Data security

Cybercrime: not just a bedtime story

David Pope advises Compliance Managers about how to deal effectively with data security issues, in general, and cybercrime threats, in particular.

About the author
David Pope is entity and client protection manager at CILEx Regulation.

One of those special moments for any parent is reading a book to their child before bedtime. Currently, my son and I are enjoying the tales of Asterix the Gaul fighting against the might of Julius Caesar and the Roman Empire. Asterix and his friends have a magic potion that gives them their superhuman strength, and so are able to overcome any challenges put in their way. But whilst a magic potion obviously helps,

Asterix is always required to display his cunning and resourcefulness, as not every challenge can be overcome by just brute strength. So, what has the story of Asterix to do with an approach to dealing with cybercrime you may well ask?

Well, often, Compliance Managers seek their own magic potions: cybercrime is sometimes seen just as an IT issue that can be dealt with by one solution: the use of software and technology. Like a magic potion, if you have enough of it, surely it must protect you? Sound anti-cybercrime policies and procedures Now clearly the use of technology, such as fire walls, and anti-virus and anti-spyware software, is vitally important to have in place, and we would always suggest the following:

However, cybercriminals are prepared to be cunning in their approach to gathering confidential information. So, like Asterix, a Compliance Manager is required to show their own resourcefulness in protecting their firm, and that involves all staff in the firm.

The individuals in a firm can be both the strength and the weakness in any firm’s approach to tackling cybercrime, which demonstrates how important it is for a Compliance Manager to have the correct processes and procedures in place to support staff and how important training is in any firm’s strategy.

Criminals will always be looking for that moment when, potentially, a firm’s guard is down: that is why Fridays are targeted for those involved in property transactions. Criminals know that a firm will be under pressure to make sure a transaction completes, and therefore there may be an opportunity to gain an advantage. This will be the moment when the unexpected e-mail lands in an inbox changing bank details.

Staff training on data security matters

So, a Compliance Manager who helps their staff to be alert to threats at all times is very important. Make sure that the question: ‘Does this feel correct?’ is always asked in connection with any use of technology, and this will help staff become a key defence in your firm.

Like Asterix and the magic potion, it is not sufficient for you just to have policies in place: you must put them into effect and train your staff on what they should be doing. Make sure that a regular review features in your risk-planning register. There are some simple things you and your staff can do:

Then, as a Compliance Manager, make sure that you:

When working out of the office, remember:

You should also ensure that your clients help to avoid the risk of an attack. Make sure that you provide advice within your client care information and on your website. This could cover the following issues:

Whilst one hopes that a cyberattack will not happen, the reality is that it could and may well. A report published by the National Cyber Security Centre and the National Crime Agency noted that 188 high-level cyberattacks had been made in the last three months of 2016.1

So, whilst you may not be able to prevent a cyberattack, you should do everything possible to mitigate the risk of a cyberattack being successful. Even those firms involved in providing protection, test their own staff response to an attack.

CILEx Regulation encourages its entities to embrace the various resources that are available to help protect them from attack. Some of these are set out in the two papers on cybercrime and cybercrime resources within the ‘Risk Management’ section of the CILEx Regulation website.

Hopefully, all this will mean that, like Asterix and his friends, you can repel all attacks and have plenty of time for that bedtime story. Good night!

 

1 The cyber threat to UK business: 2016/2017 report, available at: http://tinyurl.com/lyxgewr
2 Visit: http://www.cilexregulation.org.uk/risk-management