Be warned about cybercrime: three threats for consulting firms

October marks European Cyber ​​Security Month and this year the initiative is 10 years old.

Much has changed in the decade since the launch of this event, both in terms of the cyber threats we face and working practices, which have opened up new opportunities for hackers.

This year’s event focused on phishing and ransomware, two topics most of us would probably prefer to leave to the experts. However, phishing remains the biggest risk in almost all cyber threat statistics, due to the growing use of mobile phones, and the financial sector is the main target of phishing lures, according to the Anti Phishing Working Group of the United States. United States.

Since our industry seems ripe for the picking, we urge you to be more aware of your cybersecurity and take reasonable steps to protect the information you hold about customers.

1. Data breaches

Phishing is defined as a technique to steal valuable data or distribute malware, usually via an email attachment or web link.

As a financial advisor, you are in a position of responsibility. What would happen if your customer information was targeted by hackers? The damage to your business and your reputation would be catastrophic.

The General Data Protection Regulation obliges you to protect customer data and you could be heavily fined for any violation of the rules. So what can you do to prevent phishing?

  • Employee training: Ensure staff can identify malicious emails and files that lead to malware attacks and viruses.
  • Automatic updates: Sounds simple, but make sure PCs, laptops, and cell phones are set to automatically update your security software.
  • Backups: It doesn’t matter whether you use backup or restore software, as long as you have protection in place. Backup software allows administrators to restore a single file or an entire system by making copies, while restoring to a previous configuration in the event of a disaster.

2. Cloud technology

The pandemic has accelerated an already rapid shift to cloud-based applications and now working from home is here to stay, that trend is likely to continue. Unfortunately, a study by cybersecurity firm Venafi found that 80% of organizations have experienced a cloud-related security incident in the past 12 months.

The accessibility of data stored in the clouds undoubtedly increases productivity, but the risk of information leakage is greater than in on-premises environments. So how do you minimize the threats?

  • Use trusted software: This should probably go without saying, but partner with a company you know and trust and always install updates in a timely manner.
  • Meet compliance requirements: Make sure the cloud-based provider you choose meets FCA regulations. Detailed advice can be found here.
  • Consider how easy it is to switch providers and don’t lock yourself into one company: you may not anticipate having to transfer your information elsewhere, but you never know what the future holds.

As with any software implementation, you are ultimately responsible for the security of the data held on your systems, so always exercise due diligence when choosing a cloud provider.

3. Passwords

Hackers don’t care about your bank balance, it’s the personal data you hold about customers that is valuable. Therefore, it is essential to keep it locked up with a strong password.

If you don’t have access to a password manager that automatically generates strong passwords, you must implement them manually. They must be longer than 10 characters and contain lowercase and uppercase letters, numbers and special characters. Definitely don’t use a word that is associated with you, such as the names of your children or your pets!

If you own your business, you should make sure that only you and people you trust have general admin rights by default. Social media accounts should be registered with your work email address or an address that only you have access to, so if you ever need to reset a password, you can do so without it being compromised.

It is also important to ensure that staff who leave the company can no longer access files/websites containing company information. We recommend that you keep a log of business accounts so they can be tracked down and reset if this happens.

For more information on protecting your business from cyberattacks, you can read the National Cybersecurity Center’s Small Business Guide here.

Vicky Pearce is a director at B-Compliant

Comments are closed.