Email channels will always carry risk. For wealth management firms and private banks that continue to send out reports or confidential communications to clients, it’s increasingly a matter of “when” rather than “if” something will go wrong.
The sheer scale and tactics employed by bad actors make it difficult for firms to remain vigilant at all times. Most of us will be familiar with spam emails. An estimated 3.4 billion spam emails are sent every day, meaning that many are able to bypass spam filters and reach unsuspecting end users.
Likewise, we are so used to phishing emails that it can be easy to dismiss them as somewhat harmless. However, according to a survey undertaken in the UK, 83% of businesses that suffered a cyber attack in 2022 reported it to be a result of phishing.
It’s a similar story across the EU, with the European Union Agency for Cybersecurity (ENISA) reporting that phishing was the most common channel used to access security systems in 2022.
Instead of dismissing phishing emails, we should in fact be worried about other tactics as well as spam and phishing attempts. There can be as many as seven different approaches to email attacks, ranging from email-borne viruses and malware to whaling (a type of targeted phishing), thread hijacking, and of course social engineering.
The risks for wealth management firms
When we focus on a wealth context, the threats become more acute and damaging. And they have been very real for over a decade now. Take for example the case back in 2012 where an accountant lost $350,000 at her wealth management firm. The approach was both simple and devastating. The fraudsters targeted Ann Scott, the First Lady of Florida and wife of Governor Rick Scott, by impersonating her email. They added an extra “n” to the email address, successfully duping the accountant into making transfers.
Although this happened in 2012, attacks of this type are by no means a thing of the past. In fact, it is getting worse. Across the entire financial services industry, there has been a 137% increase in Vendor Email Compromise (VEC) attacks.
Specifically, there was a 71% increase in Business Email Compromise (BEC), which is the tactic described above where executives or employees are impersonated to request fund transfers.
Finding an alternative to email channels
There are of course security measures to combat these risks, both at an organizational level and a regulatory one. Within firms, a lot of the emphasis is placed on personal responsibility and employee training. But this is never going to be enough.
Ensuring email security is such a large and ongoing undertaking that it is essentially impossible to guarantee safety at all times. Whether through organizational mismanagement or human error, there are always going to be cracks in the system.
Instead, wealth management firms and private banks should look at alternative secure communications platforms that inherently carry less risk. The standout channel in this regard is Secure Messenger.
What is Secure Messenger?
Secure Messenger emulates how clients like to communicate in their everyday lives, offering a messaging experience that is similar to WhatsApp, Facebook Messenger, or similar popular messaging apps.
However, unlike these apps (or email communications), Secure Messenger operates behind the ebanking or client portal authentication area. As a result, it is embedded into the security and compliance protocols of the organization’s own app.
The benefits of Secure Messenger
This approach carries many benefits. For example, it allows for a more convenient and engaging interaction experience. Unlike email, Secure Messenger replicates how clients prefer to communicate, meaning that they are more likely to send a text and increase the frequency of interactions.
What’s more, Secure Messenger forms part of an interconnected, omnichannel platform. At any time, the conversation can be escalated to a Video & Voice call or even a secure Co-Browsing session. The result is that advisors can increase interactions and build trust over time with their clients.
What about security?
In terms of security, the key difference is that it makes it much easier to exchange documents and have frank conversations in complete confidence.
Any reports, research, conversations, or sensitive information is automatically shared and stored in an authenticated environment, in accordance with regulatory guidelines. This allows organizations to avoid sending the monthly performance or investment reports out via email, while guaranteeing that clients remain up to date.
This top-level security is achieved in a number of ways:
- Data security. Firstly, any data is safely stored and never shared with third parties. This both protects client privacy and contributes to regulatory compliance standards.
- Secured authentication. The firm or private bank’s own authentication security protocols, whether passwords or biometrics, can be used to prevent unauthorized access.
- Native call solution. Secure Messenger allows you to retain full data control as there is no third party data processing of video calls and voice calls.
- Data Leakage Prevention (DLP). An additional layer of protection to make sure that information shared by the bank is sent to the right person.
- Flexible recording options. Industry regulations for communications recording are strict in the wealth management sector. Secure Messenger safely records all interactions.
Embrace secure communication practices
When it comes to wealth management contexts, the role of emails needs to take a backseat or be phased out altogether. Although still an industry standard, the risks associated with email – particularly when it comes to sharing sensitive information – are too great to ignore.
Instead, firms and banks should look for secure channels that offer a convenient, natural, and authentic experience. Every one of these essential features is a critical aspect to protect client confidentiality and boost trust, while allowing internal employees to include sensitive message content without risk.