How to protect IFAs from Cyber Threats
Just 5 Measures can go a long Way to mitigating the key Threats which IFA Firms typically face
Following on from our previous article Hackers will adapt their Approach to attack IFA Assets, here we look at the key measures to mitigate those threats.
Let’s first take a look at some of the features in the company’s assets, specifically company bank account, website, CRM system, adopted investment platform, email and social media accounts.
Can you notice anything they have in common? They all have an account. Whether your IFA firm is sending an email, adding a new page to its website or managing a client’s assets, it is done through an account. The majority of accounts we use today have either an email address/username and a password combination. It is widely known this is a flawed way to ‘prove’ we are the owners of accounts, yet it’s still commonly used.
1. Enable Multi Factor Authentication (MFA) on all Accounts which are important
Multi factor authentication is one of those rare security measures which are low in cost/time/effort and very high in security protection. It makes it much harder for criminals to log into your CRM, email, etc. if they also need a code which is typically sent to your phone upon login. MFA is becoming more valuable each day. As more and more data breaches happen to companies we use, more passwords are released onto the dark web. The more passwords there are out there, the more criminals use them to log into our other accounts. MFA substantially puts a stop to that kind of criminal abuse.
Ensure MFA is enabled on your email, website hosting, bank account and any important online applications you use to do business, especially those which store personal information. Using a mobile application is better than text/SMS, but any are much better than the alternative of just using a username and password.
2. Keep your Devices and Website updated
Sometimes cyber criminals can exploit our devices without our knowledge by installing malware, ransomware or stealing information. The technical details can get confusing, but the good news is we can combat most of these situations by keeping our devices up to date. The best way is to enable automatic updates on our website (i.e. WordPress and all plugins), laptops and phones. If automatic updates are not possible, schedule a weekly or even monthly reminder in your calendar to update your devices.
3. Train your Employees on today’s security Threats
Knowledge is power, and knowledge on cyber security threats can really enable employees to notice when something isn’t right and ultimately, make good decisions. Knowing when not to click an email link or be forced to give up information over the phone are strong foundations to being resilient to common cyber criminal techniques known as social engineering.
At a minimum, enrol all employees on a free security education platform so they can receive bite-size training regularly. Curricula.com and CyberOff are two examples of fun cyber security education content that is engaging and free.
4. Have a Plan for when Things go wrong
This nugget of advice is often missed by many companies. It is good to try and prevent cyber security incidents, but they are inevitable for most of us and we can save ourselves a lot of stress and money by planning ahead. Having a basic business continuity plan is a good start. Brainstorm 3-5 reasonably likely and impactful scenarios which could damage the IFA firm’s ability to trade. Then, for each one, come up with some clear actions which key individuals would carry out to minimise the damage and recover the business to its normal operations. Once per year, test at least 1-2 scenarios in the plan and use the learning to improve the plan.
5. Have Access to a Security Expert
We may have some bias here, but we believe having access to a security expert can go a long way to preventing and managing cyber security incidents. Even if it is just a 1 hour call per month, utilising an expert can help IFA firms better understand what is important to their business, identify security weaknesses and start to fill in gaps month by month. Even if you don’t use a commercial service, have someone you can call if things go wrong and ensure that the person’s contact number is in your business continuity plan.
Kloudwerk works with you to help you keep the cyber criminals out. We offer affordable cyber security consultancy packages for business customers. Please visit our Cyber Consultancy page for more information.