5 key Cyber Security Measures to protect IFA Firms

Just 5 measures can go a long way to mitigating the key threats which IFA firms typically face.

How to protect IFAs from Cyber Threats

Just 5 Measures can go a long Way to mitigating the key Threats which IFA Firms typically face

Following on from our previous article Hackers will adapt their Approach to attack IFA Assets, here we look at the key measures to mitigate those threats. 

Let’s first take a look at some of the features in the company’s assets, specifically company bank account, website, CRM system, adopted investment platform, email and social media accounts. 

Can you notice anything they have in common? They all have an account. Whether your IFA firm is sending an email, adding a new page to its website or managing a client’s assets, it is done through an account. The majority of accounts we use today have either an email address/username and a password combination. It is widely known this is a flawed way to ‘prove’ we are the owners of accounts, yet it’s still commonly used.

1. Enable Multi Factor Authentication (MFA) on all Accounts which are important

Multi factor authentication is one of those rare security measures which are low in cost/time/effort and very high in security protection. It makes it much harder for criminals to log into your CRM, email, etc. if they also need a code which is typically sent to your phone upon login. MFA is becoming more valuable each day.  As more and more data breaches happen to companies we use, more passwords are released onto the dark web. The more passwords there are out there, the more criminals use them to log into our other accounts. MFA substantially puts a stop to that kind of criminal abuse. 

Ensure MFA is enabled on your email, website hosting, bank account and any important online applications you use to do business, especially those which store personal information. Using a mobile application is better than text/SMS, but any are much better than the alternative of just using a username and password.  

2. Keep your Devices and Website updated

Sometimes cyber criminals can exploit our devices without our knowledge by installing malware, ransomware or stealing information. The technical details can get confusing, but the good news is we can combat most of these situations by keeping our devices up to date. The best way is to enable automatic updates on our website (i.e. WordPress and all plugins), laptops and phones. If automatic updates are not possible, schedule a weekly or even monthly reminder in your calendar to update your devices.

3. Train your Employees on today’s security Threats

Knowledge is power, and knowledge on cyber security threats can really enable employees to notice when something isn’t right and ultimately, make good decisions. Knowing when not to click an email link or be forced to give up information over the phone are strong foundations to being resilient to common cyber criminal techniques known as social engineering.

At a minimum, enrol all employees on a free security education platform so they can receive bite-size training regularly. Curricula.com and CyberOff are two examples of fun cyber security education content that is engaging and free.

4.  Have a Plan for when Things go wrong

This nugget of advice is often missed by many companies. It is good to try and prevent cyber security incidents, but they are inevitable for most of us and we can save ourselves a lot of stress and money by planning ahead. Having a basic business continuity plan is a good start. Brainstorm 3-5 reasonably likely and impactful scenarios which could damage the IFA firm’s ability to trade. Then, for each one, come up with some clear actions which key individuals would carry out to minimise the damage and recover the business to its normal operations. Once per year, test at least 1-2 scenarios in the plan and use the learning to improve the plan.

5. Have Access to a Security Expert

We may have some bias here, but we believe having access to a security expert can go a long way to preventing and managing cyber security incidents. Even if it is just a 1 hour call per month, utilising an expert can help IFA firms better understand what is important to their business, identify security weaknesses and start to fill in gaps month by month. Even if you don’t use a commercial service, have someone you can call if things go wrong and ensure that the person’s contact number is in your business continuity plan. 

Kloudwerk works with you to help you keep the cyber criminals out. We offer affordable cyber security consultancy packages for business customers.  Please visit our Cyber Consultancy page for more information.

Share:

Facebook
Twitter
Pinterest
LinkedIn

Leave a Reply

Your email address will not be published.

On Key

Related Posts

WEBSITE SECURITY REPORT

GOLD

Imagine you own a house and want to add an additional floor. First you have to review and strengthen the foundations. This service builds cybersecurity foundations to facilitate growth in a resilient, timely manner.

This service will also provide the company with a cybersecurity risk assessment and improvement plan but with significantly more support from a senior consultant to help the company embed improvements in a continuous, timely manner

SILVER

The dreaded car MOT is looming. It’s the unforeseen wear & tear that results in some necessary annual maintenance. Our cybersecurity review will highlight what needs to be done as your engineers.

In addition to the context gathering stage and security footprinting service, a senior consultant will perform a risk assessment to understand the company’s cyber risks and provide recommendations. They will also be available to undertake monthly calls for answering questions, providing guidance and checking on whether risks are reducing.

BRONZE

You’re embarking on a more active lifestyle, chosen to go on a diet and get in shape. Think of this service as the cybersecurity equivalent of the personal trainer, helping you along the way.

After an initial context gathering stage, a junior security consultant will be available once per month to answer questions and provide recommendations based on company goals and activities. A cybersecurity footprinting service will allow the company to continuously monitor its external security posture.

Add Your Heading Text Here

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Add Your Heading Text Here

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.