Blog

BE CYBER CRIME SAVVY

18/10/22

Reading Time: 3 minutes

18 October 2022

European Cyber Security Month is upon us once again and this year, the initiative is marking its 10th anniversary.

A lot has changed in the decade since this event was launched, both in terms of the cyber threats we face and working practices, which have opened up new opportunities for hackers.

This year’s event is focusing on phishing and ransomware, both subjects that the majority of us would probably prefer to leave to the experts. However, phishing remains the biggest risk in almost all cyberthreat statistics, driven by increasing mobile usage, and the financial sector is the top target for phishing lures, according to the US’ Anti Phishing Working Group.

Given our industry appears ripe for the picking, we urge you to become more aware of your cybersecurity and take reasonable steps to protect the information you hold on clients.

Data breaches

Phishing is defined as a technique to steal valuable data or spread malware, usually by email attachment or web link.

As financial advisers, you are in a position of responsibility. What would happen if your client information was targeted by hackers? The damage to your business and reputation would be catastrophic.

GDPR places the onus on you to protect client data and you could be fined heavily for any breach of the rules. So, what can you do to prevent phishing?

  • Employee training: Make sure staff can identify malicious emails and files that lead to malware attacks and viruses.
  • Auto-updates: It sounds simple, but ensure PCs, laptops and mobile phones are set to auto-update your security software.
  • Backups: It doesn’t matter if you’re using backup or rollback software, as long as you have some protection in place. Backup software allows administrators to restore a single file or an entire system by making copies, whereas rollback reverts to a previous configuration should disaster strike.

Cloud technology

The pandemic accelerated an already rapid transition to cloud-based applications and now working from home is here to stay, this trend is likely to continue. Unfortunately, research by Venafi found that 80% of organisations surveyed had experienced a cloud-related security incident in the past 12 months.

The accessibility of data held in clouds no doubt increases productivity, but the risk of information being leaked is greater than in on-premises environments. So, how do you minimise the threats?

  • Use trusted software: This should probably go without saying, but partner with a firm you know and trust and always install updates in a timely manner.
  • Abide by compliance requirements: Make sure the cloud-based provider you choose meets FCA regulations. Detailed guidance can be found here.
  • Consider how easy it is to move providers and don’t lock yourself into one firm: You might not foresee having to take your information elsewhere, but you never know what the future holds.

As with the implementation of any software, you are ultimately responsible for the safety of the data held on your systems, so always complete due diligence when choosing a cloud provider.

Passwords

Hackers don’t care about your bank balance, it’s the personal data you hold on clients that is valuable. Therefore, keeping it under lock and key with a strong password is essential.

If you don’t have access to a password manager that auto-generates strong passwords, you should be implementing them manually. They need to be more than 10 characters long and contain lower and uppercase letters, numbers and special characters. Definitely don’t use a word associated with you, such as your children’s or pets’ names!

If you own your firm, you need to ensure only you and people you trust implicitly have overall admin rights. Social media accounts should be registered against your business email address or one only you have access to, so if you ever need to reset a password, you can do so without it being compromised.

It is also important to ensure members of staff who leave the firm can no longer access files/websites holding company information. We recommend keeping a log of business accounts so these can be traced and reset if this happens.

For more information about protecting your firm from cyberattacks, read the National Cyber Security Centre’s small business guide here. If you would like to know more about how we can help improve your cyber security, don’t hesitate to contact us on (0161) 521 8641 or email: info@b-compliant.co.uk

Let’s chat