Blog

A brief adviser guide to cyber security

With many of us continuing to work from home and spending more time online, the issue of cyber security has increasingly come to the fore

Graeme Stewart

Graeme Stewart

30 November 2020
The threats and risks associated with cyber attacks seem to be growing, both in volume and intensity. 

There are a number of key things for firms to consider in order to counter this growing threat, and encouragingly, a wide range of resources available to help. 

To begin with, and perhaps unsurprisingly, the FCA has quite a lot to say on the subject of cyber crime. 

In its annual report for 2019/20, the regulator said it had assessed 824 incident reports, of which 790 were cyber or technology-related.

It also noted there had been 324,000 online video views of its latest ScamSmart campaign as at 31 March this year. 

The FCA has built up a considerable library of support and help for firms on this matter, for example its good cyber security infographic, an industry insights paper and information for consumers on protecting yourself from scams.

The regulator says generally firms need to make sure they have the right systems in place to tackle this issue. 

The FCA has also published a document on banks' fraud controls which, though it has largely gone under the radar, could prove really useful for firms.

Banks gave responses to the following questions:

  • What is the firm’s approach to fraud prevention?
  • How and when can the firm’s customers contact them?
This could be used by firms to not only understand what to expect from their bank, but to become more alert to fraudulent behaviours and perhaps to educate their clients as well. 

Combating scams and helping clients stay safe

The FCA and The Pensions Regulator launched their latest joint campaign in July to help prevent pension scams. 

There were two key aims behind the campaign: firstly to provide savers aged between 45 and 65 with the knowledge and tools to avoid pension scams, and secondly to provide the pensions industry with the knowledge and tools to help savers. 

It outlined the four simple steps people can take to protect themselves:

  1. Reject unexpected pension offers
  2. Check the status of a firm with the FCA before changing your pension arrangements
  3. Don’t be rushed or pressured into making any decision about pensions
  4. Consider getting impartial information and advice 
The National Cyber Security Centre (NCSC) has a lot of useful resources to share with clients through its Cyber Aware service, the UK government’s advice on how to stay secure online, particularly during coronavirus. 

Its top tips are:

  • Create separate passwords for your email
  • Create strong passwords using at least three random words
  • Save passwords in your browser
  • Turn on two-factor authentication
  • Update your devices
  • Turn on back-up
Other NCSC resources for clients include guidance on protecting devices from viruses and malware, as well as a glossary of common cyber security terms

But the most important thing firms can do is give their clients confidence about how their data is being handled and protected.

It's worth educating your clients as to how exactly your firm will contact them and flagging that if this protocol isn't followed, they should be suspicious.

Clients should be encouraged to call you to verify any suspicious communications, just as you will call to verify any suspicious communications from them.

Firms can keep their clients up to date on cyber crime by highlighting the range of resources available both at the initial advice stage and when delivering ongoing advice, or when completing suitability assessments. 

At a firm level, the NCSC has guidance for companies of under 250 people which includes business advice and support on Covid-19, how to get your firm Cyber Essentials certified and the ability to test and practice your response to a cyber attack. 

What to ask your IT support firm

Many firms choose to contract out cyber security work to a professional IT support firm. 

There are though some due diligence questions you may want to ask before appointing (or renewing contracts with) an IT support firm.

For example:

  • What is the knowledge and experience of the firm? Ask to speak to their customers to find out their experiences, or ask for accredited testimonials
  • What support do they actually offer? What's available during office hours and outside of these, and at weekends
  • How often will their security be updated? You want to be assured that the firm will regularly be updating software
  • What training and further support can they provide your staff?You need to know that your staff will be able to get the IT support they need when dealing with problems or issues
It's also worth making sure you fully understand their procedures on:

  • Account management
  • Anti-virus protection
  • Change management
  • Data back-up and data loss prevention
  • Secure email
  • Encryption policy
  • Incident response
  • Network access
  • Password policy
  • Patch management
  • Physical security
  • Portable computing
  • Data protection policy
Ultimately, while the threat of cyber crime is real and growing, firms have a wealth of information at their fingertips to help their business address this. 

Staff training should be carried out regularly, keeping them up to date of company procedures and protocols.

Updating protection software should also become part of a firm’s culture, often becoming a weekly if not daily activity.

Reading this blog counts towards your CPD!

Click here to add this session to your Paradigm CPD log.


3 September 2021

Let technology do the work in the fast-paced mortgage environment


2 September 2021

Time of new beginnings


18 August 2021

The proof of the pudding


12 August 2021

FCA pension transfer advice: don’t be confused by the label


12 August 2021

Time for a change?


26 July 2021

The engagement conundrum


26 July 2021

"I can’t do it all"


7 July 2021

Paused for breath


6 July 2021

SMCR part two - conduct questions


28 June 2021

Introducing a new us!


17 June 2021

Patches - what are they and why are they so important


17 June 2021

Multi-factor authentication - the simple solution


8 June 2021

SMCR part one - time to take stock


27 May 2021

A reminder of the 'good old bad old' days of protection tech


18 May 2021

Let's not consider any 'reduction' in these as some sort of victory


5 May 2021

Simple methods-calculating client profitability


30 April 2021

If the pandemic has been the mother of invention, it's time to carry on


22 April 2021

Opportunities abound in the market


19 April 2021

Early Movers are Shaping the 95% LTV Market


13 April 2021

Here's a conundrum


8 April 2021

Advice processes for vulnerable clients


29 March 2021

Vulnerable signs for advice firms to watch out for


5 March 2021

Lenders have not got to grips with how the pandemic impacted borrowers


2 March 2021

How Covid has changed our financial lives


2 March 2021

Supply needs to match demand


19 February 2021

Don't overlook product transfers


16 February 2021

Creating a plan for good CPD


5 February 2021

Stamp duty debate a black hole


2 February 2021

Industry wide levy is a head scratcher


29 January 2021

Long-term imposter product may finally become relevant as a high LTV option


27 January 2021

How to deal with a subject access request


12 January 2021

What we've learned from the FCA's advice reviews


7 January 2021

Uncertainty continues into 2021


Paradigm

THIS SITE IS FOR PROFESSIONAL INTERMEDIARY USE ONLY AND NOT FOR USE BY THE GENERAL PUBLIC.

APCC Member
Paradigm Consulting is a Member of the Association of Professional Compliance Consultants

Paradigm Consulting is a trading name of Paradigm Partners Ltd
Office address: Paradigm Partners Ltd, Paradigm House, Brooke Court, Wilmslow, Cheshire, SK9 3ND
Paradigm Partners Ltd is registered in England and Wales. No.09902499. Registered Office: As above

Paradigm Mortgage Services LLP
Office address: Wellington House, Starley Way, Birmingham International Park, Solihull, B37 7HB
Registered in England and Wales. Company No: OC323403. Registered Office: Paradigm House, Brooke Court, Lower Meadow Road, Wilmslow, SK9 3ND
Paradigm Mortgage Services LLP is a Limited Liability Partnership.

Paradigm Protect is a trading name of Paradigm Mortgage Services LLP
Office address: Wellington House, Starley Way, Birmingham International Park, Solihull, B37 7HB
Paradigm Mortgage Services LLP is registered in England and Wales. Company No: OC323403. Registered Office: Paradigm House, Brooke Court, Lower Meadow Road, Wilmslow, SK9 3ND
Paradigm Mortgage Services LLP is a Limited Liability Partnership.