Two means to help protect against cybercrime
Firms need a combination of robust policies/procedures and technology to help protect against themselves against cybercrime, says Anthony Rafferty, Managing Director, Origo
It seems hardly a week goes by without news of the vast sums of money which has been scammed or otherwise stolen by criminals through cybercrime.
The extent to which cybercrime is prevalent within pensions and financial advice services – two of Origo’s principal areas of focus – has been brought home during the Covid-19 crisis as criminals have ramped up their attempts to trick individuals and businesses into giving away personal and financial details to enable fraudulent transactions.
Recent reports have highlighted that the Financial conduct Authority (FCA) has been investigating more than 150 Coronavirus-related scams since the outbreak began (1) and spent over £300,000 on fighting fraud online in the first six months of the year (2).
The industry’s compliance consultancies have been warning financial advice firms on scams and email hacking. Paradigm Consulting recently warned advice firms about fake email surveys purporting to be from the Regulator (FCA) on the impact of Covid-19 (3), while ATEB Consulting warned on fraudsters hacking personal email accounts and impersonating clients to encash investments (4).
Alongside this are reports of company owners and directors receiving highly realistic scam emails from trusted organisations, including banks, requesting usernames, passwords, and bank details.
This increase in reports and news stories serves to illustrate that the threat to financial services businesses from cybercriminals cannot be ignored by any company.
Data published by the Information Commissioner’s Office (ICO) has revealed that ‘phishing’ by cybercriminals was the second highest reported incidence of the ‘inappropriate disclosure of data’ by company staff (5).
However, the most common incidence of data breach reported to the ICO was information being emailed to the incorrect recipient. That suggests a breakdown or lack of internal procedures.
Clearly, whether dealing with cybercrime or staff error, having a well-documented policy, robust procedures and monitoring of processes, can go a long way to preventing potentially costly data breaches.
Education is another area where firms can help protect themselves from external threat and internal error, including regular cybercrime awareness sessions and training of staff.
Implementing technology – such as employing military-grade encrypted email, particularly when exchanging personal and sensitive information with clients or between organisations – should become standard every-day practice. Encrypted email secures against hacking, enables authentication to ensure the right person has accessed the information, and provides an audit trail for security and regulatory purposes.
We are operating in a world where disclosure of information is a threat on many levels and putting in place preventative measures is essential for any size of firm within our industry.
(1)The data was obtained under the Freedom of Information (FOI) Act by the Parliament Street think tank’s cyber research team.