The State of Email Security Report
Actionable steps to improve your organization’s email security and cyber resilience.
Founded in 1858, Butterfield Bank is a full service bank and a provider of specialized offshore financial services operating in 11 countries with 3,000 email users. With headquarters in Bermuda, the Bank also has additional operations located in the Cayman Islands, the Bahamas, Barbados, Canada, Guernsey, Hong Kong, Malta, Switzerland and the United Kingdom.
Internationally recognized as an award-winning financial institution, the Cayman Islands subsidiary plays an important role in the local economy providing a comprehensive range of services to local and international markets with private, commercial and institutional clients. As of 30 June 2007 the bank had $11.7 billion of assets under management and
$137 billion of assets under administration.
Butterfield Bank’s employees rely on email as a primary form of communication with customers, suppliers and stakeholders. James Knapp, CTO of Butterfield Bank Cayman comments: “Although security regulations mean we are not permitted to take financial instructions by email, we still rely on email for customer communications and to help
maintain high standards of customer service.”
The significance of how important business continuity systems are was brought into sharp focus in September 2004 when the full force of Hurricane Ivan devastated the island’s infrastructure, leaving many businesses unable to communicate.
The Hurricane damaged over 80% of the island’s buildings and brought with it widespread power outages. James Knapp continues, “The effect on most Cayman business was debilitating. The island was operating on generators and satellite phones but was unable to communicate by email for 7 days which severely hampered normal business operations.
Beyond the financial costs, there were significant implications in terms of reputation; if you can‘t communicate with customers you risk losing them.”
This raised major issues for the Bank’s IT infrastructure. At that time, none of the island banks within the group had effective systems for email continuity in the event of any planned or unplanned communication outages, so searching for an ‘always-on’ solution became a priority. As part of the evaluation process, Knapp also needed to assess additional issues concerning email management, including auditing, compliance, security, archiving, group policies and user authentication.
In 2007, Hurricane Dean was heading for the Cayman Islands and it was essential that this time, Butterfield had an email management system in place that would continue to be fully operational regardless of potential power or communication outages. Knapp comments: “We evaluated a number of different vendor solutions; however, none of these provided a complete answer to the unique and complex issues we had to address.”
Jersey-based Internet communications company, Foreshore, are responsible for providing the Mimecast Unified Email Management service to offshore customers and introduced Knapp to what the system could do. Knapp was intrigued by the combination of email security, archiving and continuity all in one single service.
“The solution was unlike anything I had seen and presenting the business case for its implementation was straightforward,” comments Knapp. “The complete set of functionality meant that it was, in effect, the only way we could meet every email management challenge we faced. We also had the peace of mind that the datacenter was in a sound location, well away from the threat of hurricanes.”
As Hurricane Dean approached, Butterfield’s business continuity plan went into action. Knapp comments: “We have a dedicated emergency management team, whose job it is to make sure that everything is in order ahead of a storm. There are stringent checklists to go through and testing the Mimecast service is now a part of that plan. Unlike in 2004,
this time during Hurricane Dean we were able to continue communicating with clients and staff.
Even though we shut down our own services during the disruption caused by the hurricane our people were able to send, receive and store email through the Mimecast ‘always-on’ email service.”
In assessing various email management solutions, Butterfield also had to consider meeting standards governing the storage of emails. The Bank is governed by regulatory guidelines laid down by the Cayman Islands’ Monetary Authority and Basel II ; recommendations on banking laws and regulations issued by the Basel Committee on Banking Supervision.
Before the Mimecast service was implemented, Butterfield backed up all email to tape, not ideal from both a compliance and management perspective. Since Mimecast has been deployed, however, Butterfield now archive all email communications securely offsite without the need for additional hardware or software, while retaining total control.
Moreover, the bank can apply more granular policies enabling it to archive to specific dates as required by regulatory guidelines, retaining emails across different jurisdictions for a specific number of years. Knapp continues, “For us, the difference is like night and day. Our old means of storage meant we were unable to search or select specific messages. Now, we can archive all emails for up to seven years in a system that’s as safe as a bank’s vault but our audit group also has a simple means of quickly and easily retrieving any email.”
“Prior to the deployment of Mimecast we would often receive up to 20,000 spam messages in a three hour period.” Knapp is adamant about the dangers of unwanted content appearing on the Bank’s network, “This represented an enormous drain on administration time taken up in filtering through potential spam and ensuring legitimate emails
Mimecast has a robust, multi-layered approach to screening for viruses, as well as a unique method for identifying and sorting legitimate emails from spam. Knapp explains: “We had tried all kinds of security solutions, services and filters to combat the problem but none had worked to the level that we required. Most would only be effective for a while and then spam would start to penetrate our perimeter again at increasingly unacceptable levels.
With Mimecast in place, spam and viruses are no longer a problem as they are stopped at source and never even reach our network. I’d estimate that alone saves around an hour a day of wasted administration time for quarantine checks.”
As a result, the Bank now plans to retire its existing email filtering solutions and replace them with Mimecast across all its geographical sites.
What began as a search for an effective means of ensuring always-on email communications has resulted in a complete email management solution to answer all the Bank’s major email issues, from protecting against spam and its associated security threats, to ensuring compliance with regulatory guidelines. The benefits to the Bank have been significant in all areas including protecting the existing investment in a Microsoft-based email platform.
Knapp concludes, “Within the Cayman Islands alone we have over 400 users and we send and receive around 17,000 emails a day; it’s impossible for us to operate without email. Always-on, failsafe access to email, regardless of any mail server outages, is now an integral part of our business continuity operations.” Such has been its success that Butterfield, which currently uses Mimecast to manage email in Bermuda, the Bahamas, Guernsey and Canada, now plans to roll out deployment across all the banks within the group.
As Coronavirus continues its spread across the globe, the world has changed faster than most of us ever …