A summary of this paper first appeared in the June edition of Moneymarketing.
Whilst I am sceptical of the local application of surveys and studies done in other countries, I think that this one can be of value to us for a number of very practical reasons. Security of client data will become an increasing focus in the months and years ahead, and the recent spate of cyber attacks just underlined our vulnerability.
We recently reported about a breach of security at a leading life office, despite its extensive resources to protect its data. According to a broker that I spoke to, the criminals actually targeted his more affluent clients.
If it could happen to an international organisation like this, imagine how vulnerable most of us “smaller fry” are. And do not fool yourself that you are too small.
We trust that the information below will assist you in taking the required preventative action.
Intelliflo, a UK supplier of specialist online software for IFAs and the NCC Group, a global expert in cyber security and risk mitigation, recently teamed up to publish a paper entitled Mitigating Cyber Risk in the Financial Services Sector.
The paper’s purpose is to outline how financial advisers, as part of a broader group of organisations operating in the financial services sector, can mitigate cyber risk. The paper draws on the input of consumer and adviser facing surveys, which indicate that 44% of advisers in the UK have been impacted by cybercrime.
Disturbingly for advisers, 82% of 500 consumers surveyed would look to change their financial adviser, or not appoint them in the first place, if it was public knowledge that the adviser had been subjected to a cyber-attack.
The paper finds that cyber-attacks are on the rise and that “no sector is more of a target than the financial industry. Customer details, sensitive information and money provide a treasure trove of assets for attackers to target. Staying ahead of the latest threats is crucial.”
How can financial advisers protect themselves from cyber attacks? The paper suggests the following:
Develop a cyber security strategy
Despite the increase in cyber-attacks on financial services institutions, there is often a lack of vision and strategy to articulate how firms of all sizes will address current gaps, defend against evolving threats and protect themselves in the long term.
Identify the ‘crown jewels’
The crown jewels are your data sets and they are what hackers want. These assets have significant value and sensitivity, providing an attractive target for a motivated attacker. It is vital that organisations identify their ‘crown jewels’ to provide a foundation for targeted and prioritised risk assessment.
Improve awareness of cyber-attacks – ransomware
Ransomware is a type of malware that restricts access to systems in some way, often by encrypting fi les and then demanding a ransom to obtain access. When subjected to a ransomware attack, many victims think they have no choice but to pay. But that is not the case. It is important to remember that you are dealing with criminals. If you pay them, what next?
Improve awareness of cyber-attacks – social engineering
The methods employed to gain access to systems are more sophisticated than ever before. Examples include one organisation hiring phishing specialists who obtained a companywide email address so they could email all staff . The email was made to look like it was an internal email and most staff clicked through and entered their credentials.
Increase employee cyber security awareness
When it comes to cyber security, your employees are often the weakest link. Cyber security is the responsibility of everyone who works for you. Attackers increasingly send emails purporting to be from someone that the user knows, as this means that the user is more likely to click on an unknown link. This type of attack is known as phishing.
Implement password protection
Putting a strong password in place in order to access a machine or in order to access programmes and some web functionality is so widespread as to be considered a minimum requirement. But it really is the minimum. Yet many people do not password protect all of their devices. Mobile phones, so susceptible to loss or theft , are oft en not password protected.
Implement two-factor authentication
Two-factor authentication is increasingly being deployed by firms to reduce the risk of unwanted access to their systems.
Develop a vulnerability management programme
You can also be attacked via weak points in your software. It is imperative that you keep your software and machines fully up to date at all times with the latest patches.
Ensure regular backups
Keeping your data backed up at regular intervals is crucial in minimising the impact of any cyberattack. The more recently your data has been backed up prior to an attack, the less work you will have to do to recover lost ground.
You have to sign in to download the whole paper. Click here to do so.