According to a PressTV report, a recent study by HALOCK Security Labs revealed that email security problems are surprisingly common in the financial industry. More than 70 percent of mortgage lenders asked customers to send sensitive information over non-secure email.
And it's not just a problem with small firms. Major lenders were just as likely to ask their clients to send financial forms, tax documents, W-2s, and other sensitive documents via email.
These lax security standards reveal a fundamental misunderstanding about security. Many clients will assume that email is secure, but it is not. Nearly all email is transmitted as unencrypted data.
In order to improve your clients' email security, you'll need to change the way they think about email. Here's how to do it.
More Secure, Safer Email Starts with Client Education
With all the technical responsibilities you have as an IT professional, it's easy to forget that one of the most important aspects of IT is actually education. Specifically, client education.
No client wants to be lectured on what they are doing wrong. But as an IT project manager or system network administrator, you need show your clients how they can improve the way they use technology. In other words, IT is about helping clients get better technology and helping them use technology better.
As you work with clients to teach them how to use email and transfer sensitive information more securely, here are some tips and points of emphasis:
- Use news stories to provide context to clients. For instance, discussing the Target data breach and how it was caused by a phishing email will give you a concrete example to emphasize the real consequences of lax security.
- Have clients incorporate email rules into their employee handbook. This is an easy way to make sure clients institute your policies on a company level.
- Establish rules for when and where employees can use mobile devices (iPhones, laptops, etc.) to access private data. Emphasize that employees can put the entire company at risk by accidentally downloading malware on their phone or using unsecured Wi-Fi at a local coffee shop. (For more on preventable data breaches, see The Dumbest Ways to Lose Your Data.)
- Ask clients to designate a company-wide security officer. Studies show that having a company security officer greatly reduces the risk of a data breach.
- Use secure portals when sending private information. If your clients need to send and receive secure forms and financial information, help them set up secure portals.
One of the reasons so many firms don't adopt higher security standards is because of the perceived inconvenience. Many companies assume that customers won't want to spend the extra time to log on to a secure portal. They assume that extra hassle will discourage new customers.
In some ways, this issue is all a matter of marketing. With all the news stories about data breaches, your clients can market their new security protocol as added protection from data theft, presenting themselves as a secure option for new customers.
In fact, now is a great time to talk security with your clients. Read our blog post Clients Care about Cyber Security All of a Sudden? Hooray! Here's How to Benefit for more tips on talking data breaches, news stories, and tech security with your clients.
Why a Client's Email Security Matters to an IT Consultant
If a mechanic working on a car noticed that the brake lines were about to snap, but didn't say anything to the car's owner, he could be sued for negligence – and the same concept applies to cyber security lawsuits.
An IT consultant who knows that her client's email usage is less secure than it should be can be sued for not fixing the problem. Your clients might not want to hear it, but you can't let lax security slide. If you do, you may become liable for a data breach.
But don't worry, Errors and Omissions Insurance covers negligence lawsuits as well as other professional liabilities for consulting mistakes, software flaws, and other IT problems. If you have any questions about your liabilities, don't hesitate to talk with one of our insurance agents.