These state that firms, and the financial sector as a whole, must be able to prevent, adapt, respond to, recover and learn from operational disruptions – and I would classify cyber crime as having huge potential for operational disruption.
Figures from the National Fraud Intelligence Bureau put the cost of cyber crime to UK businesses at £3mn over the past 12 months, while the Department for Digital, Culture, Media & Sport’s Cyber Security Breaches Survey 2022 found that 54 per cent of firms within the finance and insurance sector have identified cyber security breaches or attacks in the past year.
So, how can you keep your own systems secure? Below are 10 steps you can take:
1.Treat everyone as if they are working from Starbucks.
There is no way you can secure someone’s home network, but you can secure the workstation that your team uses and build the control out from there.
Understand who is using your systems and how they are accessing them, so you can look at configuration management.
2. Implement strong identity and access management.
Make sure you have strong access controls, especially for systems that hold personal or sensitive data.
Credential theft, which means using legitimate passwords to log into an account, is now the most common form of cyber attack according to BCS, The Chartered Institute for IT, at 19 per cent of all attacks.
BCS states that it takes, on average, 327 days to identify and contain a compromise through stolen credentials, so protecting yourself from such attacks is crucial.
Using strong passwords across your systems and devices can help stop hackers.
Analysis by Nordpass found that 123456 was the most frequently used password in 2021, followed by 123456789 and 12345, all of which it estimates would take less than a second to crack.
When using a password, do not use the same one for multiple applications or your security may be breached if the same details are compromised elsewhere. Use a secure password manager to help you remember multiple passwords, so you do not need to write anything down.
There are also more secure ways to control access to your systems than using passwords alone.
For instance, two-factor authentication uses a password along with biometric verification (like fingerprint scanning, voice recognition or facial recognition) or a pin to identify users.
3. Persuade your clients about the importance of data security.
We often hear concerns about multi-step sign-on processes, with advisers understandably worried that vulnerable or less tech-savvy clients will struggle to gain access.
At the end of the day, secure access measures are crucial for keeping client data secure and consumers will increasingly face them when accessing sensitive information.
Once they understand the importance of the security process, most people are willing to follow it.
