One click is all it takes: Why industry email must improve

Origo says pension providers can take simple steps to better protect themselves

Jonathan Stapleton
clock • 2 min read
Anthony Rafferty is chief executive of Origo

Anthony Rafferty is chief executive of Origo

Product providers and third-party administrators can better protect themselves by putting in place email security protocols and systems, says Origo chief executive Anthony Rafferty.

I suspect that most people who are reading this have at some point in their email history sent an email to the wrong person, copied in someone they didn't mean to or copied in a response to ‘all' rather than replying to a single individual - or they know someone else who has.

Email systems that offer a selection of email recipients for you to choose from may seem helpful but the wrong click can add the wrong address and in the fast pace of a busy day the email is away and gone before you can stop it.

A hasty recall does not mean the email hasn't been read and the content absorbed, nor does a legal disclaimer at the bottom of an email.

I have no doubt that business and jobs have been lost as a result of such errors.

In addition, nowadays the Information Commissioner's Office (ICO) is in place to monitor the market and will publicly admonish and fine companies who have sent information to the wrong recipient(s) or otherwise not protected their clients' data. This most recently included a £500,000 fine for the Cabinet Office for disclosing postal addresses of the 2020 New Year Honours recipients online1.

For financial services companies who are dealing daily with private and confidential information for their clients, sending communications back and forth both externally and internally, the fallout from such a mistake can be significant, not just in terms of a potential fine but in terms of market reputation, breakdown of consumer trust and the consequent business impact.

With consumers now more confident and comfortable using digital services and corresponding digitally, and greater attention being paid by the regulators to consumer data privacy, this is an issue that is rising up the agenda for operations and IT directors across the industry.

Leading companies are already recognising the need to put in place sound email protocols and secure systems as core elements of their data strategies. Aegon and Royal London are two providers who have implemented two-factor authentication, encrypted email as part of their communication protocols.

Using a military-grade encryption service first secures the email in transit and also ensures that only the intended recipient can access the email, and that the recipient knows it comes from a trusted source. Further security is provided via a challenge question. It can also create an audit trail of when the email was sent and opened, so the sender knows when the email has been read, and for compliance purposes.  

As an industry, our customers expect us to keep their information safe. Email security is just part of the range of security protocols that companies must now employ but it is an important one which, fortunately, can be easily implemented.

Anthony Rafferty is chief executive of Origo


More on Risk Reduction

Livingston, West Lothian, Scotland

James Walker scheme secures £43m full buy-in

The deal was completed in January and covers around 300 members

Hope William-Smith
clock 17 May 2022 • 1 min read
Trans-European Port Services is headquartered in Hull.

Trans-European Port Services agrees £4.4m buy-in

Buy-in set to secure the benefits of six pension scheme members

clock 12 May 2022 • 1 min read
Grainger: “There is a certain amount of reporting that trustees are now having to do as part of their trustee guidance."

All bulk annuity providers now have a net-zero target

LCP research finds all UK-based insurers have now set a target for their asset portfolios

Hope William-Smith
clock 06 May 2022 • 2 min read