National Cyber Security Awareness Month 2019

October is National Cyber Security Awareness Month, co-led by The European Union Agency for Network and Information Security (ENISA), the European Commission DG CONNECT and Partners.

The theme for 2019 is “Cyber Security is a Shared Responsibility!”. It aims to assist the public in establishing and maintaining daily routines, checks and general behaviour required to stay safe online. Additionally, it intends to help people stay tech wise and safe with the latest emerging technologies.

This year’s campaign video is titled “Your Daily Cyber Routine”, which is designed to highlight common risks and show people that preventative measures aren’t as difficult or confusing as they might think. Share this video with your friends and family to help them protect themselves online.

They have also released an infographic for “Staying Safe with Tech”, which teaches users the smart cyber questions they should be asking before purchasing a new tech device. The hashtag #CyberSecMonth is being used across social media, in discussions about cyber security. Share the infographic with your friends on social media to bring awareness about the preventative steps they should be taking.

Cyber Attacks on Financial Advisors

As part of ECSM 2019, we wanted to highlight a sector which is vulnerable to cyber attacks – the Financial sector.

Cyber criminals target all kinds of people however, an obvious target group is high net worth individuals. There is the opportunity to rob them using targeted cyber attacks.

One way to get to high net worth individuals is via services they will commonly use. One such service is Financial Advisors. They will hold financial details, personal details and specific bank account details. If a cyber criminal breaks into the Financial Advisor’s server, they will have a good line of attack on the “money”.

In 2018, there were 145 breaches reported from UK financial services companies, according to the Financial Conduct Authority (FCA). This is a huge rise from 25 reported breaches in 2017. Education surrounding cyber security needs to increase, and firms dealing with large amounts of data should ensure that they have preventative measures in place.

One potential risk for Financial Advisors is ex-employees still having access to the system. There should be procedures in place to remove users as soon as they’ve left the firm, to avoid any risk of a data breach.

Another common mistake is not updating software regularly, choosing instead to delay the update or click “remind me later”. Old versions of software are not as secure as the latest update, and could include potential “back doors” for cyber criminals to access.

Financial Advisors need to ensure that their security is up-to-date, to reassure their high net worth customers that their data is safe.

How To Protect Yourself

If you’re worried about the security of your Financial Advisors, there are steps you can take to protect yourself and your data. Here are Nexor’s 8 helpful tips:

Check how seriously your Financial Advisors take security. For example, have they passed Cyber Essentials (the security equivalent of “Gas Safe”)?
Check their privacy policy, which you should see on their web site.
Check they are FCA regulated.
Only share details they really need.
Unless they will run transactions for you, they shouldn’t need specific account numbers or sorts codes.
NEVER tell them your passwords or PINs.
If you change Financial Advisors, insist that the old Advisor destroys all your records.
Subsequently, use a data protection information request to verify they have.

Nexor’s proactive approach to cybersecurity helps you to implement preventative measures, to ensure that your business is protected in case of attack. For more information on our services, get in touch with us.

Author Bio – Colin Robbins

Colin Robbins is Nexor’s Managing Security Consultant. He is a Fellow of the IISP, and a NCSC certified Security and Information Risk Adviser (Lead CCP) and Security Auditor (Senior CCP). He has specific technical experience in Secure Information Exchange & Identity Systems and is credited as the co-inventor of LDAP. He also has a strong interest in security governance, being a qualified ISO 27001 auditor.