Why Financial Advisers are More at Risk of Cyber Attacks
I hate to break it to you, but if you work in financial services you’re a prime target for cyber criminals.
To hackers, the data on your computer (or the cloud) is a veritable treasure chest, packed full of information that can be pieced together to commit identity fraud. From mortgage offers, loan applications, to invoices and product applications, the documents you hold contain data that can help cyber criminals defraud you and / or your clients.
Financial Services at Greater Risk
Cyber-attacks on financial services firms increased five-fold in 2018 and, according to the Financial Conduct Authority (FCA), there were 145 breaches reported from UK financial services companies last year, compared to only 25 in 2017.
By their very nature, financial services companies deal in sensitive information and potentially huge amounts of sensitive data (and money) which means they’re rich pickings for those who are able to break down the walls and get in.
You could be forgiven for thinking that attacks on systems are always highly sophisticated like in the movies; however, in reality, it’s often the rather unglamorous medium of email that’s targeted. Email is the world-favoured business communication mechanism with more than 280 billion emails sent every single day. What many people don’t realise is that normal emails are not a secure line of communication.
Are You Safe?
A whopping 72% of businesses who identified a breach or attack found that they were related to staff receiving fraudulent emails.
It’s easy to assume that, if you’re with one of the big providers, your emails are adequately protected but, sadly, that’s not always the case.
Hackers can easily intercept an email between you and a client and reading the contents is just the tip of the iceberg. The hacker can alter the content, such as bank details on invoices, seeking payment from the recipient into their own pockets!
When you consider the sums of money being dealt with between you and your clients the potential losses could be both huge and far-reaching.
With new GDPR rules in place, you could face a serious fine if you’re found not to have kept your clients’ data safe, to say nothing of the reputational fall-out of losing client data.
Research has shown time and time again that consumers are becoming more savvy about who they trust their data with. Almost three-quarters of 1,000 UK respondents told FireEye they would not use services from organisations who lost their data in cyber-attacks.
Even setting the immediate financial outlays aside, such as litigation, fines and the costly IT ‘rescue mission’, the time it takes to deal with a cyber-attack can be very costly. Setting up new measures against future attacks, dealing with the breach itself and staff being temporarily unable to do their day-to-day work all factor in.
So What Can You Do To Protect Yourself And Your Clients?
The Information Commissioner’s Office (ICO) recommends that: “you should use encrypted communication channels when transmitting personal data”. As CEO at Beyond Encryption, I wholeheartedly agree, but would also urge PIMFA members to go one further.
Sending an email without encryption is like walking out of your house without closing the door – a burglar can walk straight in. Sending an email with encryption is prudent, it’s like closing the door.
Businesses have a duty of care to secure critical information as custodians of their client’s data. Securing client communications and helping protect their data and their identity can unlock ethical and environmental benefits whilst substantially reducing your regulatory risks. As a result, it’s recommended that firms should have encryption systems built-in that are super easy to use for both senders and recipients alike, and able to simply ‘hook onto’ your existing email programme, such as Microsoft’s Outlook, so that there is no lengthy or complicated training needed.
Sounds complicated? Actually it’s very easy and for less than the cost of a takeaway coffee per week, you can protect yourselves and your clients.
We’re working with PIMFA to give members special rates on Mailock.
Paul Holland, CEO at Beyond Encryption