$10 trillion Northern Trust is exploring shutting off external email for thousands of its employees as it tries to thwart cyber threats

Northern Trust; Yutong Yuan/Business Insider

Pete Cherecwich, president of Northern Trust's corporate & institutional services business, explains why the firm appointed a head of data privacy

• $10 trillion custodian bank Northern Trust is considering a variety of new cybersecurity methods that could change how its employees' do their day-to-day jobs.
• One big step could be restricting external email only to employees that work with clients and other third- parties. The firm is also considering new file-sharing systems.
• Northern Trust recently added a global head of data privacy to shape these policies.
• Visit Business Insider's homepage for more stories.

One of the biggest custodian banks could do away with one of the most basic modern communications tools for thousands of its employees: email.

Northern Trust, which oversees roughly $10 trillion, is looking at restricting the ability of some employees to send email outside the company as it beefs up its cybersecurity, according to a top executive at the company who requested anonymity because the policy hasn't yet been formalized.

The Chicago-based firm is exploring limiting external email only to employees who work with clients and other groups outside of the company to avoid potential privacy breaches.

Right now, the firm's email system cautions employees not to send any information externally, with warnings that pop up about sending such a message. These warnings are typically disregarded, the executive said, so the firm is thinking about taking more drastic measures.

To do this, the firm is considering implementing a closed system that prevents external emails for employees who need to communicate solely with other internal Northern Trust staff.

Northern Trust isn't alone in addressing the cybersecurity and regulatory issues that come with employee communications. Wall Street firms of all stripes don't know how to address employee use of encrypted apps like WhatsApp, Business Insider reported last month.

Banks and asset managers are struggling to address a host of data and privacy concerns, including complying with regulations like GDPR. For custodian banks, specific cybersecurity risks can include client data theft, data loss, and payment fraud, according to a KPMG report last year.

Northern Trust is also evaluating systems to send files in programs besides email to avoid sharing files with unintended recipients. File hosting services like Dropbox could be part of the solution, the executive said. Instead of emailing a client a spreadsheet, the relevant file would be uploaded directly to that client's folder, with computer codes that restrict sharing if a file doesn't match a folder's permissions.

See more: Bank data breaches are up, and it's an insider job

The custodian bank created a new job earlier in April - global head of data privacy - to address such digital privacy concerns in the firm's corporate and institutional services division, president Pete Cherecwich told Business Insider.

In the new role, Donna Tomasik, who has spent more than 30 years at Northern Trust and most recently served as chief operating officer of global foreign exchange, is tasked with guiding the division's global executive team and overseeing the rollout of new tools and procedures to protect client data and privacy. She reports to Penelope Biggs, who runs the corporate and institutional services' strategy office.

Sign up here for our weekly newsletter Wall Street Insider, a behind-the-scenes look at the stories dominating banking, business, and big deals.

Cherecwich, the division's president, said Northern Trust's reach to both asset owners and managers necessitated the role. He called data privacy "an urgent issue" as his business evolves "to navigate the operational and reputational risk associated with managing client information."

Financial services is the most frequently targeted industry for cyberattacks, accounting for more than a quarter of all security incidents, with 148 million records breached, IBM found in a 2018 cybersecurity report.

"Balancing security and convenience is no easy task, but Donna Tomasik has a strong track record of focusing on the client experience while tackling complex technology and operations challenges," Cherecwich said.

• Read more:
• A war in cyberspace is already raging and could lead to 'armageddon' if banks get hit
• Financial and economic heavy hitters have formed a cybersecurity consortium
• IBM to use AI to help banks with cybersecurity
• Banks are hiding their cyber attacks
• Sign up here for our weekly newsletter Wall Street Insider, a behind-the-scenes look at the stories dominating banking, business, and big deals.