We must applaud the digital revolution when it comes to managing finances, particularly as growing numbers of people move around the world, living and working away from their domiciled residence.
Sadly, this portability attracts a sinister element, with criminals worldwide employing sophisticated techniques to part innocent people from their hard-earned cash.
In order to protect yourself and your clients you must take a ‘belt-and-braces’ approach; and there is no room for complacency.
This became even more important after 25 May 2018, when the General Data Protection Regulation (GDPR) came into force across the European Union.
The regulation requires all advisers to operate stringent data protection processes. It also allows a client to sue a firm where it has failed to ensure their data is safe.
With cyber-criminals evolving ever-more sophisticated scams, here are some tips on how to protect your business and your clients’ assets:
Embed your strategy
Taking the time to articulate a cyber-security strategy should ensure you have an overarching approach to preventing your firm and its clients from falling victim to crime.
Build in key aspects to your strategy, such as improving incident responses. Staff should also be educated to avoid the trap of solely focusing on threat-detection solutions.
You could also seek out help from security services. AGB Investigative offers world-class Cyber Security Consulting services for your business. They can integrate different cyber security strategies to avoid threats and attacks.
Keep up with updates
While downloading new security updates can be annoying, it is essential that you keep your software and devices – including mobile phones and tablets – up to date at all times.
Software companies invest millions in developing ways to stop cyber-criminals, and software updates are developed in response to known weaknesses, so downloading them immediately is a no brainer.
Secure your browser
Do not take your web browser’s security for granted. Make sure you are using the latest version. Automatic updates can be switched on by simply ticking a box in the ‘settings’ section of the browser.
Last year, Intelliflo identified 10% of its customers were using unsupported browsers or operating systems that could not receive security updates. This meant they were open to cyber-attacks and viruses.
Train staff
Training all staff to fully understand the rules governing data is an essential element of complying with GDPR. It also helps to mitigate the risk of data falling into criminals’ hands.
Under GDPR, any data breach will have to be reported to the UK’s Information Commissioner’s Office (ICO) and, in most cases the person whose data has been accessed, within 72 hours.
During 2017, the ICO publicly identified 96 data breaches, 11 of which involved individuals working for firms that held data. Offences included the unwarranted accessing of personal data and the sending of sensitive data to personal email accounts without reason.
It also reprimanded public bodies. For example, the ICO fined Greater Manchester Police £150,000 ($193,045, €169,859) in May 2017 after three incidents where sensitive personal information was lost in the post.
In each of these cases, staff training and robust processes would have mitigated the risk of the breaches, or at the very least offered some protection to firms by demonstrating they had operated due diligence in having processes in place aimed at ensuring safe data management.
Back up data
Ransomware attacks increased by 36% in 2017, according to online security expert Symantec. Such attacks are all about disruption, stopping your access to files and data.
You can help prevent your business being crippled by such attacks if your data is backed-up offsite and stored, so an attacker cannot access and tamper with it. Cloud-based service providers invest heavily in security and are ideal for this.
Be forensic with due diligence
Cyber-security services are available to help you but it is essential you carry out detailed due diligence before opting to use one.
You should ask how your data will be stored; if the services offered are comprehensive; and whether or not they comply with the rules and regulations that govern your activities.
All providers should offer encryption and two-factor authentication, but examine their service level agreement to check everything meets with your needs and expectations.
Help clients help themselves
- Password protection – it is hard to believe but many people do not use passwords on all of their devices, while others use the same password for everything. Encryption by password is the simplest form of security.
- Secure messaging – educate clients about the dangers of emailing sensitive data, such as bank account details and passport numbers, from a personal email address. Make sure they channel all communications through your secure messaging system.
- Anti-virus tools and updates – reminds clients to install all available updates on their computers, mobiles and tablets, as it is one of the best ways of keeping data secure.
Further reading:
Pros and cons of deleting client data
By Nick Eatock, executive chairman, Intelliflo
