Just three years ago, only 6% of advice firms considered cyber security to be one of the most important challenges to their business1 . Today, across all firms, cyber security is seen as one of the top four business challenges overall2. In fact, for larger advice firms, it’s the number one concern.
What has prompted this change? Firms are now much more aware of the threats posed by phishing attacks, email scams and data breaches. In addition, a rapid and unplanned shift in working practices due to the Covid pandemic has changed the risk profile of many firms. This has increased the likelihood of an attack.
The good news is, certain key measures can be taken by all advice firms to address the biggest risks.
Five considerations for advice firms on the cyber security threat
With businesses investing more in security technology, the best way in for criminals is often through staff. It’s therefore important that everyone within a firm understands their security responsibilities and follows simple cyber hygiene practices.
2. Dedicated responsibility for information security
There’s an emerging trend for firms to bring the IT function in-house, rather than use an outsourced provider. This reflects the expanding role of technology in delivering the advice proposition.
3. Secure communications with clients
NextWealth’s research indicates 70% of advice firms are now using client portals that offer the ability to securely communicate and share documents with clients.
4. Secure communications with providers and platforms
Covid has accelerated the adoption of paperless processing and eSignatures for many providers. However, in some organisations, advisers still have to send and receive client information by less secure means, including post.
5. Regulation and self-certification
Given the risk posed to both client data and business continuity by cyber security threats, some in the industry expect to see more regulation in this area, perhaps in the form of self-certification for advice firms. This could be to standards like Cyber Essentials.
Three steps to take to reduce business cyber risk
- Cyber Essentials – visit the NCSC Cyber Essentials website and read through the self-assessment criteria. The vast majority of common cyber attacks are looking for targets that do not have these criteria covered. Following this framework will provide a view on the organisational security level and provides reassurance to clients that you are securing your business against cyber attack.
- Enable two-factor authentication – two-factor authentication means adding a level of security to your systems to ensure that someone accessing it has to provide a second form of identification (in addition to their password) to prove they are who they say they are. Having this in place decreases the risk of authorised access to your systems and data.
- Use a password manager – use a password manager at your firm that securely holds all of your various business account passwords and alerts you to any breaches. These applications also promote good password management practices and can help you create and securely store strong and complex passwords.
Addressing cyber security risk does not need to be overly complicated. There are simple steps that businesses can take, some of them free of charge, to get an essential level of protection in place. The key is that firms view cyber security as a core component of business risk and business planning and that it is regularly revisited and kept front of mind for all staff in the firm.
1 Source: Fidelity FundsNetwork’s ‘Business challenges facing financial advisers’ report.
2 Source: NextWealth’s Financial Advice Business Benchmarks 2021 (September 2021)
The annual allowance charge and Scheme Pays requests
Paul Squirrell takes a step-by-step approach to calculating client’s annual a…
Important considerations for pension contributions during the 2022/…
You may remember that the pension annual allowance was initially set at £215,…