One Email can Change Everything

Ross MacKenzie

Do you (really) know who sent that email?

How much damage could a single email cause? Just ask Gillian Bridge, who almost lost £400,000 after her solicitors erroneously transferred the long awaited proceeds from the sale of Bridge’s home to a fraudulent bank account. The law firm in question received an email from Bridge’s address detailing instructions to a different bank for the transfer of funds and a clerk duly complied. The problem was that Bridge never sent that email and was the victim of identity theft.

Email is one of the most innovative business (and personal) communications tools ever invented, yet when it comes to the transfer of sensitive information it falls short. For the determined attacker the reality is that most standard email systems have about as much security as a postcard sent through the mail. But when most people can send an email faster than making a phone call or visiting an office, the security implications are troubling. How can you ensure a third party is not reading the message? How do you confirm with 100 per cent certainty that instructions like a change of banking details are legitimate?

As technology evolves and professional organisations such as law firms, accountants or financial service organisations leverage email and other communication platforms to save time and money, security is a growing concern. Customers need to be able to quickly receive and respond to information, but at the same time remain safe in the knowledge that this information is confidential. Additionally user authentication is paramount to ensure that important messages (like a change in banking details) are only accepted when they are legitimate.

Put yourselves in the shoes of that solicitor’s clerk responsible for processing transactions or requests from customers quickly and efficiently. His or her priority is to ensure work gets done on time and is unlikely to be trained in information security or fraud detection. He or she receives a client request from a known email address and processes the request before moving on to the next. Should the clerk be accountable for this mix-up or is it the firm, which hasn’t adequately built protection for these scenarios?

Technology may be the answer, but only if it is applied thoughtfully and holistically. You can effectively wrap protection around your business communication using a number of security products and services. However, before that happens, a thorough investigation of all the moving pieces of the business should be the primary order to understand where the greatest risks lie and what the best course(s) of action will be.

Gillian Bridge did eventually receive her money, thankfully, but only after a drawn-out process involving a great deal of time, effort and stress on her part. You can be sure the next time she chooses to work with a professional services firm many more questions will be asked.

The moral of this story? In our view, any company who can proactively show its customers exactly how their information and livelihood is being protected will stand head and shoulders above the competition.

Related Articles

Cobweb launches their Microsoft 365 Managed Service

Enabling our customers to benefit to maximum advantage from the features and functionality of Microsoft 365, supported by the expert...

Read More

8 reasons why you should move to the cloud

Discover why the cloud is an obvious choice for businesses nowadays with our 8 reasons why infographic

Read More

Microsoft 365 updates announced at Ignite 2019

At Microsoft Ignite 2019, Microsoft announced six innovations to Microsoft 365, aimed at helping users complete their work as effici...

Read More

Get ready to hang up on Skype for Business Online

Skype for Business Online will retire on 31 July 2021 so prepare in time by migrating to a great alternative – Microsoft Teams

Read More