According to a survey of 500 financial services consumers, 82% of investors would seek to change their adviser, or not appoint them in the first place, if it became public knowledge that the adviser had been hacked.
According to a survey of 220 of our clients, 44% of advisers have direct experience of cyber attack. With the General Data Protection Regulation (GDPR) coming into force in May 2018, where breaches result in risk to individual rights and freedoms, such breaches will have to be reported to the regulator and to the individuals concerned.
How will you handle having to tell a client that their data has been compromised?
Identifying cyber threats, mitigating cyber risks and dealing with cyber attacks are all part and parcel of running any business that holds data on its clients. What would you do if your data was stolen and compromised? How would you get back up and running in such circumstances?
Where you have data, you have something that hackers want and can monetize. By withholding your data from you, hackers can extort you for financial gain in exchange for its return. These forms of attacks, known as ransomware, encrypt your data with the promise of releasing it upon receipt of payment of a ransom.
Such attacks are very common, so every business should have a clear plan to deal with them. Attacks need to be anticipated as part of modern business, with appropriate continuity planning and insurance in place to deal with them.
Several firms have opted, in such circumstances, to just pay the ransom. This is categorically not the right course of action. What incentive do these anonymous hackers have to actually release your data? Furthermore, there have been instances of firms paying for the release of data, only for the release key they are given to infect their system with more ransomware. Ultimately, you are dealing with criminals.
How can hackers gain access to your data?
The major weakness in any firm is its employees. If their access to your system is compromised, then your data is at risk. Simple phishing emails are a major source of success to hackers. These are emails containing infected attachments or malicious links which your staff may open purely by accident.
Usually, the email will appear to have come from a trusted source – it is easy to manufacture an email to make it appear as though it has been sent from a senior figure at the company, or from a friend or relative. Most of us give up swathes of personal information on public sites such as Facebook. It is easy for hackers to ascertain individual likes and relationships and engineer these to their own benefit.
Email approaches from hackers have moved on from declarations of lottery wins in far flung corners of the globe. You’re far more likely to trust an email from a friend or colleague. Once the hackers have obtained login credentials for your system, they can then set about encrypting and withholding your data.