Key Industries That Still Accept Financial Documents Through Unsecured Channels

Even as cybersecurity threats dominate headlines (and as the real estate industry prepares to adopt new KYC regulations in 2025), many industries appear to remain unconcerned. Banks, brokers, lenders, and professional services firms may have integrated secure communication tools into their workflows – but how many times have you passed on a sensitive document via email?

Unsecured communications (like email) are still widely used for document sharing, even in some of the most privacy sensitive industries. Email isn’t as safe as it seems, and two of the most routinely exploited cyber vulnerabilities relate to email. Barracuda Networks (CVE-2023-2868) allows attackers to take control of the email gateway, potentially intercepting email communications. Outlook (CVE-2023-23397) allows hackers to send emails in Outlook automatically, giving them elevated privileges and unauthorized access to the system.

Cybersecurity in Banking

The banking sector is by necessity a cybersecurity leader, but how secure is it really? Human error and outdated processes can undermine even the most robust systems, and loan officers, bank teams, or corporate finance departments will often exchange sensitive data via email. With many banking leaders suggesting that cybersecurity – or even cybersecurity warfare – is their main concern, many executives aren’t confident in their company’s ability to protect itself.

While banks do invest heavily into cybersecurity measures, security breaches caused by mishandling sensitive data remain an issue. The American Bankers Association suggests that in 2023 alone, the financial services industry saw 64% more ransomware attacks. Many of these attacks were perpetuated by groups like Scattered Spider, who call IT Help Desks impersonating employees. They ask for a password reset, and in doing so gain legitimate access to the company’s system.

Cybersecurity in Mortgages and Lending

Lending money is inherently document intensive. Lenders need to underwrite the loan based on credit history – sensitive data. Borrowers need to prove they can pay by sharing W-2 forms, tax returns, or other financial documents, and these documents often get sent via email to lenders, underwriters, or other parties in the process. This is a process that inherently relies on unsecured methods of communication. According to McKinsey, many financial companies are slow to adopt more secure technologies, leaving these organizations vulnerable to breaches of both data and client trust.

Cybersecurity for Legal Professionals

Law firms have been the target of cyberattacks as early as 2012, as these firms often handle high value (and highly personal) information. In 2024, many matters are still handled via email. Barring a more secure method of exchange, these matters risk being prematurely exposed.

Cybersecurity for Realtors, Landlords, and Property Managers

Landlords and property managers are guilty of similar habits when requesting documents for a lease. Landlords and property managers frequently handle sensitive financial information, including credit history, pay stubs, identification documents, bank statements, or social security numbers/social insurance numbers. Effectively small businesses, individual landlords, property management companies, or REITS often think they are “too small” to be a hacker’s concern. However, cybercriminals find it relatively easy to exploit vulnerabilities in small businesses. And with real estate, they’re discovering the vast amounts of personal data laying exposed.

Why does this problem persist?

Convenience, human error, lack of awareness and cost constraints are reasons why smaller (and larger!) firms continue to share documents in an insecure way. However, with the cost of a cybersecurity failure rising ever higher, companies can no longer ignore the need for change. Encrypted portals, cloud storage, and training on cybersecurity measures are necessary to protect the business’ reputation.

Vulnerabilities like these expose both the organizations and the individuals communicating with them to significant risk – including data breaches, identity theft, and penalties. By adopting secure communication tools and educating teams about best practices in cybersecurity, industries can mitigate risks and build trust with their clients.