Who really sent that email?
An article published in the Sunday Times recently, highlighted a new wave of fraud that targets professional firms and their clients. ‘Who really sent that email?’ focuses on the increasingly sophisticated tactics used by con artists to delete, intercept and impersonate firms to steal money. Banks are now taking a hard line, saying that they cannot be held responsible for the lack of security on client email accounts.
And this is a problem that is on the rise with the number of scam alerts issued by the Solicitors Regulation Authority already almost double that of last year. So what should IFAs be doing to protect themselves and their clients from fraudsters?
The Information Commissioner’s Office (ICO) has already said that sensitive personal data should not be transmitted by email unless encrypted to current standards but many professional firms are still not encrypting email communication. Best practice advice from the ICO recommends: ‘Protection cannot be left to chance and it is no longer enough to do only the bare minimum necessary to comply with the law: proper safeguards have to be built in from the first principles, not bolted on inadequately as an afterthought.’
New EU Data Protection Regulations are to be introduced this year and the prognosis is for tougher sanctions with fines of up to 2% of turnover. This could have a significant impact on firms that make mistakes.
One option is not to use email at all and use a secure integrated document portal that forms part of the EDM system for document exchange and encrypts every item of data going back and forwards to the highest levels as used by the FBI, Government and Banks. Not only is the data encrypted during transmission, all files and data are encrypted in storage in the Cloud making it impossible for hackers to penetrate.
IFAs bound by a duty of client confidentiality are increasingly turning to integrated document portals to ensure their electronic communication is secure. Use of a portal guarantees complete security and traceability through a full audit trail and allows users to publish documents to an individual notifying them via an email address. The document is securely uploaded to the Cloud and an email notification sent to the client advising them that there is a document for their attention and they can access and view documents published to them via the portal website or directly from their phone or tablet device. Use of this method ensures that an email is not sent to the wrong recipient; another common data breach reported by the Information Commissioner’s Office.
Security is key here as the mobile app allows the user to choose to pre-download documentation securely onto the device knowing they will have access to the documents even if they do not have access to the Internet at the time of their meeting. They will also be safe in the knowledge that should their device go missing or get stolen the documents stored on the device are fully encrypted.
While fraudsters, are constantly on the look out for ways of intercepting and impersonating firms’ emails, the securing of client communication cannot be left to chance. Use of an integrated document portal that is part of a comprehensive electronic document management system guarantees that both the firm’s and client’ documents are completely secure with complete traceability, full auditing and compliance.
Virtual Cabinet is the preferred document management & portal solution of professional firms and combines industry strength document management with secure client communication and the electronic sign-off of documents through an integrated portal. www.virtualcabinet.co.uk. Phone 07866 485901 or email firstname.lastname@example.org quoting Jigsaw