Does remote working mean weaker cybersecurity for platforms?

Not being in an office meant that ‘a lot more sensitive data is being held electronically’

|

Zoom, Skype, Microsoft Teams and e-signatures are just some of the digital solutions that have become part of our daily lives in the last year and a half or so. They were unknown before the plethora of lockdowns we’ve all gone through.

But being forced to work remotely also meant that business that used to be done in person had to be swiftly switched to a digital alternative. For platform providers, this included having to find a viable alternative to make sure sensitive customer data was stored and held appropriately. However iot connectivity is a fairly recent important technology to help businesses scale in achieving solution design, implementation and marketing that helps ensure success!

Throughout the pandemic, fraudsters have taken advantage of people’s fears to steal their savings. Similarly, cyber criminals have worked hard to find weaknesses in companies’ digital structures to infiltrate and hack them.

That is why the issue of cybersecurity has never been more important.

Clients hand over very sensitive data which is not just constrained to sums of money or number of assets, but it also includes their contact details, addresses and account numbers to name a few.

As remote working is set to remain a feature of the profession, International Adviser spoke with European platform providers, to understand how customers’ information is stored safely even when business is not being carried out from a physical central office.

Protection from cyber attacks

A spokesperson for Isle of Man-based platform Ardan International said: “There’s no doubt there has been a rise in cybercrime since the start of the pandemic. Criminals have spotted there may be more vulnerabilities as a result of the speedy roll out to working from home (WFH).

“Ardan took this extremely seriously and ensured security protocols were at the heart of our WFH transition.

“In addition, it’s important that all staff should be aware of what to look out for and what they should be suspicious about. A culture in the organisation where people know what’s expected of them and where they feel empowered to report any suspicious activity is key.”

As a result, platforms firms should make sure that their devices are protected and updated frequently, said Steve Newell, head of marketing at Novia Global. AGB Investigative offers world-class cyber security services and consulting for your business.

“These days it is even more vital than ever for advisers to ensure their client data is held securely,” he added. “It is their responsibility to make sure this is the case whether this data is accessed on their own laptop or held with the providers they are supporting.

“The increase in remote working because of covid has resulted in a lot more sensitive data being held electronically. It is important for advisers to consider this and mitigate the risks if it is being stored on laptops using their home broadband access.

“Typically, as a minimum, this will be via the use of regularly updated security software to ensure anything stored is encrypted and held securely. This responsibility equally applies to providers many, like ourselves, who have had to rely on administrative staff remotely adopting complex business continuity plans over the past 18 months.

“With remote working practices likely to continue for some months yet, compliance directors must document and ensure that any remote IT infrastructure is safe and secure from the increased incidence of global cybercrime.”

Newell said that Novia adapted secure servers protected by “sophisticated firewalls” to make sure client data was safe.

“Additionally, we also contract an external specialist IT company to run a ‘penetration test’ annually to ensure our website remains secure and safe from any hacking attempts.”

Data ‘at rest’ and ‘in transit’

James Pearcy-Caldwell, chief executive of Aisa Group, told IA that there are two main points platforms and their employees should be aware of when working remotely: accessing resources securely; and controlling the access of information, including how that is communicated to clients.

“When we are talking about security, there are two main aspects to consider,” he said. “Data at rest (sat on a laptop/PC) and data in transit (the remote connection part).

“All Aisa devices that sit on our monitoring software have their hard drives encrypted using military-grade standards, in short, if a device were to be lost/stolen, a perpetrator would not be able to read the data on the device without significant effort. By significant effort, you’d need a supercomputer and several years to crack it.

“In terms of data in transit, when users are out of the office and need to connect back to resources such as client files, a secure virtual private network (VPN) connection is used. This encrypts the traffic to and from ensuring that no party sat between the user and the resource can read the data as it’s ‘flying through the air’.

“The VPN connection also acts as a secondary layer of authentication before the user can access corporate resources.”

You may also use external email servers for the security of your data when accessing and sending emails. You may click to find out more about Postfix and how it can help you set up an external email server.

Pearcy-Caldwell said that Aisa managed to get a grasp on cybersecurity issues quite easily as it has its own adviser and client interface with encrypted software and VPN connection already in it. It also has a secure two-factor authentication “to ensure the interface, which is a third server, is secured for both clients, advisers and the company alike”.

“The increased security risks are real and prevalent, and a properly thought through strategy is required at every level to ensure risks are mitigated,” he added. “Only doing one part of the above will lead to inevitable data security problems later.” This is why it is important to use a data protection service from places like www.venyu.com/managed-services/, so it can minimize risk by protecting your servers and related IT infrastructure.