Manual business processes are expensive to resource from a human capital perspective but also rely on person-to-person communication, which for expediency and perceived traceability is often conducted via email.
Consider typical arrangements for most people. If they forget their online banking password, they can just reset it via email. If they need to work on some confidential customer files over the weekend from home, they email it to their home account and if they want to invoice a client, they email them an invoice with their account details. All these actions are easy, simple and frequently conducted across the country, which can also make it exceptionally easy for someone else to do if they gain access to your account.
GI Brokers or Financial Advisers, Asset & Wealth Managers typically handle large numbers of emails.
They are the party in the middle, dealing with the insurer, customer, and other parties such as loss adjusters and of course, their own colleagues. Much of this communication is sensitive and might often be sent via insecure email. This proliferation of email attachments driven by lack of automation is exposing insurers, brokers and customers to considerable and avoidable risk.
Aside from being insecure in transit, it is difficult to prove successful delivery to the recipient, the action taken by the recipient, whether they share internally or externally or how they store the potentially sensitive information.
Due to the escalating threat of email, we expect tighter controls over inbound emails with attachments to become commonplace. In the immediate aftermath of the WannaCry attack, it was reported that Aviva closed their systems to inbound emails with attachments for 4 days.
Compliance & security
With the increasing threat posed to organisations by inbound email attachments and the tightening regulatory regime and increased scrutiny in all sectors, serious thought is needed right now about replacing email attachments as the primary means of communication.
Stop sending – start sharing
If your firm is overly dependent on email attachments for customer communication, then make a management commitment to stop it, or at least reduce it over time.
For example HMRC clearly states to all taxpayers: “HMRC will still never email you about rebates or to ask for your bank account details and these emails won’t contain any confidential information.”
Taxpayers are conditioned to be suspicious of sensitive emails that appear to be from HMRC as opposed to being trusting.
Perhaps the Financial Services industry or individual firms could make a similar pledge?
Email attachments are not the only means of transmitting documents (usually PDFs) from one person to another. The simplest way to stop sending is to share the documents in a secure online environment, which can be securely accessed by the firm and client.
At LS Consultancy, we offer a complete solution with a range of cost effective, regulatory compliance and marketing products and solutions including copy advice which are uniquely suited to supporting firms.