If there's one tool that has transformed the way agents and advisors do business today, it's email. Email is vital for both personal and professional use—connecting people from thousands of miles away or from a few doors down the hall. Its use has grown rapidly over the past decade, and daily there are over 269 billion emails sent and received worldwide.
And because that number is so high, each message you get from clients, prospects and business colleagues comes with its own security risks. They expose you to viruses, ransomware attacks and other malware threats that could slow you down, at best, or, at worst, lead to regulatory actions and litigation.
If you sell life insurance, annuities and other financial services products and collect no protected health information, you face one level of information security compliance anxiety.
If, in the course of your activities, you collect enough protected health information to become a health plan's business associate, you face another, much higher level anxiety.
Worries about increasingly sophisticated fraudulent phishing email are putting financial professionals' very high level of anxiety in overdrive.
Based on a study by Intel Security, 97% of people worldwide are unable to identify fraudulent phishing emails: messages that try to trick consumers into sending sensitive information. That means the vast majority of people—and the companies they work for—are vulnerable to attacks that could result in thousands to millions of lost dollars or identity theft. In fact, the Federal Bureau of Investigation reports that organizations have lost more than $2.3 billion in phishing scams since 2013.
It's become critical for companies to give email security awareness training to employees and to educate shareholders and customers too. Every person who interacts with your business should have an understanding of what to expect from your online business communications. And that should be communicated to them regularly—either by email, mail or the company website.
Listed below are several principles your company should include in its email security awareness training:
1. Be wary of links.
If you receive an email alert about one of your online accounts, instead of clicking the link, open your browser and go directly to the account page to see if there is a problem. Fraudulent links are one of the primary ways hackers break into a computer or an online account. To verify the alert, you should check the account firsthand. If it's legitimate, the alert should appear online. Before clicking on a link sent via email, always hover over it to see the URL address and determine if it leads to a trustworthy site.
2. Define what company emails should look like.
One of the telltale signs of a phishing email is when the appearance differs from other email messages sent by the same company. By clearly defining what emails from your company will look like and sharing that information with staff and customers, they'll be better able to detect if an email is posing as your company.