insentiently send an email to a forbidden recipient.
  2. Outgoing emails are not scanned for sensitive data leakage – the content of the emails sent by the bank is not scanned, to ensure sensitive information is not emailed (leaked out of the organization). This means, email senders can add any information they wish into emails, including sensitive information and there is no system in place to prevent such information from leaving the organization.
  3. Emails are unprotected – the email sent by the bank is sent unprotected, allowing the any recipient to open the email without requiring any authentication and/or password. This means that if a wrong recipient receives an email, there is no safe guard preventing them to access the information and attachment within the email.
  4. Email content is unencrypted – the attachment and content of emails sent by the bank is sent unencrypted, allowing any recipient to not only open the email but also read the content. This is the last line of defense in terms of emails; and in many cases organizations do not implement it in order to simplify the process of sending the email and the lack of willingness to manage encryption keys.

Banks who are aware of the above reasons for sending email to wrong recipients, are looking today for solutions to prevent such grave mistakes from occurring, while maintaining their employees and contractors email sending routines and methods.

Such organizations should deploy a secure email solution which consists of multiple layers of defense which together provide multiple fail-safe points along the process of sending an email to bank’s customers and business partners. These layers should include the following:

  • The 1st layer should ensure the secured email is only sent to an email address available within the bank’s CRM. Thus preventing the situation of sending the email to a recipient who is unknown to the financial org
    In case the bank does wish to allow entering email addresses manually, it should ensure it implements the additional layers with even higher importance.
  • The 2nd layer should allow scanning the content of sent emails using a DLP (Data Loss Prevention) system, to ensure sensitive data is not sent.
  • The 3rd layer, is storing the encrypted package within the bank’s network and sending the recipient a link to download the package, rather than the email itself, as it happened in the cases mentioned above. In addition a one-time password or username and password is then needed in order to access the email within the server.
    This layer of protection, offers 2 factor authentication, and prevents un-allowed access to the content.
  • And last, the 4th layer should allow to automatically encrypting the entire content of the email, including the email’s body and attachment.
    Thus preventing the situation of sending an email to a wrong recipient, and them opening the email and reading the content.

Deploying such a solution will allow bank employees and contractors to send encrypted emails securely to customers and business partners, without disrupting their normal email routines and by not requiring the recipient to install software or exchange keys.

Recommended for you

  • How AI Enhances Business Security Systems

  • The Ripple Effects of Interest Rate Adjustments on Consumer Credit and Spending in Mexico

  • Supply Chain Optimization: Strategies for 2025