Data breaches are increasing year on year, with no sign of slowing down. It is predicted that by 2020 a quarter of the world’s population will have been affected by a data breach.
With these kinds of figures, it makes you wonder why some firms are not taking their security as seriously as they should. As financial advisers you are in a position of responsibility, managing your client’s money; imagine for one second if information that you held on behalf of your client got into the wrong hands due to a data breach. The detrimental effect that it could have on your business and maybe even to you is unimaginable.
Firstly, with the implementation of the GDPR, you could be fined up to €20,000,000, or 4% annual global turnover – whichever is higher.
The ICO has advised, however, that fines are discretionary rather than mandatory and will be imposed on a case-by-case basis and must be ‘’effective, proportionate and dissuasive’’.
Before the implementation of the GDPR, the ICO issued breached companies with a penalty of up to a maximum of £500,000. The increase in the fine amount shows just how seriously they are now taking the protection of individuals details.
With this aside, you also need to consider the reputational damage that a data breach will cause. Research has shown that up to a third of customers in finance will stop doing business with a firm that has been breached. So, your existing clients will lose confidence in you, and future clients, if they complete their due diligence, will not even consider instructing you as their adviser.
So, what can you do to prevent a data breach?
- Employee training is high on the list. Getting staff to identify malicious emails and files will help to prevent malware attacks and viruses.
- Ensure that you have auto updates turned on for your PC/laptops/mobile phones, this makes sure that your machines are always up to date with the latest security that your machines offer. A common theme when it comes to security breaches is that the firm has outdated security software and procedures. This is usually put down to the cost of updating them regularly, but when you compare this cost against the effect of a breach, it really is a small one to pay.
- Implement a backup process. There are two types of backup that a firm can use. Either using backup software, or rollback software. The backup software allows administrators to restore a single file or an entire system by making complete copies of data, application and system files. For additional security, backups are usually kept in a different location. Rollback software, on the other hand, allows administrators to restore a file or entire system by reverting back to a configuration prior to corruption or disaster.
- Don’t use the same passwords! This might seem like an obvious one, but people are still using the same passwords for accessing their business computer as they are for that low-security website that they signed up to read a blog. All it takes is for a hacker to gain access to your password from one account, to then be able to use it to gain access to other accounts if you use the same one. We wrote a blog on passwords as part of our Cyber Security series, you can read it here.
We hope that you will take away from this blog the importance of protecting your firm from a security breach.
As we’ve said in the past, we are not cybersecurity experts, but we can help you identify what risks affect your business, and put you in touch with a security specialist should you wish to take this further. Please get in touch on 0161 521 8641.