For financial professionals only
The stories and images from the Russia/Ukraine conflict are horrifying, and our deepest sympathies and thoughts are with all the Ukrainian people. Aside from the obvious suffering and devastation, you may have seen increased coverage about the cyber security threat due to the war and Ukraine’s regional instabilities. The FCA recently outlined some considerations for a firm’s operational and cyber resilience [1], while the NCSC encouraged UK organisations to act following the invasion [2].
Reassuring our customers
We’ve made significant investments in security to be sure that our systems, processes and infrastructure monitoring protect you and your clients effectively. We align to industry standards, focusing on ISO 27001, NIST and SANs, which are all recognised international standards for managing information security. We don’t just focus on IT – we cover all departments, processes, propositions and people, to make sure we holistically manage our risks.
To keep on top of constantly evolving threats, we layer different types of security controls to provide defence in depth. In the past year, we’ve seen an increased number of adviser firms and some customers being impersonated. Most often the legitimate contact has fallen victim to a phishing email, provided their credentials, and the attacker is then using their email account to send fraudulent emails or malicious links and software. It is something to be very conscious of when considering how you interact with your clients, what credential you use for what systems, and whether any credential are ever shared. Where we detect, through monitoring or process checks, any unusual behaviour in yours or your clients’ accounts, we’ll always notify you immediately.
This is an ongoing commitment. Our internal security team work tirelessly to detect and address a wide range of cyber security risks, engaging with industry experts to conduct external testing of our platform and internal networks to further provide assurances that we remain secure. Our robust Supplier Management policy also means due diligence is carried out on all new suppliers before onboarding. And Incident Response plans are in place, so we can respond and recover to arising threats.
Keeping ahead of attackers
Our dedicated compliance function supports and oversees the implementation of data protection policy requirements, and conduct regular risk assessments to make sure controls remain appropriate.
However, we all need to do our bit to help prevent ongoing security threats. Here are some top tips for keeping your organisation resilient to cyber-attacks:
- Provide regular cyber security training to your staff, including how to report an incident
- Be wary of changes in behaviour or approach in how your clients contact and interact with you (most impersonation cases stay in one channel and push urgency)
- Apply security updates
- Check your current cyber-security software is up to date
- Ensure you have up to date contingency plans in place, including backups and incident response plans.
- Remember your regulatory requirements, notifying the FCA or ICO of the incident if personal data has been compromised.
- Stay up to date with the latest threats and mitigation information.
- If you suspect you’ve been breached or your passwords leaked, change them immediately, using sites such as haveibeenpwned.com
- If you have any suspected concerns – do tell us as we are in this together and we can help – we have the ability to block and more closely monitor accounts or activity if we know there is a particularly heightened risk.
- Enable multi-factor authentication (MFA) wherever possible.
What is MFA?
MFA is widely recognised as the best way to protect your company from impersonation attacks. We’ve recently introduced MFA on the Parmenion platform, which increases the security of your accounts significantly and can be set up in minutes.
MFA requires you to provide at least two pieces of evidence to prove your identity, for example using something you have (an app on your phone or tablet) and something you know (username and password) to log in to an account. Using it makes it far less likely that your account could be compromised than with single-factor authentication, where you only need something you know (a username and password) for access.
With MFA enabled, a password alone will not be enough to impersonate you, adding an additional layer of protection for your business and customers. MFA underpins most banking apps, and because it’s been evolving for over 10 years in parallel industries, we’ve been able to learn from their experiences to shape our own implementation.
To learn more about MFA, take a look at our quick guide and speak to your Regional Sales Manager once you’re ready to switch it on.
If you have any specific concerns or queries to raise on cyber or data security and what we can do to help, do get in touch. We’re all in this together.
[1] FCA, Russian invasion of Ukraine: operational and cyber resilience, March 2022
[2] NCSC, UK organisations encouraged to take action in response to current situation in and around Ukraine, Jan 2022
This article is for financial professionals only. Any information contained within is of a general nature and should not be construed as a form of personal recommendation or financial advice. Nor is the information to be considered an offer or solicitation to deal in any financial instrument or to engage in any investment service or activity. Parmenion accepts no duty of care or liability for loss arising from any person acting, or refraining from acting, as a result of any information contained within this article. All investment carries risk. The value of investments, and the income from them, can go down as well as up and investors may get back less than they put in. Past performance is not a reliable indicator of future returns.