Cybercrime is on the rise, fuelled by the pandemic and our increasing use of technology across all aspects of our daily lives.
The ongoing conflict in Ukraine has also heightened concerns around cybersecurity globally and the risk of cyberattacks on Australian networks, either directly or indirectly, has increased. In fact, in February 2022, the Australian Cyber Security Centre (ACSC) encouraged Australian organisations to urgently adopt an enhanced cyber security ‘posture’, to improve their resilience in light of these circumstances.
Even as we emerge from the pandemic, flexible working looks set to remain for many firms, at least in some form, but the need for remote access to multiple systems from different locations has prompted concerns about data security. John Rouffas, CISO at intelliflo, runs through some of the steps advice firms can take to strength their cybersecurity to prevent, identify and deal with attacks.
1. Regularly train your employees
In the financial advice sector, people are your most important asset and the same is true in cybersecurity. Your employees are a crucial line of defence, because if someone opens a malicious email, it could lead to malware being uploaded to your systems. Regular training to raise awareness of potential scams, reinforce good practice and identify poor behaviours is essential. It is also important to recognise that scams are becoming harder to identify all the time and no one is infallible. Rather than creating a culture of fear if something does slip through, issues will be dealt with quicker and more easily if you create clear reporting procedures and encourage staff to escalate incidents swiftly and without blame.
2. Use technology to prevent problems before they start
Phishing emails are by far the most common form of cyberattack and installing an email filter will weed out many of these scams before they hit your inbox, reducing the time your team needs to spend doing it. Recent findings for the ACCC in January 2022 found that phishing was the most common form of reported scam, up 50% from the previous month. Savvy’s online scams report has also revealed that currently in Australia for 2022, the total amount lost in scams to date is $72,231,217, an 84% spike since last year. With this data in mind, it is important that firms and their advisers have the tools and technology they need to prevent data breaches before they occur.
3. Keep your software up to date
Technology providers usually issue regular and ad hoc updates that fix problems including security vulnerabilities, so these should not be ignored. Make sure you implement updates as soon as possible across all of your firm’s systems, laptops, tablets and phones. Lots of advice firms still use old software or devices that are no longer supported by the provider, but this is really a false economy as it risks a hacker using them as a weak spot to enter your systems, so you should consider upgrading them as a matter of urgency.
4. Create strong passwords
Password protect all your systems and devices and do not use the same passwords for multiple applications or your security may be breached if the same details are compromised elsewhere. It can be hard to remember lots of different passwords, but do not write them down, consider using a secure password manager instead. For systems that hold personal or sensitive data, use multi-factor authentication, such as a code sent to your phone, as well as a strong password, to add an extra layer of protection.
5. Back up your data
Make sure that if you do fall victim to a cyberattack, you are able to restore your information quickly. Leveraging the cloud will help you back up significant quantities of data cheaply, and you will also benefit from the investment and resources the major cloud services put into monitoring activity across their whole platform to identify suspicious patterns before they reach you. If you use intelliflo’s technology, all your data and documents will be automatically stored and backed up safe in the knowledge that it is protected by our dedicated staff and our large annual investment in cybersecurity.
6. Plan for the worst
Plan for the worst, with robust procedures in place so that everyone knows what to do and who to contact, including any regulatory reporting requirements, in case of an incident. Test your plan regularly to identify weaknesses and stay on top of threats.
Ensure you have procedures in place so that everyone knows what to do and who to contact, including any regulatory reporting requirements, in case of an incident. Test your plan regularly to identify weaknesses and stay on top of threats.
As financial advisers move to using more online resources, cybersecurity will become increasingly important. By ensuring your own procedures are as robust as possible and leveraging the ongoing security investment and resources of your technology partners, you can minimise attacks and resolve incidents swiftly.