Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Top Stories

CYBERCRIME: THE ELEPHANT IN THE ROOM

Cybercrime: the elephant in the room

If a cybercriminal infiltrated your firm, would you know?

As cybercrime continues to grow worldwide, security expert Andrew Fitzmaurice, has urged firms to take steps now to avoid costly attacks in future.

By Ian Lavis, Praxity

The biggest threat to accountancy firms may not be the automation of the industry but the increasingly sophisticated cybercriminal – operating both internally and externally.

That was the stark message to delegates at the annual global conference of Praxity, the world’s largest alliance of independent accounting and consulting firms, in Scotland recently. It was delivered by Andrew Fitzmaurice, Chief Executive of Templar Executives, voted best cyber security firm in the European CEO Awards 2016.

Describing the threat of cybercrime as “the elephant in the room”, Andrew told delegates that preventing attacks by cybercriminals should be seen as a business proposition, not just a security proposition. He said firms must understand the risks and threats, decide what matters and take action.

He cited a recent attack on telecoms firm Talk Talk which cost the company £42m and halved its profits. Almost one in 10 customers had their bank account numbers and sort codes hacked and the firm lost 95,000 customers.

A mid-life crisis could cost millions

The threat could be internal as well as external, the security expert told delegates. It is not unknown for a firm to pay someone to get a job in a rival firm to gain access, transfer information and then leave. Equally, a company could pay for an attack on a firm it wishes to buy to lower the share price in advance of the acquisition. Insiders exploit legitimate access to assets for unauthorised purposes. The majority of insiders are male employees on a full-time, permanent contract. The trigger could be something as personal as a mid-life crisis.

Employing someone to monitorsecurity may not be enough, Andrew said. “Who watches the watchers? Who watches the system administrators?” He pointed out that late year there were five major attacks in the City of London and four were insiders.

Combatting cybercrime

So what can firms do now to combat the threat of cybercrime? Firms need to set the tone from the top, with appropriate governance and a clear hierarchy for the management of information risk to ensure the development of a cyber aware culture.

Andrew urged firms to focus on:

  1. People – with improved HR vetting/training, security culture andlocal accountability
  2. Process – via governance, corporate policies, performance metrics and data management
  3. Technology – to monitor and respond, assess risk and develop security standards

Even simple things like keeping systems up to date, using strong passwords and two-factor authentication can greatly increase security. At the very least firms should consider investing in a firewall and anti-virus software, and using virtual private networks to create a ‘tunnel’ between two pointssuch as a head office and a branch, where data is encrypted and secure.

Carol Wright, Business Growth Specialist at Praxity participant firm Springfords in Edinburgh, said firms need to address the cyber security issue internally as well as advising clients. “Twoof our clients have lost five figure sums over the last year as a result of phishing attacks. We are advising our clients to protect themselves and to take out cyber security insurance.”

To help get the message across, Springfords has been organising a series of cyber security seminars for clients and staff alike, as well as taking action to improve security including data encryption for laptops and encouraging staff to regularly change passwords.

Carol added: “Obviously having a well maintained, up to date and secure IT system is important along with robust internal procedures but, at the end of the day,it is our people who represent our first defence against cybercrime.  Not only is it important that we train our staff to be alert to the methods external cyber criminals use, we need to ensure we have a happy and well managed workforce to avoid internal attacks by disgruntled employees.  It’s also important that we take out additional insurance to protect ourselves against potential financial and reputational losses from cyber attacks.”

What are the threats?

Firms and individuals are vulnerable to cyber-attack in many ways including:

  • Phishing – the attempt to obtain sensitive information such as usernames, passwords and credit card details for malicious reasons by masquerading as a trustworthy entity.
  • Spear phishing – a highly personalised form of phishing which may include a holiday photo to convince the reader to click through.
  • Vishing – when someone such as a PA is asked for personal details on the phone.
  • The dark web – where people advertise services to ruin someone’s life.
  • Legalised malware such as mobile phone apps or games with complex terms and conditions which if accepted could provide access to hostile, intrusive or malicious software.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post