In an ever-changing world with new distinctive economic challenges, the requirement for you to protect your business has never been greater.
In the 18 years, we have been in business, we have never seen a situation quite as dynamic as this one. The structure of human society has changed more in past 5 months than in 5 years, and with the situation still changing shape by the day; those of us in the commercial world have certainly been kept on our toes.
But what if now is an opportune moment to take stock of the security of your business? Proactively make changes that will allow you to improve the resilience and overall protection to reduce and minimise business risk.
There is no single-answer approach to minimising risk to your business as there is a lot to consider. As a company in the finance sector with FCA standards and regulations to adhere to, you are not only having to work to protect the interests of your business and your clients, but to meet legislative pressure too.
Suffering as a result of an IT failure or cybersecurity attack will be certain to create doubt in the mind of your clients that you’re up to the task of managing their financial interests. This will likely incur an additional penalty and overwatch from the industry regulator.
What steps to take?
We have been busy helping our clients across the financial services sector maintain security in their service delivery while transitioning to a new world of working. By leveraging technology in a secure way, businesses can minimise risk and mitigate disruption, alongside financial and reputational loss.
Business resilience and your IT
Monitoring, maintenance and management
Strongly encouraged by the FCA, and featured within the rules of the Cyber Essentials accreditation programme, good IT and cyber security governance is fundamental to ensuring you not only have adequate defences and practices in place, but that you continue to maintain and evolve them to ever-changing threats.
Good governance is defined as continual monitoring and patching of systems, the application and enforcement of security best practices, along with regular maintenance.
A good IT partner will provide this for you; ensuring that you are working from up-to-date and supported systems, potential areas of risk to security or performance are identified and addressed, and that best practice compliant protocols are commonplace.
Closing loopholes in cyber security
Being aware of vulnerabilities and where and when they arise is important when adopting new working practices.
Think about where your staff are accessing data and what they can do with it:
> Do you have a mechanism for controlling file permissions?
> Can you prevent files from being downloaded to inappropriate locations outside of your control?
Think about system access management. This means ensuring only the right people are gaining access to your business’ data:
> Can you easily manage system access and define permissions based on an individual’s role?
> Are staff using personal devices? Personal devices present additional security threats as you have less control over them.
Think about what happens in a worse-case scenario…is your data backed up and encrypted?
> Is everything backed up? This means all data, both locally and cloud-stored. An effective backup doesn’t just safeguard your data against cyber threats, it also allows you to get back up and running quickly should various kinds of disruptive event occur, flood, fire, theft, human error, internal data theft etc. > Are you making the most of encryption? Ideal as an extra safeguard on mobile devices, encryption will keep the sensitive data private, even in the event of a theft.
The Government’s flagship cyber security programme, Cyber Essentials, is rapidly becoming the go-to standard in identifying businesses that adhere to good cyber security practices.
To achieve a Cyber Essentials accreditation, you must comply with 5 key controls that help step-up the foundation of your cyber defences and be sure to maintain those upon annual renewal. Once certified, your businesses can make use of the recognised accreditation ‘kitemark’ to instil confidence in your clients, and in some cases, meet obligations to public or private sector contracts.
Awareness is key
Email is likely the biggest weakness when it comes to defending against cyber threats. Despite putting filters in place and utilising best security practices, you still need to be able to freely send and receive emails in our daily operations leaving you inevitably vulnerable.
Your staff are your first line of defence when it comes to cyber security. As users of IT, they unknowingly act as a ‘human firewall’ in identifying and avoiding threats they discover in their day to day work – particularly via email.
Ensure that your staff are aware of the common methods used by cybercriminals to infiltrate systems and are alert to take appropriate action. For example, would they know how to identify an email designed as a phishing scam or be able to identify suspicious links potentially disguising malware?
What else to consider?
Reputation is everything. If you suffer downtime or a loss of data, how does that appear to your clients?
Most businesses have been forced to make rapid changes to their operation by implementing ways of working they were simply not prepared for. Any dip in performance may be forgivable in the short-term but recovering from a leak of sensitive data will be incredibly difficult.
In an industry built on trust, being able to remain steadfast through turbulent times will inspire confidence in clients and they will be reassured that your business is the right one to manage their financial assets. Ensuring your business is protected against threats from all angles will safeguard your revenue and ultimately your livelihood.
Where to begin?
Government funding support may help you start the process.
As a part of a raft of funding support out of the COVID-19 situation, the Government are in the process of announcing grant funding specifically to help businesses make operational transitions. Grants will become available between £1,000 and £5,000 that could help you better protect your business, while levelling-up your service by deploying new tools and working practices.
At Evolve we are here to help you on this journey. With a wealth of expertise in cybersecurity, combined with the insights gained by supporting financial service businesses over several years, uniquely places us to help you overcome business challenges and add protection to your business.
To help you discover the possibilities of cybersecurity and how grant funding may help, please book a free, no-obligation discovery call with one of our consultants today.