As e-mail usage becomes a standard way of doing business in banking, security issues have become an increasingly complex matter. Financial services firms looking to minimize e-mail security risks need to put a plan into place.
- Samir Kapuria Director of Strategic Solutions, @stake (Cambridge, Mass.)
- Paris Trudeau Senior Product Marketing Manager, SurfControl (Scotts Valley, Calif.)
- Rebecca Eisner Partner, Outsourcing and IT Practice, Mayer, Brown, Rowe & Maw (Chicago)
- Tanya Candia Senior Vice President and Chief Strategist, Sigaba (San Mateo, Calif.)
BS&T: What are the biggest risks banks face in the area of e-mail security? What do they need to do to combat these problems?
Samir Kapuria, @stake: Many financial services firms are challenged in maintaining the three pillars of digital information security: confidentiality, integrity and availability.
The growing reliance on information communication technologies like e-mail or instant messaging results in a dynamic risk profile. These institutions have to manage an array of threats that could result in business impacts, including information leakage (confidentiality), phishing attacks (integrity) and denial-of-service exploits (availability), to mention a few.
Paris Trudeau, SurfControl: Federal regulations such as the Fair Credit Reporting Act (FCRA) and Sarbanes-Oxley have put financial institutions under increased pressure to secure confidential customer information or face legal liability issues and major fines for non-compliance. Banks must put appropriate Internet and e-mail acceptable use policies in place, invest in staff training, and implement security technologies to combat these issues. Content filtering technology is one of the technologies that can enable the intelligent management of customer data and prevent unauthorized or inadvertent disclosures. It can also protect banks from other e-mail content risks such as spam, viruses and productivity losses.
Rebecca Eisner, Mayer, Brown, Rowe & Maw: For inbound e-mails, the risk is largely a technical and security one. Financial institutions must have sufficient safeguards in place to protect their systems, to screen for viruses, to handle attachments, and other similar security measures. For outbound e-mail, the issues are largely ones of regulatory compliance. The new federal e-mail law, called the CAN SPAM Act, impacts the way all businesses, including financial institutions, conduct their marketing and customer relationship programs via e-mail. In addition, regulated institutions such as banks can find themselves on the wrong side of the regulations due to inadvertent but well-meaning e-mail responses to customers.
Tanya Candia, Sigaba: It's hard to overstate the pressure banks face. Privacy is a huge concern, viruses vigorously attack our networks, and regulatory agencies keep ratcheting up compliance requirements. E-mail is now so ubiquitous that it's indispensable. If banks don't take the right steps it's easy for them to lose their most precious resource: customer trust. This is not just a compliance requirement-it's a business issue. And it's why companies should embrace technologies that don't just do one specific job, like Web portal or content-filtering tools, but suit a broader strategic purpose, like secure messaging. This guards against ID theft and other privacy abuses, intellectual property theft, fraud and spoofing cons, spam, viruses and more, for both e-mail and instant messaging.
- Page 2: To what extent is e-mail-related compliance a matter of tools and technology and to what extent is it about policy, procedures and training?
- Page 3: Are there any pending challenges-new regulations, looming viruses or other security breaches, greater use of instant messaging-that banks should plan for today?