It is time to secure our emails
As well as the challenges already being faced by the country and our industry, there is clear evidence that cybercriminals are taking advantage of the C-19 virus to increase their attempts to access the data of businesses and individuals and to commit fraud and other financial crimes. Regulators, including the Financial Conduct Authority (FCA) and The Pensions Regulator (TPR) have issued warning statements on cybercrime and scams, a clear indicator of the seriousness with which they take this issue and the extent to which it is a problem – see FCA's warning.
Cybercriminals are playing on not only people’s fears around the Covid-19 pandemic – incidences of scams such as phishing have increased in the past few weeks – but also the unprecedented need for so many staff to work from home. This stretches companies’ security systems and increases the potential for communications to be intercepted by adding a new link to the chain. In addition, the end of the tax year and the need to conclude tax and investment planning means advice firms have needed to get client requests and information to platforms and providers in the most expedient way. We’ve seen messages and social media posts saying things like: “Advisers, upload/email us your scanned docs”. Unprecedented times are causing unprecedented actions to be taken. They won’t stop after 5 April and will continue while people are forced to work from home.
Some providers and platforms operate secure upload facilities for some document types, but many more have no such thing.
But in terms of platform to adviser to client, the communication lines don’t appear to be as clear and so I wonder, what are the favoured secure channels of digital communication? An adviser has publicly complained via Twitter to having received emails with sensitive docs attached, from a platform – and the email has been sent with no encryption. This, in light of cybercrime activity, including email hacking and the FCA focus, is worrying to say the least.
In an industry where transmission of data is key and email is the primary means of communication, it makes sense from the perspective of security and efficiency to have one trusted and comprehensive secure email solution that is widely recognised and adopted across the market.
I won’t hide our position on this; we know a thing or two about secure emails. Origo, is working with leading cyber security specialist Beyond Encryption, and we have developed and launched a new encrypted email solution that has been awarded by F&TRC .
If I were an adviser, here are the features I’d want from my secure email provider.
- Challenge questions for opening secure emails for advisers to be replaced with automatic identity verification (for our industry, Unipass is the adviser ID verification service).
- Full tracking of secure emails – who opened the email, and each attachment, and when. And that tracking information to be available 24/7 – a big help with MiFID and GDPR compliance.
- System set-up that is easy and bespoke to your business. Set-up your own trigger words for emails, like “confidential”, “attached” and so on to automatically prompt you to secure emails.
- Ability to brand secure emails to leverage the brand your clients know and expect, and demonstrate that you take security seriously.
- Must be compatible with your existing Outlook software so that all your email remains in your normal inbox and can continue to be linked to your back office software and processes.
- One single system that can be used for emails with all platforms and all your clients.
- The ability to properly revoke emails as opposed to ‘recall’ – which doesn’t always work. I’ve yet to find someone who hasn’t accidentally sent an email to the wrong person… so the ability to revoke an email is invaluable.
- Finally, a secure email service designed specifically for the financial services market.
In a recent Money Marketing podcast, Ian McKenna makes clear the industry’s need to see more platforms and life offices accepting encrypted emails – there are some that have said that they will not accept encrypted email. “That is something that platforms need to be looking at, and frankly changing overnight,” McKenna said.
As for adviser systems, some offer Client Portals as a means of handling secure information and as per platforms and providers secure upload sites, these can be restrictive in terms of ease of access and document types to be uploaded.
Our new, challenging circumstances have served to spotlight the risks that advice firms, platforms and providers face in the way they communicate client data – to which each and every brand has a different process or system, with varying degrees of security, complexity and so risk. For the majority of clients and advice firms, emails are going to be the fastest and easiest channel to use. There can be no argument against securing those emails. It is now essential and platforms and providers will need to get on board with this too.
How we’re helping in the current crisis
To help financial advisers, we’re providing two months’ free use of our Unipass Mailock premium service for Unipass users. Advice firms looking to take advantage of this can go to www.unipassmailock.com, click the Subscribe Today button and enter voucher code “2monthsfree”. There is no automatic renewal and no payment information required to get started. Please note this offers ends on 10th April.
After the free period, the monthly cost should you wish to continue with premium access is £8.50 + VAT per user per month. From a cost perspective, that’s less than sending just three items in the post. However, as stated by Ian McKenna, it’s the security that’s most important.
For our industry, it is fact. Email is the primary communication channel that often facilitates sending and receiving information and data. That is not going away, nor are the cyber criminals. Now, more than ever it is time to secure our emails.
Please go to www.unipassmailock.com and click the Subscribe Today button.