One click is all it takes: Why industry email must improve

Origo says pension providers can take simple steps to better protect themselves

Jonathan Stapleton
clock • 2 min read
Anthony Rafferty is chief executive of Origo
Image:

Anthony Rafferty is chief executive of Origo

Product providers and third-party administrators can better protect themselves by putting in place email security protocols and systems, says Origo chief executive Anthony Rafferty.

I suspect that most people who are reading this have at some point in their email history sent an email to the wrong person, copied in someone they didn't mean to or copied in a response to ‘all' rather than replying to a single individual - or they know someone else who has.

Email systems that offer a selection of email recipients for you to choose from may seem helpful but the wrong click can add the wrong address and in the fast pace of a busy day the email is away and gone before you can stop it.

A hasty recall does not mean the email hasn't been read and the content absorbed, nor does a legal disclaimer at the bottom of an email.

I have no doubt that business and jobs have been lost as a result of such errors.

In addition, nowadays the Information Commissioner's Office (ICO) is in place to monitor the market and will publicly admonish and fine companies who have sent information to the wrong recipient(s) or otherwise not protected their clients' data. This most recently included a £500,000 fine for the Cabinet Office for disclosing postal addresses of the 2020 New Year Honours recipients online1.

For financial services companies who are dealing daily with private and confidential information for their clients, sending communications back and forth both externally and internally, the fallout from such a mistake can be significant, not just in terms of a potential fine but in terms of market reputation, breakdown of consumer trust and the consequent business impact.

With consumers now more confident and comfortable using digital services and corresponding digitally, and greater attention being paid by the regulators to consumer data privacy, this is an issue that is rising up the agenda for operations and IT directors across the industry.

Leading companies are already recognising the need to put in place sound email protocols and secure systems as core elements of their data strategies. Aegon and Royal London are two providers who have implemented two-factor authentication, encrypted email as part of their communication protocols.

Using a military-grade encryption service first secures the email in transit and also ensures that only the intended recipient can access the email, and that the recipient knows it comes from a trusted source. Further security is provided via a challenge question. It can also create an audit trail of when the email was sent and opened, so the sender knows when the email has been read, and for compliance purposes.  

As an industry, our customers expect us to keep their information safe. Email security is just part of the range of security protocols that companies must now employ but it is an important one which, fortunately, can be easily implemented.

Anthony Rafferty is chief executive of Origo

1 https://ico.org.uk/action-weve-taken/enforcement

More on Risk Reduction

Just reports £1.9bn of bulk annuities in 2021

Just reports £1.9bn of bulk annuities in 2021

A total of 29 deals range in size from between £3m and £250m as H2 saw higher demand

James Phillips
clock 18 January 2022 • 2 min read
Bulk annuity providers neglect UK Stewardship Code

Bulk annuity providers neglect UK Stewardship Code

Insurers make errors on if the code applies to them, despite general ESG progress

James Phillips
clock 13 January 2022 • 2 min read
Standard Life managing director of defined benefit solutions Justin Grainger

Imperial Tobacco in £1.8bn buy-in with Standard Life

Biggest buy-in of 2021 so far is Standard Life’s largest deal as business ramps up

James Phillips
clock 13 January 2022 • 3 min read
Trustpilot