The simple fact of the matter is that many of our online practices simply aren't safe enough. The ease and convenience of services we take for granted, like email, do not offer the security that a business needs if they are going to operate in the modern age. If we are to stay secure for our own needs and to maintain the trust of our clients, we all need to re-think our current practices.
Email is a highly efficient platform on which to send information with attached documents. But how safe is it to use? Not very. A quick web search will give you scary details of some high-profile email security breaches. Only a few months ago Russian hackers managed to gain access to president Obama’s private emails.
This is one of many recent government targeted cyber-attacks. The question this raises is as obvious as it is worrying; if government organisations can’t prevent hackers from accessing their email store, then how is your business expected to?
Admittedly Russian hackers are unlikely to want to see the video of the cat that I emailed to Judy in Accounts. However details of my client’s financial transactions are stored on the same server. These may be of more interest to new-age criminals. And before you say it, ‘my business is too small to attract a hacker’s attention’ is exactly the attitude these people want you to have. What makes your business a target isn’t being large or successful. Size isn't a barrier in stopping these people. The fact is that we can’t afford to not do anything anymore. You are only ever one data security breach away from having to tell your clients that it’s time to change their bank details because you didn’t put adequate safety measures in place.
For this reason emailing documents like tax returns has already been outlawed in the United States. There is no doubt that the UK and Australia will follow suit very soon. Plans to do so are already underway. Of course, just because email is not a secure platform that is no reason to completely abandon it for all of your communications. The vast majority of communicating with other people, particularly in a business context, takes place over email. To cut yourself off from that is to cut yourself off from engaging with clients and potential business prospects. Instead, like all activity online, one simply needs to be cautious when using email and act in a safe manner.
Much of what we send does not require high levels of security/encryption. It all comes down to the ‘sensitivity ‘of information in or attached to the email. Emailing a client with a request for information or payment is perfectly safe. However them replying with their card details to process that payment is less so. Embrace tools and behaviours that are in line with the level of security the task at hand requires. So what can businesses do to protect themselves and their clients from email security breaches? Here are a few suggestions to ensure your documents are secure in-transit:
· POST It costs money. It takes time. But one thing we can say for good old-fashioned post is that it is safe. The sad truth is, it’s easier for a hacker to break into your network than it is for them to break into the post office.
· ENCRYPTED EMAIL There are several companies offering secure email solutions (IBM, Sophos, and the other big names you’d expect). This usually comes in the form of a bolt on to your existing email system. The security around encrypted emails means that even if the email itself is intercepted, the hacker would need the relevant decryption key to open any document attachments.
· ONLINE PORTAL AND DOCUMENT MANAGEMENT SYSTEM Having an online portal means that rather than sending documents via email, they are sent to a secure website. The recipient (i.e. your client) would have their own unique username and password to access this website. The upside of this is that recipients can refer back to the documents from anywhere they have a web connection. Many of these portals also offer a digital signature service for document approval.
If your business is regulated you will need to consider staying compliant. Any encrypted email or portal system would need to comply with online document storage regulations. If your documents are stored in Hong Kong, they will be subject to the local regulations there (not yours). So having documents hosted outside of the UK is not worth the risk. Always ask the provider where you documents will be hosted.
Another consideration is ease of use. We all have a few of the old-school clients who still don’t like working with emails. Try to introduce a complicated email decryption process to them and they might just take their business elsewhere. Finally, integration is key to all of this. A good client portal for example would link to your existing CRM and/or electronic document management software (EDMS). The right level of integration should allow reporting on whether the documents you send are being viewed or actioned.
Issues around email security are not going away anytime soon. Hackers are getting smarter and email traffic is increasing at a rate of around 30% year on year. With so much of our crucial business correspondence going through email, all businesses need to take time out to look at secure alternatives.