By Rom Hendler
Maybe it’s time to change our attitudes.
As the pace of cyber attacks continues accelerating, perhaps it’s time we abandon hope that we may not be attacked and begin instead behaving as if we will be. Perhaps we should not ask if we’ll be hit, but when.
Statistically, such a mindset shift would not be unfounded. In the financial industry alone, companies reported 703 cyber attack attempts per week in Q4 2021, a 53 percent increase over the same period in the previous year. Some studies estimate that, on a global scale, the rate of cyber attacks is one every 10 seconds.
If you’ve found yourself on the wrong end of the stick, you know that cyber intrusions are not cheap to manage. For instance, IBM’s most recent report on cyber attacks found that the financial industry spent the second-most of any industry fighting off attacks, with an average cost of $5.72 million per data breach. And it was only a couple years ago that Accenture found it to be the most expensive industry from which to fight attacks. Simply put, financial institutions are in a tough spot.
So, how can we take the fight to the bad guys?
Gather your troops (and their inboxes)
Start with this: It’s not the folks in the black hats you should be paying attention to. In fact, to paraphrase a famous movie, the call is probably coming from inside the house. Recent data from The Judge Group found that 95 percent of cybersecurity breaches are made possible by human error. This means you should start not by looking outside the city walls, but by looking inward.
The reason attackers focus their efforts on human error is simple. Human users are always the most vulnerable entry point in an organization’s security apparatus. And the most vulnerable entry point within that vulnerable entry point? Email. It offers a huge target, after all Roughly 333 billion email messages will be transmitted daily in 2022. Combine the potential for human error with email’s massive quantities, and you’ve got a very risky security situation on your hands.
Even with email security solutions, employees often build shortcuts and workarounds to data protection and regulatory compliance practices—unlocking the door for people you don’t want inside. It may feel to employees like they’re making their jobs easier, but they’re often severely weakening your bank’s protection in the process.
It’s not necessarily or entirely their fault, though. Many IT security solutions—especially email ones—are just too hard to use, with countless steps and hurdles leading to low employee compliance. This is where the danger creeps in. And this is where automated one-click compliance may offer exactly what companies need to survive.
Set some (virtual) ground rules
Email security solutions are extremely effective at keeping data safe. They just need to be easier to set up and use, and minimize the effort required by employees in the process. For instance, when upgrading your email security, first ensure the technology has artificial intelligence and optical character recognition capabilities. In a quality solution, AI and OCR will work together to learn and identify which types of data are compliant with federal and state regulations, and which are not—making things easier for your daily users.
This is also where automated one-click compliance comes into play. In the financial industry specifically, there are a number of regulations you’ll want to consider when implementing your email security solution. The General Data Protection Regulation obviously affects nearly every business today, despite its European focus. The California Consumer Privacy Act holds a similar weight. And, of course, a regulation like the Payment Card Industry Data Security Standard is critical for financial organizations safeguarding credit and debit account data.
An automated one-click compliance tool can simplify the entire process, easily enabling users to screen emails and ensure they are compliant with any and all regulatory guidelines. This can make a material security difference, as leading solutions will essentially scan and filter users’ emails, automatically encrypting outgoing messages that include sensitive data—and keeping your information secure. All it takes is one click, on each of the relevant regulations, and users are on their way.
Go to (figurative) battle
The benefits of a “set it and forget it”-type solution like this are obvious. It makes things easier for users, and it improves security and compliance along the way. But there’s more to it than that, too. In the banking industry, there are a number of deeper security benefits from a one-click compliance solution, including:
Creating less human error and lower risk: As mentioned earlier, attackers thrive off human error. The less susceptible you are to it, the less danger you’re in. Automated one-click compliance takes a great deal of pressure off your employees and users.
Reducing the need for compliance training: One-click capabilities mean employees won’t have to be fully educated and up-to-date on the ins and outs of email security in order to succeed. What needs to be encrypted? How have regulations changed? The solution should manage these questions on its own. By continuously learning and working in the background, it can easily scan each message, secure sensitive materials and keep the line moving. This means no judgment calls for workers, and no extra effort.
Increasing adoption: Many email security solutions require a cumbersome authentication process with constant accessing of portals and re-entering of credentials necessary just to send or read encrypted email. That’s not the case with automated one-click compliance, and once employees see how straightforward the approach is, the more they’ll use it. And the greater the adoption, well, the greater for everyone.
Many employers today have resigned themselves to unending problems with email encryption and security, leading to minimal employee trust—and an unenthusiastic attitude—regarding potential solutions. However, intuitive automated one-click compliance solutions will make things easier for employees across the board, enabling real people to send safe and secure email.
Rom Hendler is the chief executive officer of Trustifi, a provider of SaaS-based security and email encryption solutions.
