Cyber crime is one of the biggest threats we face these days, but if you’re in the financial services sector, it’s safe to say the threat level rises somewhat.
Unfortunately, that’s to be expected; you deal with valuable data, and that’s exactly what cyber criminals want to get their hands on.
The good news is that the FCA is well aware of this. It’s why they publish an annual ‘industry insights’ document to help you sure up your defences.
The only problem is that it’s a pretty chunky document. But don’t fear – we’ve rifled through it and can summarise the most important points, below.
It’s all about good governance
The FCA’s latest cyber security guidance starts by talking about putting “good governance in place”.
They really do have a point, because this is where financial firms stand the best chance of building a cyber security model which is inherently part of the business.
There are three practices to consider:
- A top-down approach: cyber risk should be on your board meeting agenda. Executives in the business need to be educated via regular workshops and the best management information should be readily available.
- Simplicity: use plain language when it comes to cyber security – avoid the jargon which inevitably comes with this type of thing. And, while you’re at it, recruit ‘champions’ (i.e. existing members of staff) who deeply understand the inherent risks.
- Knowledge of the bigger picture: who is likely to target your business? Do you understand how the controls you’re implementing mitigate risk?
The latter is particularly important. The bigger picture is aided by some existing frameworks which will help you create good practices and controls, including Cyber Essentials and ISO/IEC 27001.
“One view is the wrong view”
You deal with valuable data – we’ve already identified that – but do you know exactly what you need to protect?
Modern financial businesses are complex, and cyber criminals know that. It’s why you need to be one step ahead of them in knowing what you need to be keeping out of harm’s way.
The FCA suggests that “one view is the wrong view”. They talk about the need to consider assets from “multiple perspectives and draw in data from many sources”.
This starts by creating and maintaining a list of the data you hold, and there’s thankfully some great GDPR-related guidance on how to do this. It’s important to make a list of suppliers and the connectivity you have between your partners – both aspects will indicate the type of data you need to protect and the path it takes through your business.
Protect, protect, protect
You’ve heard about ‘protecting your assets’ before, but what does that mean, exactly?
According to the FCA, it comes down to five strategies:
- Training investment
Cyber security changes almost daily. A one-off approach to training in this area does not work. Book regular cyber security training which is targeted at each role within your business.
- Keep tabs on your third-parties
Remember that every interaction you have with a third-party supplier or partner will in some way impact your cyber security risk. Review every contract you have to ensure you know what your position is.
- Always use encryption where available
Data encryption exists for a reason. Whether it’s to protect internal WhatsApp messages or secure data stored on the cloud, make sure it’s turned on.
- Be aware of your vulnerabilities
Every business has data weaknesses. It’s a continuous exercise to identify your own, but an essential one. Start by mapping out your digital footprint; how far does your data travel? It could be further than you expect.
- Make cyber security part of any change you make
As a financial business, you’ll go through lots of changes as you grow and adapt to an ever-changing market. When any form of change takes place, make sure cyber security is part of the process.
Worried about the complexity? Don’t be…
It’s understandable if the FCA’s advice suddenly heightens your nerves over cyber security. To be honest, that’s one of its aims – but it does so in an incredibly valuable way.
We’ve picked out some of the most important aspects of their latest guidance in this blog, but it goes deeper, and we’d be happy to share it with you. If that sounds helpful, just get in touch with the Compex IT team to discuss all things cyber security.
Get our new book created to help financial service business owners protect themselves and their clients posted out to you today
