Six tips for stronger data security

The ongoing conflict in Ukraine has also heightened concerns around cyber security globally and the risk of cyber attacks on Australian networks, either directly or indirectly, has increased.

In fact, in February 2022, the Australian Cyber Security Centre (ACSC) encouraged Australian organisations to urgently adopt an enhanced cyber security ‘posture’, to improve their resilience in light of these circumstances.

Even as we emerge from the pandemic, flexible working looks set to remain for many firms, at least in some form, but the need for remote access to multiple systems from different locations has prompted concerns about data security. This article outlines some of the steps that advice firms can take to strength their cyber security to prevent, identify and deal with attacks.

1. Regularly train your employees

In the financial advice sector, people are your most important asset and the same is true in cyber security. Your employees are a crucial line of defence, because if someone opens a malicious email, it could lead to malware being uploaded to your systems. Regular training to raise awareness of potential scams, reinforce good practice and identify poor behaviour is essential. It is also important to recognise that scams are becoming harder to identify all the time and no one is infallible. Rather than creating a culture of fear if something does slip through, issues will be dealt with quicker and more easily if you create clear reporting procedures and encourage staff to escalate incidents swiftly and without blame.

2. Use technology to prevent problems before they start

Phishing emails are by far the most common form of cyber attack and installing an email filter will weed out many of these scams before they hit your inbox, reducing the time your team needs to spend doing it. Recent findings for the ACCC in January 2022 found that phishing was the most common form of reported scam, up 50 per cent from the previous month. Savvy’s online scams report has also revealed that currently in Australia for 2022, the total amount lost in scams to date is $72,231,217 — an 84 per cent spike since last year. With this data in mind, it is important that firms and their advisers have the tools and technology they need to prevent data breaches before they occur.

3. Keep your software up to date

Technology providers usually issue regular and ad hoc updates that fix problems including security vulnerabilities, so these should not be ignored. Make sure you implement updates as soon as possible across all of your firm’s systems, laptops, tablets and phones. Lots of advice firms still use old software or devices that are no longer supported by the provider, but this is really a false economy as it risks a hacker using them as a weak spot to enter your systems, so you should consider upgrading them as a matter of urgency.

4. Create strong passwords

Password protect all your systems and devices, and do not use the same passwords for multiple applications or your security may be breached if the same details are compromised elsewhere. It can be hard to remember lots of different passwords, but do not write them down, consider using a secure password manager instead. For systems that hold personal or sensitive data, use multi-factor authentication, such as a code sent to your phone, as well as a strong password, to add an extra layer of protection.

5. Back up your data

Make sure that if you do fall victim to a cyber attack, you are able to restore your information quickly. Leveraging the cloud will help you back up significant quantities of data cheaply, and you will also benefit from the investment and resources the major cloud services put into monitoring activity across their whole platform to identify suspicious patterns before they reach you.

6. Plan for the worst

Ensure you have procedures in place so that everyone knows what to do and who to contact, including any regulatory reporting requirements, in case of an incident. Test your plan regularly to identify weaknesses and stay on top of threats.

As financial advisers move to using more online resources, cyber security will become increasingly important. By ensuring your own procedures are as robust as possible and leveraging the ongoing security investment and resources of your technology partners, you can minimise attacks and resolve incidents swiftly.

John Rouffas, CISO, intelliflo

Neil Griffiths

Neil is the Deputy Editor of the wealth titles, including ifa and InvestorDaily.

Neil is also the host of the ifa show podcast.