Cybercrime is on the rise, fuelled by the pandemic and our increasing use of email and the internet. The National Cyber Security Centre (NCSC), the UK’s cybersecurity agency, revealed in March that it had taken down more scams in the last year than in the previous three years combined. Nick Eatock writes on how to gain stronger data security
As we find a way out of the crisis, flexible working looks set to remain for many firms, at least in some form, but the need for remote access to multiple systems from different locations has prompted concerns about stronger data security.
1. Regularly train your employees
In the financial advice sector, people are your most important asset and the same is true in cybersecurity. Your employees are a crucial line of defence, because if someone opens a malicious email, it could lead to malware being uploaded to your systems. Regular training to raise awareness of potential scams, reinforce good practice and identify poor behaviours is essential. But it’s also important to recognise that scams are becoming harder to identify all the time and no one is infallible. Rather than creating a culture of fear if something does slip through, issues will be dealt with quicker and more easily if you create clear reporting procedures and encourage staff to escalate incidents swiftly and without blame.
2. Use technology to prevent problems before they start
Phishing emails are by far the most common form of cyber attack and installing an email filter will weed out many of these scams before they hit your inbox, reducing the time your team needs to spend doing it. More than 400 billion emails are scanned for malware and phishing scams through Office 365 and Outlook each month2. Human error can also lead to data breaches, but switching to secure messaging through a client portal, can minimise the mistakes that come from using email, post and fax. ICO statistics show that in Q1 2021 the finance, insurance and credit sector reported 80 breaches for data being emailed, faxed or posted to the wrong person and just four for a client being shown someone else’s data via a portal3.
3. Keep your software up to date
You technology providers should issue regular and ad hoc updates that fix problems including security vulnerabilities, so these shouldn’t be ignored. Make sure you implement updates as soon as possible across all your firm’s systems, laptops, tablets and phones. Lots of advice firms still use old software or devices that are no longer supported by the provider, but this is really a false economy as it risks a hacker using them as a weak spot to enter your systems, so you should consider upgrading them as a matter of urgency.
4. Create strong passwords
Password protect all your systems and devices and don’t use the same passwords for multiple applications or your security may be breached if the same details are compromised elsewhere. It can be hard to remember lots of different passwords, but don’t write them down, consider using a secure password manager instead. For systems that hold personal or sensitive data, use two- or multi-factor authentication, such as a code sent to your phone, as well as a strong password, to add an extra layer of protection.
5. Back up your data
Make sure that if you do fall victim to a cyberattack, you are able to restore your information quickly. Leveraging the cloud will help you back up significant quantities of data cheaply, and you’ll also benefit from the investment and resources the major cloud services put into monitoring activity across their whole platform to identify suspicious patterns before they reach you. For instance, at intelliflo, we spend over 10% of our annual turnover on cyber security measures for our cloud-based software.
6. Plan for the worst, with robust procedures in place so that everyone knows what to do and who to contact, including any regulatory reporting requirements, in case of an incident. Test your plan regularly to identify weaknesses and stay on top of threats.
As financial advisers move to using more online resources, cybersecurity will become increasingly important. By ensuring your own procedures are as robust as possible and leveraging the ongoing security investment and resources of your technology partners, you can minimise attacks and resolve incidents swiftly.
Nick Eatock is the CEO of intelliflo