Ouch. That headline is just not good, anyway you look at it. As reported in an SC Magazine article today “An email sent in error that contained details of General Motors’ upcoming flotation could have cost Swiss Bank UBS an estimated $10 million.”
This data security lapse appears to have resulted in UBS being dropped as an underwriter for the plan by GM’s owners to sell $10bn in common stock on November 18, to partially payback some of the $50bn US Government bail-out the company received during the financial crisis.
This mistake should never have been allowed to happen. While humans do make mistakes, there are any number of IT security systems that could have prevented or reduced the risk of this mistake. Let’s review some obvious ones:
• Any communications on such a large financial deal should have been sent securely, requiring user authentication.
• Content monitoring and filtering software could have flagged the email for sensitive information and quarantined the email until it had been approved for sending.
• Sending sensitive financial information via secure file transfer would have allowed the download link to be deactivated once the error was detected.
• Sending sensitive information via secure file transfer would also have resulted in a return receipt from any unintended recipients allowing earlier detection and reduction of further downloads.
It’s very hard to understand why at least one of these data security systems was not in place to mitigate the risk. With the size of financial transactions that are at stake, it seems a wise and prudent investment for financial institutions to put in place IT safeguards against human error. While email is wonderfully accessible and easy to use for business users, it is far too easy to make an inadvertent mistake that unfortunately can have significant financial implications.
At Accellion we help a large number of financial institutions, including the Bank of Scotland, Houlihan Lokey Howard & Zukin and Deloitte & Touche, protect their confidential information with secure file transfer solutions that reduce the financial risk of business user mistakes. We understand that to err is human.