Is Your Organisation Asking For Sensitive Information Via Email? You Could Be Exposing Clients To Cyber Breaches
It is found that 83 per cent of organizations have experienced data breaches from email
As cyberattacks increase, it seems hackers are always one step ahead when it comes to new vulnerabilities. But the truth is, most data breaches are due to the same old weaknesses.
It's understandable to assume that newer technologies are more likely to contain security vulnerabilities, but traditional email remains by far the number one channel for data loss, according to Egress' 2021 Data Loss Prevention Report. It's an important lesson for financial services providers looking to enhance their security, to protect both their data and their reputation.
The report found that 83 per cent of organizations have experienced data breaches from email, with the risks ranging from unauthorized access and disclosure to plain old human error. As a result, it's little surprise that 95 per cent of IT leaders believe sensitive client and corporate data is at risk of loss and unauthorised disclosure on email. Yet for many organizations, it's common practice to ask for potentially sensitive documents or information over email: from bank statements to personal documents.
In 2022, there is no shortage of low-touch technology to circumnavigate this vulnerability, so realistically, for businesses, particularly those in the financial services sector, requesting data via email could unnecessarily be exposing customers to serious security breaches. Leaders within these organizations need to consider whether these vulnerabilities could also trigger compliance considerations. Not only are cybersecurity issues detrimental to customer trust, they could land companies in legal hot water.
Asking for data? APIs should be the obvious answer
Technologies such as APIs aren't new, nor are they particularly complex or expensive, which is why they're so commonly used, especially in business environments. APIs are widely recognized as offering the smartest and most secure way of sharing data, allowing key business systems to directly share and synchronise sensitive financial data programmatically. Along with offering a significant productivity boost, this eliminates the frustrating back and forth of exchanging financial information via email: a manual process that is fraught with risk of error or misharing information.
Across the globe, governments are starting to legislate to introduce programmatic data sharing, and one of the biggest potential benefits is an increased level of security.
Australia's Consumer Data Right, for example, was introduced in July 2020 to grant consumers and small businesses greater access to and control over their own financial data. It mandates that Australian data holders, beginning with the banking sector, must provide their customers with the ability to securely transfer their own data in a machine-readable format.
This introduction of Open Banking, with the ability to easily and efficiently share data, will dramatically improve users' ability to compare and switch between products and services, thus encouraging competition between service providers.
In the process, Consumer Data Right also has the potential to deliver even greater business and consumer benefits by radically reducing the amount of sensitive financial data shared via email. This will significantly reduce the risk of unintended data disclosure and privacy breaches.
Open Finance: The key to smarter sharing?
There are many other areas where cumbersome manual data sharing with third parties presents a major security risk. Every time a financial spreadsheet is emailed back and forth between finance departments, or shared with other external parties such as accountants, there is the potential for this sensitive data to be inadvertently shared with the wrong people- often without the offender even realising their error.
The average Australian small business now relies on more than 40 different applications. Each new application makes it even more cumbersome and insecure for businesses to manually move data between systems. For organisations serving this cohort, manual application processes only exacerbate the time requirements for accessing vital financial services- whether it be finance applications or approvals for payment methods like Buy Now, Pay Later servies.
For the provider, that means longer sales cycles and risk of prospect churn that could easily be avoided.
The concept of enabling small businesses to easily and securely share data from any financial system is dubbed Open Finance. It allows SMBs to harness the data from their most important business systems like accounting, Point of Sale, and eCommerce platforms.
Ultimately, tight connectivity between these systems has the greatest potential to reduce the administrative burden for small businesses – all while enhancing data integrity, security, and inadvertently the customer experience.
The combination of Open Finance and Open Banking presents local financial services providers with a valuable opportunity to further drive innovation through forming partnerships, joining API ecosystems, and more closely engaging with customers in meaningful ways.
In Australia in particular, the government-led move to Single-Touch-Payroll (STP) systems, and cloud-based accounting should only make digital data sharing more attractive. Platforms like Codat are being heavily utilised in enterprise environments, especially in this market, given the proliferation of online business applications that make it easy to aggregate a snapshot of business data. These platforms can offer universal APIs powering Open Finance, by providing standardised and secure access to more than 30 small business systems such as Xero, MYOB, Shopify, and PayPal. Not only does this save hours of admin time, it's a very simple fix for the issues email data sharing presents.
All of this new data-sharing technology is driving a second fintech wave. It places Australian fintech innovators in a prime position to capitalise on Open Finance and offer seamless customer experiences, without the traditional security risk of sensitive emails and spreadsheets falling into the wrong hands.
It's also clear that policy makers recognise the importance of reinforcing enterprise security measures, given the latest string of incentives focused on enhancing cyber security and digitisation of businesses in the Federal Budget.
In short, if your organisation is still requesting information via inboxes, now is the time to look into smarter, more secure options, if not for the financial incentive, then peace of mind.