A Wyoming bank by the name of Rocky Mountain Bank had accidentally sent a confidential email to the wrong Gmail address. To make things worse, the employee had attached a sensitive file that was not meant to be sent at all.
The attachment contained sensitive information of 1325 personal and business customers which included their names, tax identification number, address, social security number and their loan information.
The employee had tried recalling the email but that did not work out. The employee had then sent a second email asking the person to delete the email attachment without opening or reviewing it.
However, there was no response.
Consequently, the bank had asked Google to reveal the identity of the account holder who had received that email. Google had refused to give up the name of the person without a court order.
You can definitely understand the bank’s plight in this situation. But there’s very little you can do to fix the situation if it’s beyond your scope.
It’s situations like this that remind us that Care is the absolute, but Prevention is the Ideal.
The nature of information held by financial institutions is amongst the most sensitive and heavily regulated. That’s why companies in the financial services sector need to place paramount concern on customer data.
Financial Institutions are trusted organizations for guaranteeing that their customer’s data is safe, secure and confidential. These firms have an enormous responsibility on their shoulders to uphold and maintain their client’s trust.
Everyday employees at banks and financial institutions share high-value data and sensitive information via email.
Under regulatory security policies you are required to protect this data from unauthorized access.
Regulations that Financial Institutions must satisfy
Under the FINRA (The Financial Industry Regulatory Authority) regulation banks have to safeguard any financial information they have about their clients.
The EU General Data Protection Regulation (GDPR) is designed to safeguard the privacy of EU residents and to make sure that information is used lawfully and transparently.
Similarly, to GDPR, the CCPA is aimed to protect the personal information of California residents.
The Payment Card Industry Data Security Standard (PCI DSS) is a security framework that requires that all merchants that process credit card information should maintain a secure environment.
The GLB Act (The Gramm-Leach-Bliley Act) ensures that financial institutions protect the personally identifiable information of their customers.
The first line of defense against potential cybersecurity threats is you.
Real-time data protection with SendGuard’s DLP solution
SendGuard’s key premise is to ensure that your users do not make the mistake of sending out confidential emails to the wrong recipients as well ensuring that your organization remains compliant with the necessary regulations.
Outlook’s auto-fill feature makes it all too simple for users to enter the wrong email address, especially when in a rush. This then in turn could cause mistakes which could have disastrous effects.
The SendGuard add-in prompts users with several informative displays e.g. review recipients, review attachments etc. (see image below):
With the option to prompt users to confirm recipients and attachments before they send out emails, SendGuard gives an added layer of protection to both user and organization. Users have will still have the ability to remove any unwanted recipients or attachments.
A key feature in SendGuard is its easy to use and configurable DLP (Data Loss Prevention) feature.
The DLP feature allows users to get notifications/prompts before they send out emails with sensitive information that could impact compliance e.g. Credit Card details, Social Security Numbers etc.
The built in DLP feature helps solve this issue and can scan the email searching for credit card numbers and other potentially sensitive data so that the user can be prompted for confirmation before any emails are sent out.
You can set the sensitivity for different types of data so that certain emails can also be blocked,
SendGuard is already used by many large financial organizations around the world to abide by the main industry specific and global risk and compliance regulations that financial firms now have to follow.
If you are interested in trying out SendGuard DLP please contact us at firstname.lastname@example.org for a demo and/or on-site trial.
Editors Note: This post was originally published on December 7th, 2021 and has been recently updated for accuracy and comprehensiveness.