Cybercrime – protecting the weakest links

Blog written by Anthony Rafferty, Managing Director at Origo


“The FBI say that cyber criminals are deliberately targeting financial services firms. They reckon that has increased by over 100% in the last year. Given that these criminals are operating all over the world, if you think they are only going to target the US, then you need to think again.” 

This was the opening statement from Ian McKenna, Managing Director of the Financial Technology & Research Centre (FT&RC) for a session on cybercrime at the centre’s recent Empowering Advice Through Technology 2020 event in London. 

The size of people’s pension pots and investment portfolios make pension providers, savings and investment companies and platforms, and financial advice firms – amongst others – prime targets for criminals’ tactics, such as Identity Substitution Theft.

Ian pointed out that over 60% of the FCA’s business plan for 2020 was focussed on cybercrime. Likewise, the Information Commissioners Office (ICO) is focussing on firms where “significant risk” exists, “which is going to be within financial services firms.”

Ian was introducing a panel session including myself and Paul Holland, CEO and founder of Beyond Encryption, to talk about the dangers of cybercrime for the financial services sector, in particular, that section of the sector relating to provision of financial advice and planning.

Cybercrime has been raised as one of the top concerns for financial advice businesses in 2020. Keeping client data safe within a firm is not the problem. It is the passing of information, invariably personal and confidential in nature, between client, adviser, platforms and providers, i.e. where the information moves outside of a company’s security systems, which invariably is the weak point that cyber criminals exploit.

Emails are a case in point. Quite often sensitive information is emailed within the body of an email or in an attachment. Yet sending an email is like sending a postcard through the post – it can be easily read and altered. We hear too many stories about emails being intercepted and data stolen and then used to commit cybercrime. Personal data accessed in this way can be used to scam payments and commit identity fraud, sending of false invoices, requests for passwords and carrying out malware attacks being just a few examples.

Paul Holland flagged the example where conveyancing solicitors’ emails asking clients for final payment on property sales have been intercepted and the bank account details changed. The client’s money is sent but never received because it has been syphoned off by the criminals. 

The risks to businesses can be huge. Not only could they be subject to public censure, fines and costs but it can be highly damaging to consumer trust in the business. 

We recognise that financial services companies are becoming more aware of their regulatory and compliance obligations, particularly under GDPR, MIFID II and the recently introduced Senior Managers and Certification Regime (SM&CR) legislation, which make the individual accountable for decisions in the firm. In this regulatory environment, deploying email security into any organisation is vital to reduce business and senior management risk as well as to build and maintain trust with clients.

The same applies for B2B companies. Would you prefer to do business with a company where its emails are secured or one with non-secured emails? Which would give you more confidence that they are handling your data and that of your clients’ in a secure and responsible manner?

With firms able to be fined heavily for data breaches, and as cybercriminals become ever more sophisticated in their methods, we believe protecting client data will be an even greater focus for financial services companies in 2020, with businesses of all sizes looking to greater protect their email communications.

Origo has worked with Beyond Encryption to launch a new secure email messaging system, Unipass Mailock, for financial advisers, investment and savings platforms, providers and consumers. It enables users to securely communicate sensitive personal, financial, medical or policy information to their clients efficiently and securely – using military-grade encryption and unique identity authentication capabilities – safe in the knowledge that only the intended recipient can read and reply to the message.

We are making the solution available to over 45,000 financial advisers already using the Unipass Identity service, as well as millions of consumers. By de-risking the industry’s communications our aim is to help protect consumer data as well as business reputations.I’m also delighted to say that Unipass Mailock picked up the ‘Best in Class’ award at the FT&RC technology conference.