How to protect your practice from cyber breaches

Chief technology officer at Midwinter Financial Services, Fraser Hamilton revealed the do’s and don’ts when it comes to keeping your advice practice protected.

1. Diversify your passwords

Mr Hamilton highlighted that passwords are a “common point of weakness”, with passwords such as “123456” not only being amongst the easiest to guess but also the most used.

Moreover, reusing a password across multiple accounts practices is leaving the door open to multiple hacks.

As such, Mr Hamilton suggested using a password manager, which can randomly generate and store complex passwords.

2. Embrace two-factor authentication

Two-factor authentication (2FA) is the “second line of defence” beyond passwords, according to the CTO.

He explained that many people may be already familiar with 2FA, with the likes of banking apps often requiring an additional confirmation through email or text message before a transaction can be executed.

3. Swap emails for client portals

Despite its popularity, Mr Hamilton warned that sending sensitive information via email is an inherently insecure approach, and may expose clients to fraudulent communications whose origins appear to be from a reputable source.

With client portals, clients can set their own passwords and ensure greater levels of security between communications.

4. Opt for cloud-based storage

For Mr Hamilton, a cloud-based workflow is more efficient and secure than storing information locally or on paper.

“It is cost-effective and flexible, with major, cloud-based vendors investing huge amounts of money to secure their systems,” he explained.

The CTO added that cloud-ran software applications are continually updated while desktop software often requires manual checks.

5. Review cyber security of suppliers and software

Mr Hamilton offered the helpful advice of: “The cyber security of any advice practice is only as secure as its weakest link.”

Most large companies invest heavily in security, hence he encouraged advisers to ensure that suppliers have strong cyber security controls in place, and to additionally be wary of free software.

“If you are not paying for the product, you are the product,” he warned.

To find out more about what advice practices can implement, read here.