19 Jul 2018
The essential financial adviser guide to strengthening your cyber security
In recent years, several high-profile cyber-attacks have hit the headlines. Companies from Ticketmaster to Costa and even the NHS have been victims of cyber-attacks, with four in ten UK CEOs now believing that becoming a victim of a cyber-attack is a case of ‘when’ and not ‘if’ for their organisation. Do you have robust cyber security measures in place? Keep reading for tips and advice on how you can increase your cyber security.
The security threats you should be aware of
Research from telecoms firm Beaming found that 2.9 million UK firms suffered cyber-attacks and breaches in 2016, costing businesses an estimated £29.1 billion.
More pertinently, figures from the Financial Conduct Authority (FCA) show that reported data-hacking attacks against financial services companies have quadrupled in the past year.
According to figures from RSM, who obtained them from a Freedom of Information request, incidents of loss of data resulting from hacking rose from four in 2016 to seventeen in 2017. There were also two separate incidents of ‘data leakage’ reported to the regulator.
Steve Snaith, technology risk assurance partner at RSM, said: “We have previously raised concerns that there is likely to be significant under-reporting of cyber-attacks by regulated financial services firms. Nevertheless, these new numbers do reveal some important trends.
“The jump in incidents of data loss resulting from hacking attacks should be particularly concerning to the financial services sector.”
One of the biggest threats to financial advisers remains ‘phishing’. Here, hackers pretend to be trustworthy businesses – often suppliers or colleagues – and ask you to share sensitive information. Recent research reported in the Daily Telegraph showed that between 90 and 95% of cyber-attacks begin with phishing.
Other common security threats you need to be aware of include:
- Trojan horses – a trojan horse is a type of malware which lures you into downloading a file as it looks like a regular software application. Once activated, it gives criminals access to your sensitive data by taking screenshots and tracking the data you enter on your keyboard.
- Worms – these are programs that copy themselves from one computer to the next, replicating at speed. The Conficker worm infected almost 9 million computers in just four days.
- Spyware – malicious spyware is used by cyber criminals to gain access to your machine. Once they have access they can spy on you, through logging your keystrokes and tracking your passwords and internet activity.
- Ransomware – a cyber-attack locks all your data subject to payment of a ransom. Criminals will often threaten to publish sensitive data, and often payment will only be accepted in the form of bitcoin to protect the identity of the cyber criminal.
What financial advisers can do to strengthen cyber security
Even if you think you have robust systems in place to protect yourself from cyber-attacks, there are many steps you can take to strengthen your defence. Here are some of our tips:
- Backing up your data – make sure all your critical systems and data are backed-up regularly. Test your procedures regularly to make sure you can restore services in the event of an attack.
- Ensure strong passwords are used – make sure your staff use strong passwords when logging on to hardware and software, and change the default administrator passwords on all devices. If you keep a spreadsheet of passwords or other highly sensitive data, consider keeping it on an old computer that isn’t connected to the Internet.
- Understand the risk – who has access to your most sensitive data? Do you understand where your systems may be vulnerable? Know what information you hold and why you hold it.
- Protect your key data – use encryption software to protect your sensitive information from unauthorised access. GDPR has provided an excellent opportunity to tackle this, as securing personal data is one of the essential principles of the GDPR. You can also read our 5-step checklist to make sure you are GDPR compliant.
- Update your network security – make sure all your systems and software are up to date and fully patched. Install updates regularly.
- Train your staff – have you trained your staff about cyber security risks?
Your business should have an IT policy which is designed to prevent data breaches and cyber-attacks. Your staff should be aware of this policy and when to act.
Chris Gough, technical director at small-business IT consultancy Mintivo, says that IT policies are all too often unread and unattractive, and recommends that you create a ‘bite-sized’ version to interest staff: “You can get great engagement from using a ‘Top 10 need to know’ format and promoting this alongside the full document.”
Preparation is key and cannot simply be left for the IT department, he says. “Unfortunately, it’s a case of when, not if, a cyber-attack will take place.”
If you want to know more about how you can strengthen cyber security to protect yourself and your clients you can read a report published by the government on how to improve cyber security here.