Cybersecurity is a constantly shifting landscape, with new technologies, threats, and defences emerging at dizzying speed. Tracking, assessing, and protecting against cyber risk can be a highly technical process, involving specialist knowledge, obscure acronyms, and regular reviews. However, it's not an area financial organisations can afford to ignore.
Financial services organisations are 300 times more likely than other companies to be targeted by a cyberattack, and the risk is growing, especially with ongoing digital transformation providing new opportunities for criminals to target businesses, systems, and customers.
In this constantly shifting environment, cybersecurity must be a key concern for everyone, from board members to frontline staff.
In this article, we explore five key best practices, without the jargon, to focus on practical steps your organisation can take to protect itself.
1. Make Cybersecurity A Whole Business Concern
In a digital-first financial world, the scope, integration, and importance of cybersecurity will become increasingly essential, embedded in every part of your organisation.
It’s not enough to just have dedicated experts to handle cyber threats – every member of your team has a role to play in safeguarding your business.
Leading businesses are already integrating cybersecurity into their broader organisational structures, including:
- Forming technology committees with a mandate that includes cyber oversight for the larger business.
- Expanding protocols in the event of an attack to include broad groups of senior managers, not just the people directly fixing the issue.
- Elevating reporting on cybersecurity to a C-level day-to-day concern, with plans executed through every department.
- Expanding oversight to include not just the state of systems but intelligence on threats, case studies of breaches, and the impact of regulatory changes.
By having a consistent policy that extends from your front-line customer service teams up to board-level oversight, your business can create holistic frameworks where everyone plays a role in guarding against risk.
2. Invest In People And Training
While the first thought in terms of protecting a business from cyber attacks might go to the buzzwords we know from the movies – firewalls, detection, AI – the biggest risk to your business is from your people.
The most sophisticated tools in the world have limited utility if one of your team members leaves their laptop open, compromising your network.
Employees need to be regarded as part of the cybersecurity team, with corresponding investment in their training and education. This includes regular refreshes to keep up with changes in the landscape.
- Educate your teams on identification techniques and other security best practices - like using password managers, two-factor authentication, and logging out of devices before leaving them unattended - to significantly curb the risk of internal actor risk.
- Involve management and teams in rehearsal scenarios, preparing them to respond to potential cyber incidents so everyone knows what to do in the event of an emergency.
- Formalise business policy in systems that strictly manage permissions, known as ‘privileged access management’, where user credentials and privileges are tracked, controlled, and audited.
3. Safeguard Your Everyday Activity
The biggest risks for a business lie in the processes that underpin everyday operations – actions that can seem so normal that your team doesn’t stop to think about them.
It’s in these moments that threats can creep in and wreak havoc.
One of the most basic areas to consider is communications, with attackers used phishing to gain initial access in 46% of attacks against the financial services sector.
Phishing is the use of fraudulent messages to trick a person into revealing sensitive information to the attacker, and email can be a key vulnerability.
The spread of remote work creates more reliance on email communications while also limiting face-to-face checks that can act as a guard against threats.
One of the most effective ways to safeguard your emails is moving to a secure platform such as Mailock as an end-to-end communications provider, creating security that goes beyond your immediate organisation.
This can deliver a range of benefits, including:
- Increased security, with one system used for internal teams, advisers, and the end customer.
- Identified recipients, using the widely-adopted Unipass Identity authentication.
- A secure and economic alternative to post, allowing organisations to save on print, pack, and post costs and contribute to ESG goals.
- Reduced inconsistencies in approaches between different business areas.
For financial services businesses, the right security software goes beyond practical enablement, helping you demonstrate to customers that you take protecting their data seriously.
4. Educate Your Customers
Financial services have both a moral and a regulatory duty to keep their customers' data and finances safe.
While this starts with controlling internal processes and checks to ensure the integrity of your own systems, it’s also important to help customers themselves protect their assets.
The financial services industry is the most commonly impersonated industry for phishing attacks, accounting for 34% of activity.
Criminals impersonating your organisation have the potential to do serious reputational damage to your business, while potentially putting your customers at risk.
- Ensure that your customers understand the ways that criminals can impersonate your business, via phone, email, post, or other channels.
- Create easy methods for customers to verify official communications and check risk.
- Document your information policies for how customers can expect your representatives to behave to highlight any potential fraudulent activity.
5. Spread Risk Through Multiple Lines Of Defence
No one solution can protect your business from every threat.
An effective cybersecurity programme requires multiple lines of defence, both technological and human.
These can work in tandem, mitigating potential weaknesses in each other. For example, automated systems can track data at a scale that human teams can’t match, and human agents can more effectively understand the nuance of customer behaviour and assess risk holistically.
By using the right systems for each level of threat, you can create more protective barriers between your customers and potential risks, examining threats through multiple lenses. These can include:
- Security Information and Event Management (SIEM) systems to comply with necessary mandates more efficiently and track issues.
- Artificial intelligence and Machine Learning (ML) powered fraud detection algorithms to spot suspicious activity.
- Smart incident resolution to handle low-level issues and automated attacks.
- Specialist teams for customer use cases when issues are escalated.
Prioritising Secure Communications
Protecting your business and your clients has always been a core responsibility for financial services organisations. Cybersecurity is just the latest evolution.
To remain competitive, institutions must prioritise solutions that maximise security and minimise service disruption, cost, and risk. This is especially important for client-facing services, including email.
Mailock is a secure email solution specifically designed for the financial services industry.
Using award-winning encryption technology, institutions can create end-to-end secure communication channels for internal and external stakeholders to move data and gather information securely.
Mailock securely digitises your comms, helping you to:
- Decrease reliance on paper-related processes
- Engage and instil trust in clients
- Streamline internal operations
- Comply with rising regulations
References
Cyberattacks hit financial services 300 times more than other sectors, CIO Dive, 2019
The Cybersecurity Posture of Financial Services Companies, McKinsey, 2020
Banking Industry Sees 1318% Increase in Ransomware Attacks in 2021, Security, 2021
Cost of Cybercrime Continues to Rise for Financial Services Firms, Accenture, 2021
Cost of a Data Breach Report, IBM, 2022
HMRC Records 73% Growth in Email Phishing Attacks During #COVID19, Infosecurity, 2020
Threat Reports January 2022, Trellix, 2022
Modern Bank Heists 5.0: The Escalation from Dwell to Destruction, VMware, 2022
State of the Internet: Phishing for Finance Report, Akamai, 2021
DDoS Attacks in the Financial Sector, IBM, 2021
Cybersecurity: Emerging Challenges and Solutions for the Boards of Financial Services Companies, McKinsey, 2020
Cyber Resilience Study, Accenture, 2023
Phishing remains top route to initial access, Cybersecurity Dive, 2024
Phishers’ Favorites Top 25, H1 2022, Vade, 2022
Reviewed by
Sabrina McClune, 27.06.24
Sam Kendall, 05.06.24