Protecting customers and employees from fraudulent email. Maintaining brand trust and credibility

Organisations must ensure they invest effectively to protect against an ever-evolving and expanding threat landscape.

Meagan Burnett,
Chief Operating Officer

Financial Services Provider in South Africa, focused on investment excellence

275bn

Assets under management

150

Employees

50.12%

M & G plc Shareholder

Offices in:
  • Johannesburg – South Africa
  • Cape Town – South Africa
  • Durban – South Africa
  • Port Elizabeth – South Africa
  • Windhoek – Namibia

 

One of South Africa’s top 10 largest investment managers

Financial services companies are a favourite target for cyber criminals. These organisations hold vast amounts of personal and financial information and are in involved in moving large amounts of money on a daily basis. Protecting themselves, their customers and employees from attacks is a priority to avoid financial and reputation loss.

Across the financial services sector, businesses, employees and customers are using email as an important communication tool, making email risk high in this sector. Securing and safeguarding email communication is critical for companies so that customer trust and credibility are maintained.

Financial services companies face persistent email threats on a daily basis that are both customer-target and employee-target attacks. Impersonation, phishing, spoofing and business email compromise are just some of the methods cyber criminals are using, hijacking the name of brand and/or an employee to trick the receiver of the email into inadvertently sharing information or even making money transfers straight to a criminal.

Organisations must put in place suitable measures that will ensure received emails with their brand identity are the real thing, and all fake emails never see the light of day.

Prudential has an obligation legally, ethically and morally to protect its significant customer base and employees working from all their offices, from email fraud and their information being compromised.

Prudential turned to Sendmarc to put in place the highest level of protection and safeguarding of the company name, so that email fraudsters could not illegally and illegitimately use it for their own gain. Their priority was for their customers and employees to feel safe that communication purporting to be from Prudential was in fact from them. Trust in communication from Prudential was critical.

Prudentials’s Requirements

header-image-card-bg

Full protection

Full protection of its customer and employees from being targeted by fraudsters illegitimately using the Prudential name.

header-image-card-bg

Legitimate email

Only legitimate email bearing the Prudential name reaches a customer’s or employee’s inbox.

header-image-card-bg

POPI compliance

Compliance with POPI requirements to take every measure to safeguarding customer information.

header-image-card-bg

Visibility into email environment

Have visibility into their entire email environment and manage all legitimate and illegitimate emails using the company’s name.

header-image-card-bg

Email delivered as intended

All legitimate outbound email reaches its intended destination.

header-image-card-bg

Business as usual

No disruption to the current email environment, with no user or business impact.

header-image-card-bg

Protected within 90 days

Protected state and highest level of security ie, P=reject within 90 days.

header-image-card-bg

Technical expertise

Provider who understands the technicalities of the entire email application and infrastructure layers.

header-image-card-bg

Holistic perspective

Provider who looks holistically at the environment and can work with other service providers.

Complexities of the Prudential’s Environment

  • Multiple providers of email services
  • Multiple providers of infrastructure services related to email
  • No single point accountability for entire email ecosystem
  • No single view or reporting of email real estate
  • Multiple security protocols across infrastructure and application email services
  • Different standards, protocols and policies applied to inbound and outbound emails

Technical Solution

DMARC: Domain-based Messaging Authentication, Reporting and Compliance

Results achieved with Sendmarc solutions

  • Achieved P=reject within 3 months
  • Only legitimate emails with Prudential name delivered to an inbox
  • All illegitimate emails blocked, never reaching an intended receiver
  • Email environment monitored and continual refinement as environment grows
  • Proactively protects against and prevents phishing, impersonation and spoofing attacks
  • All inbound and outbound email working from all email service providers, with correct configurations
  • POPI compliant with highest security and safeguarding levels of customer information
  • Trust and confidence in Prudential branded email
  • mail-share