Cybersecurity for financial service businesses

In their 2019 Annual Review the National Cyber Security Centre (NCSC) reported that they had defended the nation from more than 600 cyber-attacks during the course of 2019. They further identified financial services as a specifically targeted sector, which was evidenced by the fact that the number of data breaches reported by financial services firms had increased by 480% throughout 2018.

Successful cyber-attacks can result in significant reputational damage as well as large-scale financial losses for businesses. These costs arise not only from managing the attack itself but also from implementing remedial action, repairing reputational damage and in remittance of fines levied against firms whose actions failed to prevent breaches. 

Protecting your clients’ assets and data, alongside your own business and reputation is therefore more important than ever.

Cybersecurity’s core function is to reduce the risk of successful cyber-attack by protecting the services offered to clients and preventing unauthorised access to personal data. This involves safeguarding your systems and the devices your employees use, such as computers, tablets and smartphones. 

This may seem a daunting task but many cyber-attacks can be prevented – or their impact reduced – by adopting some straightforward cybersecurity measures.

The following recommendations are based on the NCSC’s ‘10 steps to cybersecurity’ and can reinforce the protection your business already has in place:

1. Set up a risk management regime – assess the risks to your firm’s information and systems and then embed a company-wide risk management regime
2. Secure configuration – a secure baseline build for all systems and devices is vital, as is limiting the ability of staff to change configurations and removing unnecessary functionality and access
3. Network security – create and implement clear policies and controls to reduce the chance of attacks succeeding or causing harm to your business
4. Malware prevention – produce anti-malware policies and standards and ensure they are consistently implemented across your infrastructure and kept updated.
5. Monitoring – continuously monitor inbound and outbound network traffic for malicious activity or policy violations
6. Incident management – establish a fully-tested incident and disaster recovery capability
7. Manage user privileges – Individuals should only have the systems access and rights needed to complete their job function and these rights should be regularly reviewed
8. Home and mobile working – Establish risk based policies and procedures that support mobile working and remote access, these should include establishing a secure baseline build and configuration for all devices and procedures in order to protect data (in transit or at rest) 
9. Removeable media controls – apply appropriate security controls to removeable media (DVD, USB drives etc), including automatic scanning for malware before data can be transferred onto the corporate system
10. IT Security training for all employees – all staff should be aware of current security policies and should be supported through awareness, education and training programmes to become and engaged and security conscious workforce. A well-designed induction process and regular refresher training to reinforce the risk of cybersecurity threats is vital. 

For further guidance relating to these tips, download our helpful ten steps to protect your business factsheet. Feel free to share this – and all the other cybersecurity information on our site – with colleagues, contractors and suppliers.

Find out more about protecting your firm from financial fraud.

You can also visit out Keeping your business safe hub where you will find all of our useful content.