Cyber-attack risks on the rise for advisers working from home?

Criminals can ‘trick an unaware employee to take insecure uninformed actions’

|

‘No, we can’t hear what you are saying. I think you are on mute.’

This was most of the world during the pandemic. All suffering with tech issues but grateful for the ability to stay connected with important people.

For the financial advice industry, it was a powerful tool to make sure the sector thrived at a time when the economy was faltering. Whether it was Zoom, Microsoft Teams or other portals, adviser/client relationships could continue through digital channels.

But as amazing as technology proved to be, there are still some regulatory issues that need to be ironed.

Earlier this month, Zoom agreed to settle a class-action US privacy lawsuit for $85m (£61m, €72m). The video communication company was charged with sharing users’ personal data with Facebook, Google and LinkedIn. While Zoom denied wrongdoing, it did agree to improve its security practices.

With trillions in wealth, personal information and data at stake, International Adviser contacted several firms based in the Middle East to discuss whether the advice industry in the region is more vulnerable to cyber-attacks and hackers with the rise of working from home.

Vulnerability

A 2021 survey by software company Varonis found that nearly two-thirds (67%) of financial services companies have over 1,000 sensitive files open to every employee.

This is concerning.

Eklove Mohan, senior director of technology at digital consultant firm Synechron, said: “While working from home, which became a necessity for business survival, the doors for data protection were left wide open. Employees can connect to the office network from their personal devices and download any document to their local disk.

“This may seem like harmless activity, but the implications are huge. Personal devices are not as secure as the devices that are secured and certified by the organisation. The possibility of malwares, trojans and spyware on these devices are high and hence may be vulnerable to attacks.”

Emad Haffar, head of technical experts for Middle East, Turkey and Africa at global cyber-security company Kaspersky, said: “There are many different ways that cybercriminals can take advantage of employees working from home. Client details could be jeopardised when working remotely with remote desktop protocol (RDP) – an access software that enables the workforce to connect to their network remotely.

“One of the most popular approaches that cybercriminals use to attack this protocol is ‘brute force attacks’, that is a trial-and-error activity to guess login info or encryption keys. Hackers will use lists of known and popular passwords, as well as information gathered about the victim hoping to gain remote access to the targeted host computer.”

Support

Financial services companies rely on a lot of crucial and confidential data from clients; therefore, it is important to ensure that staff carry out the appropriate security measures.

But they need adequate training and support to able to use technology to its full potential.

Ebrahim K Ebrahim, chief executive of savings and pensions white-label tech provider Fintech Robos, said: “Firms could help staff protect client data through provisions of security tools, implementing training courses and phishing simulations to certify employees regularly.

“From experience, we encourage employers to implement a reward system for staff who report any form of threat to the firm and its client database.

“All institutions need to be ready for cyber-attacks. In the end, attackers just need to be lucky once. Thus, advising customers on security measures and training staff and partners are key in combating cyberthreats. Regular targeted security training based on employees’ roles and responsibilities is vital in ensuring information safety and security.”

Ross Whatnall, chief executive at advice firm GSB Capital, said: “As part of our onboarding process, all employees undergo compulsory cyber-security awareness training, and refresher courses are delivered when new perceived threats are identified.

“Secure architecture, continuous networking monitoring and adequate incident response management in place, all form part of the GSB’s cyber security management programme.

“Although as part of our onboarding training, we train our staff on cyber security awareness, we are cognisant that is every evolving threat, so regular refresher training is provided and new threats when identified, are made known to employees and clients to ensure any potential risks can be mitigated.”

Increase in attacks?

The financial advice sector caters to the very wealthy, as well as the very vulnerable.

These firms possess a lot of data and information which would be valuable to the black market.

Criminals don’t care who they hurt – and with global wealth continuing to increase – the industry should expect cyber-attacks to rise in future.

Then online crime is becoming so widespread now, so if you find yourself accused of such a crime then you will definitely need a trusted cyber crime defense specialist on-hand.

Gaenor Jones, regional director for the Chartered Insurance Institute Middle East, said: “It’s inevitable that attacks may increase, but thankfully there are many excellent professional IT companies who will continue to develop detection, monitoring and preventative measures which corporates and their employees will adopt and utilise. It will be a case of keeping on top of the latest innovations and practices to protect yourself and your data adequately.

“Companies can spend millions of pounds on security controls, but something as basic as not protecting a password can be catastrophic.”

Synechron’s Mohan added: “Adoption of AI, blockchain and robo-advisers is very promising in the wealth space. Technology adoption helps businesses to scale but may also provide a false sense of security.

“Cyber-attacks have been on the rise, across all industries and institutions and show no sign of dropping. The wealth tech firms need to make a conscious effort to invest and build a strong wall of defense through AI-based monitoring tools.”

Future for wealthtech

Homeworking shows no sign of disappearing as firms continue to cut office space.

But this will have an influence on wealthtech and fintech. Next-gen industry tech needs to be able to fight the cyber battles of the future.

GSB Capital’s Whatnall said: “It is likely that a blend of home and office-based working is here to stay. Data security should always be of paramount importance in the wealth industry, whereby it should be on a programme of continuous cyber defence validation, security monitoring and incident response.”

CII’s Jones said: “As remote and home working becomes the new normal, employers will have to take on the responsibility of evolving their data security measures through detection and prevention.

“This approach needs to be coupled with training and guiding individuals so that they are cautious, know what to look for and are aware of any anomalies or unusual communications in their day-to-day work. This is all part of the new normal way of life.”

Kaspersky’s Haffar added: “Businesses certainly faced a number of challenges with remote working. It is important that while businesses make this shift towards remote working, they also place a great deal of importance on cybersecurity to ensure the protection and security of their networks.

“Working from home requires employees to rely heavily on technology and this can expose them to an influx of attacks. Not having a proper cybersecurity solution in place allows cyber criminals to exploit an insecure device or trick an unaware employee to take insecure uninformed actions.”

MORE ARTICLES ON