Bankhall’s top ten tips for solid cyber security

Cyber securityCyber crime is rarely out of the news these days and the reasons are obvious when the sums of money are so large and the risks to consumers so great. The personal data advice firms hold in respect of clients – passports, utility bills, payslips, bank statements, etc – are all valuable items for criminals intent on cloning someone’s identity.

No surprise, then, to see the FCA highlight cyber security as a priority area in its 2018/19 Business Plan.

The regulator wants firms to become more resilient to cyber attacks, to protect the interests of clients. The introduction of the General Data Protection Regulation has raised the stakes further, meaning any failures could result in heavy fines and penalties.

There are various types of cyber crime, with some of the most common being:

  • Phishing: An increasingly common threat, this involves an attempt to acquire sensitive information such as usernames, passwords and credit card details for malicious reasons, by masquerading as a trustworthy entity. There are many different types of phishing but typically this involves an email posing as something innocent, such as a bank asking a customer to update their password. It will contain a link to what looks like the bank’s internet banking page, but it will be a fake page set up to capture the log in details.
  • Ransomware/extortion: This involves the criminal infecting a person’s computer without their knowledge and withholding the information on it. This is generally by encrypting data. The criminal will only unencrypt it once a payment has been made, if at all. 
  • Data theft/credential hijacking: These types of crimes usually use Trojan software, which enters the computer from an untrustworthy source and waits silently until certain sites are opened. The software then captures usernames and passwords, and downloads them via the internet to the criminals who use them fraudulently. 
  • Identity theft: This involves searching for personal details online and increasingly includes harvesting information from social media sources. Criminals then use the person’s details to set up loans and bank accounts to siphon money or buy goods online, resulting in major financial losses that can also affect the victim’s future credit history.

Regardless of the size of a business, the principles around cyber security remain the same. Here are some simple tips to help protect your clients’ data and your business’ reputation:

  1. Make sure every individual in the business understands what is at stake. Any suspicious e-mails with unexpected attachments or links should not be responded to, and do not click on any links or open any documents in the email. Search the internet for a contact number if possible and check the validity. If you are unable to verify the sender, delete it.
  2. Make sure macros are disabled for all installations of Microsoft Office (new versions are disabled by default).
  3. Make sure all your computer’s operating systems (Window 7, etc.) are kept up-to-date with the latest security patches and ensure auto-update is enabled within the computer’s settings. Malware often takes advantage of known software vulnerabilities to hack into systems.
  4. Make sure you have internet security/anti-virus software installed and that it is up-to-date and set to automatically update and run continually, checking files as you open them.
  5. Keep business and personal activities separate and do not use your work device for personal use even with a different login.
  6. Wherever possible, do not use computer administrator accounts for day-to-day activity. This will reduce the risk of accidental infections, as these generally prefer to run on a computer to install files with administrator privileges.
  7. Make sure your data – particularly where it is needed for audit purposes – is securely backed-up. Do not forget cloud accounts can be accessed and encrypted too, so use a business cloud account not a personal one, especially those that are free-of-charge, as their security is likely to be minimal, if at all.
  8. Use a business-focused e-mail service from a reputable supplier who can help filter malware before it reaches you or your employees – for example, Google for Business or Microsoft Office 365.
  9. Change your passwords regularly. A password should be a minimum eight characters using a mix of symbols, numbers, upper and lower case letters and should be unique to every site you use. Try to avoid the temptation to use the same password for each site. Keep your passwords personal and secure. No one should ever ask you for your password. If they do, terminate the call or discussion and report it immediately.
  10. Be careful what you post online. Do not give a stranger all the details needed to guess your password or change it using your security questions.

Linda Preston-Todd is head of bespoke solutions at Bankhall



Auto-enrolment arrives but is it a done deal for small firms?

When business secretary Vince Cable told the Liberal Democrat party conference he had defeated the Tory “headbangers” who “find sacking people an aphrodisiac”, there was little doubt who he was thinking of – Adrian Beecroft. The Beecroft report, which was commissioned by the Government and published in October last year, contains a series of radical […]

Aegon brings back executive as Cofunds issues rumble on

Former Aegon chief operating officer Tommy Young has rejoined the provider as a consultant as it continues to resolve issues with the Cofunds replatforming. Young was appointed chief operating officer at Aegon in 2011 having joined the provider in 2009 as governance and controls director of its sales and distribution business. He retired in February. […]


MP demands secondary annuity market U-turn

Plans to allow annuity holders to sell their policies on a secondary market should be revived, according to Liberal Democrat MP Stephen Lloyd. The government rolled back its proposed second-hand market plans in October 2016 over fears a competitive market could not be created if the required consumer protections were put in place. An estimated […]

Protection challenger opens for business

New protection provider Guardian Financial Services has opened to advisers following a pilot with four intermediary firms. The business has backing from the Gryphon Group, which bought the Guardian insurance brand in December last year. Guardian has been launched with £180m of investment. It is initially offering critical illness and life insurance with income protection […]


News and expert analysis straight to your inbox

Sign up


    Leave a comment


    Why register with Money Marketing ?

    Providing trusted insight for professional advisers.  Since 1985 Money Marketing has helped promote and analyse the financial adviser community in the UK and continues to be the trusted industry brand for independent insight and advice.

    News & analysis delivered directly to your inbox
    Register today to receive our range of news alerts including daily and weekly briefings

    Money Marketing Events
    Be the first to hear about our industry leading conferences, awards, roundtables and more.

    Research and insight
    Take part in and see the results of Money Marketing's flagship investigations into industry trends.

    Have your say
    Only registered users can post comments. As the voice of the adviser community, our content generates robust debate. Sign up today and make your voice heard.

    Register now

    Having problems?

    Contact us on +44 (0)20 7292 3712

    Lines are open Monday to Friday 9:00am -5.00pm