Connect with us


Managing third party risk: how to choose the right MSP



By line: Leyton Jefferies, Head of Cyber Security Services, CSI Ltd 


As a financial services organisation, you might think your security is top-notch, but are you sure your Managed Service Provider’s (MSP) is too? In a recent advisory note, the ‘Five Eyes’ intelligence alliance (UK, Australia, Canada, New Zealand and the United States) reported an increase in hostile cyber activities targeting MSPs. They urged MSPs to harden their cyber security practices. The report highlights that downstream risks to clients are likely to occur when an MSP falls victim to cyber vulnerabilities, which could result in an eye-opening digital supply chain attack.

MSPs are vulnerable as hackers use the logic that if they attack, and successfully gain access to an MSP, they will get access to dozens or hundreds of customers. A high-profile supply chain cyberattack involved SolarWinds, a provider of IT management software back in December 2020. The attack involved malware, which spread around all of SolarWinds’ customers via their normal software update. Customers targeted included US Government agencies. A ransomware attack on US MSP Kaseya last year also affected up to 1,500 of its customers. And this year, targeting MSPs resulted in a cyberattack that caused the outage of the NHS 111 service.

Whilst the ‘Five Eyes’ advisory caught headlines as a lesson on hardening cyber security best practices, there’s a strong message that businesses using MSPs must make sure they pick the ones leading by example.

Research by the Department for Digital, Culture, Media and Sport (DCMS) shows only 12% of organisations review the cyber security risks coming from their immediate suppliers. Only one in 20 firms (5%) address the vulnerabilities in their wider supply chain.

The ‘Five Eyes’ advisory makes it clear that MSPs are under increasing attack and need to set an example of what cyber security should look like from the inside out.

So, how can companies assess the cyber security practices of their MSP to ensure they don’t become their security Achille’s Heel?

Leyton Jefferies

Here are the 7 traits you need to identify to be sure your MSP has a strong security stance:  

1. Compliance  

MSPs are now being viewed as essential service providers by the UK Government. Resultingly, its Network and Information Systems (NIS) regulations is now being extended to MSPs. This means that essential service providers will be required to undertake risk assessments and put in place reasonable and proportionate security measures to protect their networks. They must report significant incidents and have plans to ensure they quickly recover from them.

Although strict adherence to the Government regulations will soon be a minimum requirement, you should look for MSPs that can also demonstrate best practice in this area. Certification to a benchmarked standard such as ISO 2001 for information security and ISO 27032 for improving the state of cyber security is one of the best ways to tell that the cyber security plans of your MSP meet the industry standard.

2. CIS Benchmarking 

The Center of Internet Security (CIS) has developed CIS Benchmarks, a set of globally recognised best practices to help security practitioners implement and manage cyber security defences. They exist to help organisations improve their cyber defence capabilities.

CIS also controls the map to many established standards and regulatory frameworks, including the NIST Cybersecurity Framework (CSF) and NIST SP 800-53, the ISO 27000 series of standards, PCI DSS, HIPAA, and others.

3. Depth of knowledge of security issues and tools  

There are a bewildering number of options when it comes to security tools for businesses, but an MSP should have a good understanding of your business and the security issues you face in order to evaluate your needs. Tools can be categorised as:

Email management: To protect against spam, malware, ransomware and identity spoofing and they should also offer encryption, archiving or advanced threat protection.

Advanced Endpoint Protection: This exists to satisfy the needs of a remote workforce and variety of end-user environments. As well as antivirus software, an MSP should also be able to recommend Endpoint Detection and Response (EDR) to identify suspicious system behaviour, block malicious activity and recommend action to restore affected systems.

Web filtering: This includes the use of the Domain Name System to block malicious websites and unsafe content. This can help organisations control what websites employees are using and reduce likelihood of phishing attacks and malware.

Managed Detection and Response (MDR) is a 24/7 threat detection and response offering to protect online operations.

Penetration testing: An MSP should be able to offer you the expertise to carry out advanced pen testing; simulating a cyberattack so that you can better understand the vulnerabilities within your organisation’s infrastructure.

Phishing prevention: Enhancing employee awareness around phishing attacks could be your organisation’s best line of defence. An MSP should be able to understand the specific needs of your organisation and deploy, manage, optimise and leverage security awareness training and phishing simulation techniques to meet them.

4. The ability to connect the dots between disparate tools and skillsets  

A large, disconnected toolkit doesn’t win security battles. Having the expertise to deliver cutting-edge threat detection, response and resolution is how modern enterprises can reduce cyber security risks. An MSP should be able to bridge security gaps and vulnerabilities and offer access to advanced technology and skilled resources.

5. Security that doesn’t sleep (i.e. it’s 24/7 or “always on” and alerted)  

To identify problems before they even occur, an MSP should be able to demonstrate round the clock security provision for your business. The benefit of having an MSP handle your security is that they are free from distraction so they can focus their time and energy on finding indications of threat or compromise. Your partner should be able to demonstrate its ability to continuously monitor for anomalies to ensure risks are reduced and your business is safeguarded.

6. Layering of appropriate technologies (and taking a tech-neutral approach for best outcomes) 

A vendor and technology neutral MSP model – in which the MSP prioritises outcomes above a technology vendor – means that they can focus solely on putting the best interests of your business first. Apply a degree of caution to any MSP that is attempting to drive spend towards one service provider more than any others.

7. Value-add versus simple reselling 

It’s important to review how much value your MSP will provide you as a business. This isn’t simply to do with price or service – although both are important – but it applies to the impact and relationship that it offers you as a trusted partner.

Can your MSP report to you in metrics that matter to you as a business? For example, can it demonstrate the % of downtime it’s preventing or the number of malware attacks its tools are preventing at the weekends or late at night? For an MSP to add value, they need to understand your specific requirements and get ‘under the skin’ of the business.

Your MSP should be able to proactively recommend cyber security services(  from a full portfolio without leaving gaps or vulnerabilities in your overall security posture. For example, a security solution stack should provide a first and last line of defence, as much as route to recovery in the event of a breach. The big question is, does your MSP have the skills and resources available to make sure you win key security battles?

By working with the right MSP, you can not only maintain a strong security posture as a business, but also demonstrate to customers that you take the management of third-party risk seriously.


How can law firms embrace automation and revolutionise their payments?



Attributed to: Ed Boal, Head of Legal at Shieldpay


Once again, AI is dominating international headlines. This time, it’s due to a closed-door meeting this month between tech leaders and US senators to discuss the technology’s regulation.

AI and automation isn’t just for the likes of Big Tech. We’re seeing predictive and automated technologies transform almost every sector and the legal industry is no exception. In fact, recent research from HBR Consulting found that 60% of law departments had implemented a legal data analytics tool last year and more than 1 in 4 indicated they were using AI for at least a single use case.

However, adoption isn’t without its challenges. Reticence remains among some and there’s also the danger of ‘transformation fatigue’ slowing real progress. If law firms want to reap the many benefits of automation – including revolutionising their payment processes –  these challenges need to be carefully considered and thoughtfully addressed.


An area of great opportunity

Often seen as conservative, the legal industry has been gradually warming up to the idea of automation and technology.

While some pioneering firms have been quick to embrace automation tools, others remain cautious about disrupting their established workflows. As we navigate this landscape, it’s clear that certain areas of legal services are ripe for innovation.

One area is contract management. The process of drafting, reviewing, and managing contracts has traditionally been time-consuming and prone to human errors. Automation can alleviate these pain points by streamlining the entire lifecycle of contracts, from creation to renewal, thereby enhancing efficiency and reducing risks.

Another promising domain is legal research. Thanks to advancements in natural language processing and machine learning, legal professionals can now leverage AI-powered research tools that analyse vast volumes of legal data to provide accurate insights and case precedents swiftly.

But, while progress is undoubtedly being made, the legal sector still lags other sectors when it comes to innovation.


What’s getting in the way of progress?

This isn’t always down to a resistance to change. Often, it’s a result of firms spreading their resources too thinly across numerous technology initiatives.

Ed Boal

Attempting to tackle everything at once can result in ‘transformation fatigue’, where the benefits of individual innovations get diluted – leading to frustration and slower progress.

Before legal firms embark on digital transformation projects, a critical first step is introspection. Recognising and acknowledging areas where legacy processes and manual tasks still hold sway is paramount to optimising the impact of automation.

For many firms, archaic practices continue to consume valuable time and resources, diverting attention from higher value, billable tasks. One often-overlooked area is payments.

Legal firms play a critical role in complex transactions, from M&A and real estate deals to litigation and arbitration payments. The associated admin and processes represent a drain of firms’ time and resources. Spanning everything from collating stakeholder payment details and verifying payee identity to ensuring compliance with Know Your Customer (KYC) and Anti Money Laundering (AML) regulation, this adds unnecessary stress for lawyers – who would rather dedicate their time and expertise to their clients’ legal needs.

The repercussions of such time-consuming financial processes reverberate throughout the entire organisation. Administrative burden weighs heavily on the team, affecting productivity and ultimately, the bottom line: recent research from Shieldpay, surveying the UK’s Top 100 law firms, found that almost 1 in 3 (32%) say KYC collection and verification checks take 4-9 working days.

At the same time, firms are exposed to significant financial risk which can make handling client funds a costly endeavour. Not only are they penalised with fines if found to be in breach of stringent client account rules but firms are also subject to hefty premiums for Professional Indemnity (PI) insurance. No wonder 73% of all legal professionals and 90% of junior law professionals are concerned about the risks and time costs associated with holding client funds.


Revolutionising  payment transactions

In short, manual payment processes are more than just an inconvenience for modern law firms. They can damage relationships with clients – who have come to expect a fast, painless and automated payout experience in a digital world – and impede revenue generation by tying up top talent in an endless cycle of paperwork and (unbillable) admin.

So how can firms take the pain out of legal payments?

Fortunately, new payment technologies have emerged as a formidable ally. Third-party payment providers offering solutions for law firms, such as escrow and paying agent services for specific transactional deals, or more embedded payment solutions such as managed accounts (TPMAs) – i.e. outsourced client account functions – offer secure and instant transactions, while prioritising transparency and automation.

TPMAs operate as an escrow payment service in which the third-party – a licensed external payments partner – receives and disburses funds on behalf of a firm and their client(s).

With advanced encryption ensuring data security, working with a regulated payment partner means legal professionals and their clients can engage in financial transactions with peace of mind – while law firms benefit from improved operational efficiency.

And the advantages don’t stop there. Enhanced transparency builds a sense of confidence and trust, while the elimination of manual data entry and repetitive tasks allows legal professionals to devote more time to legal services and fostering stronger relationships with their clients.

AI and automation has much to offer the legal sector. But its adoption must be carefully planned in order to avoid transformation fatigue that risks stalling progress altogether. With typically shallower pockets than Big Tech giants, it’s important for law firms to focus their efforts on specific areas that could benefit from automation, rather than rush to overhaul their entire way of working, all at once. This controlled phase-out is the key to avoiding adoption frustration, seeing a real impact on profits and productivity and setting firms up for real, lasting change.

Continue Reading


In-platform solutions are only a short-term enhancement, but bespoke AI is the future



By Damien Bennett, Global Director, Principal Consultant, Incubeta


If you haven’t heard anyone talking about artificial intelligence (AI) yet, then where have you been? Conversations about AI and its advantages to society have been a key talking point over recent months, with advances being made in the generative AI race and ChatGPT opening a whole plethora of possibilities. Many have highlighted the advantages of AI, but notably it’s ability to create human-like content.

But these discussions have only scratched the surface of what AI is capable of doing. It is for far more than just essay writing, adding Eminem to your rave and photoshopping dogs into pictures.

In marketing, we have been using AI for years, for everything from analyzing customer behaviors to predicting market changes. It’s enabled us to segment customers, forecast sales and provide personalized recommendations, having a huge impact on how our industry works.

It is even, for the more savvy marketers of the world, becoming a key tool in maximizing budget efficiency – which is apt, considering over 70% of CMOs believe they lack sufficient budget to fully execute their 2023 strategy.

Now, as AI becomes more intelligent, the number of efficiencies it can unlock continues to rise. Not only can it help brands get the most out of their available resources and identify any areas of waste, but it can also help highlight new opportunities for growth and maximize the impact of your budget allocation.

The trick, however, is to veer away from the norm of using in-platform solutions with a one-size-fits-all approach and create your own, bespoke solutions that are tailored to your business needs.


Pitfalls of in-platform solutions

In-platform solutions aren’t by any means a bad thing. In fact, built-in AI tools have become increasingly popular, owing to their ease of integration, user-friendly interfaces and minimal set up requirements. They come pre-packaged with the platform, offering the user the ability to leverage AI technologies without the need for in-depth technical expertise or the upfront cost of building a solution from scratch.

However, the streamlined and accessible nature of in-platform AI solutions comes at the expense of complexity and customization. They are designed to serve a broad user base, but for the most part are built using narrow AI solutions with predefined features and workflows.

This makes them great for assisting with common AI tasks, but they lack the flexibility to tailor functionality towards unique business requirements or innovative use cases, limiting the potential efficiencies and cost savings that can be unlocked. Additionally, if a business’ competitors are using the same platform, they are probably using the same AI solution, meaning any strategic advantage gained from these will be reduced.

Bespoke AI solutions, on the other hand, may carry a higher initial investment – but can offer a significantly more attractive ROI over a short amount of time.


Why customized and adapted AI is the key

The difference between bespoke AI and in-platform solutions is similar to that between home cooked food and a microwave meal. Yes, it is more time consuming to prepare, and yes it likely carries more of an upfront cost, but the end result is going to be far more appealing and will carry more long-term value (financially… not nutritionally).

That’s because bespoke solutions, by nature, will have been tailored to address your brands specific needs and challenges. These custom-built tools allow for much greater efficiencies by streamlining workflows across different channels, automating more complex tasks, and providing deeper, more relevant insights.

The increased level of optimization can significantly improve productivity and reduce operational costs over time, offering a higher ROI. The increased flexibility of bespoke AI also allows brands to implement innovative use cases that can significantly differentiate them from their competitors.

The data analyzed can be specifically chosen to match business requirements, as can the outputs of the AI tool, providing a significant advantage when understanding and acting on the insights provided.

Additionally, these tools are, by nature, more scalable. They can be updated, upgraded and expanded as needs change, ensuring they continue delivering value as the business grows. They can also be designed to integrate with any existing IT infrastructure, from CRM systems and databases to marketing platforms and sales tools – leading to more efficient and effective decision-making.


Managing finances with AI

It’s no secret that AI in marketing automation has, and will continue to, revolutionize the way marketing is done. It has a bright, if slightly terrifying, future and can help CMOs to unlock new efficiencies, maximize the impact of their budgets and increase their ROI. And as this technology becomes more advanced, its impact will only increase.

But we already know that…and so does everyone else.

So, in order for businesses to make themselves stand out from the crowd , they must look to fully adopt the power of AI. Creating a customized and unique AI solution could be the way to set yourself apart from your competitors. A bespoke AI tool can provide brands and businesses with features unique to them and their business needs. As a result, companies will benefit from more useful data and better results to make more data-driven decisions for their business. Ultimately, this will help brands to maintain a competitive edge over their competitors, deliver ROI and most importantly optimize their budgets.

Continue Reading



Business19 hours ago

How can law firms embrace automation and revolutionise their payments?

Attributed to: Ed Boal, Head of Legal at Shieldpay   Once again, AI is dominating international headlines. This time, it’s...

Business2 days ago

In-platform solutions are only a short-term enhancement, but bespoke AI is the future

By Damien Bennett, Global Director, Principal Consultant, Incubeta   If you haven’t heard anyone talking about artificial intelligence (AI) yet,...

Business3 days ago

Exploring the Transformative Potential and Ethical Challenges of AI in Wealth Management

Nuno Godinho, Group CEO of Industrial Thought Group   In recent years, the advent of AI has sparked both excitement...

4 common myths about the role of open source in financial services 4 common myths about the role of open source in financial services
Banking3 days ago

Are SaaS platforms challenging banks for a piece of the payments pie?

Attributed to: Ralph Dangelmaier, Global CEO of BlueSnap   The finance industry is at a tipping point with software firms...

Banking3 days ago

Emerging technology will power long-term sustainability within the UK banking industry 

By Peter-Jan Van De Venn, VP Global Digital Banking at Hexaware Mobiquity.   Sustainability has been a big focus for...

FinTech Trends In 2022 FinTech Trends In 2022
Business3 days ago

Is your business suffering with Fintech FOMO?

Tom Kiddle, Chief Commercial Officer at Equals Money   It’s a challenging time for businesses of all sizes, but the past three...

Banking3 days ago

The Future of Banking: Streamlined Cash Management for ATMs

Gaetano Ziri, Innovation Manager, Auriga   “Maintaining free access to cash for the community demands robust strategies to mitigate the...

Top 103 days ago

Can AI revolutionise wealth management?

~ The benefits of AI when collecting and analysing financial data ~   Global fintech company Finder reported that around...

AI and machine learning AI and machine learning
Finance3 days ago

Where is the value in generative AI for financial services?

Michael Conway, Executive Partner, Data, AI and Technology Transformation Service Line Leader at IBM Consulting   The New York Times...

Technology3 days ago

Connecting the security dots with cyber fusion 

Anuj Goel, Co-founder and CEO at Cyware  Against the backdrop of Russian-based hacktivists declaring war on Europe’s financial systems, the...

Business3 days ago

Exploring the symbiotic advantages of SoftPoS for merchants and consumers

By: Brad Hyett, CEO at phos by Ingenico   Amid the dynamic shifts that have come to define today’s fintech...

Finance4 days ago

Investing In Bitcoin: What You Need To Understand Before You Buy

Bitcoin—the digital currency that launched a financial revolution—is more than a trending investment. This decentralized currency, free from traditional banking...

News6 days ago

How the LEI Can Help Financial Institutions ‘Address’ a Growing Challenge in ISO 20022

The vast complexity and inconsistency of address formats globally presents significant challenges for financial institutions. In this blog, GLEIF’s Head...

Banking7 days ago

Building towards an inclusive financial future

By Catharina Eklof, CCO of IDEX Biometrics    From the visually impaired to displaced migrants, the unbanked, and people living...

Business1 week ago

Euro deep tech M&A deal value expected to reach $20bn+ in the next 15 months

Written by Oliver Warren, Associate at DAI Magister   Investment in European deep tech has mirrored the broader decline in...

Business1 week ago

Why ESG Investing Is Becoming More Important

Author: Urtė Karklienė, Sustainability Manager at Oxylabs   Environmental, social, and governance (ESG) term was first mentioned in a 2004...

Banking1 week ago

Preparing banks for digital transformation

By Joman Kwong, Strategic Solutions Manager, Financial Services at Laserfiche   Today, digital transformation is imperative for every industry. After...

Finance1 week ago

The critical tech to deliver personalised digital financial experiences 

Jay Sanderson, Senior Product Marketing Manager, Digital Experience at Progress   Providing customers with outstanding digital experiences is now a must...

Banking1 week ago

Bank-fintech partnerships can shape the future of cross-border payments

Steve Naudé, Head of Wise Platform   People and businesses are more interconnected than ever. In today’s global economy, international...

Business2 weeks ago

DORA Compliance in Financial Organisations: What You Need to Know

Nick Hogg, Director of Security Training, Fortra   The regulatory landscape is tightening for European banking, financial, and insurance institutions....