Biscom recently conducted a survey to better understand how people share confidential information. We had a sample size of over 600 people in banking and financial services, healthcare, legal, government, and other verticals that have regulatory and other compliance requirements. Banking and financial services were one of the largest groups to respond and the results were surprising.
In the slice of respondents who were in the financial services sector, it was clear that companies were overwhelmingly concerned with ensuring the security of their information and documents, and had done an excellent job implementing both security policies and investing in secure solutions to help ensure employees had the knowledge and tools to communicate securely. In fact, 96% of all banks maintained or increased their investment in security products.
However, even with available secure sharing tools, two-thirds of respondents said they were so busy they simply did whatever’s easiest when sending out confidential information – which for most of them was email. Unfortunately, email is considered insecure yet employees continue to use email to share confidential agreements, client data, and other office documents. Almost half admitted to accidentally emailing sensitive data to the wrong person.
The reasons behind noncompliance of established company policies and procedures vary, but some called out aspects such as complexity of the systems, too much overhead and time to learn and use secure tools, inadequate training, and poor integration with existing systems like email. And sadly, over one-third were not aware of the policies or tools that were available to them. Also, it seems that beyond the need to be compliant, employees felt that the tools didn’t add any benefit to them – and stated they would increase their usage if they could see who accessed their secure deliveries, or provided better audit trails for tracking who accessed information and when.
One unfortunate finding is that 84% of people were sending sensitive data insecurely as much or more than a year ago. As the volume of data increases, this means the total amount of confidential information being sent insecurely has been trending up even faster than before.
In our experience working with banks and financial institutions, we found that it’s critical to maintain information security to minimize the risk of a data breach or ransomware attack. Implementing these types of systems also demonstrates thought leadership and being best in class rather than a laggard can be a major differentiator as competition for customers continues to increase.
Based on this data, we have two recommendations: 1) put a priority on investing in the right tool that is quick to learn and easy to use, and explore systems that provide additional capabilities that can add value to the user; and 2) make sure you have regular training for your employees around your security policies and tools, why they are important.
Article First Featured in MassBankers Newsletter