Connect with us

Business

WAYS TO KEEP YOUR HYBRID WORKPLACE SECURE FROM THE IRREVERSIBLE DAMAGE OF A CYBER ATTACK

Published

on

By Alex Bransome, CISO at Doherty Associates, specialists in managing and securing cloud services in the finance sector.

 

recent in-depth study into 3000 UK firms and 2000 employees commissioned by our team at Doherty Associates found that 42% of the financial and legal firms questioned including those in private equity, investment and asset management, said their firm was inadequately protected against the cyber risks of hybrid working.

At the same time, one in five of the firms admitted that a major cyber attack could significantly cost their business at least £10 million or more in irreversible damage such as through loss of sensitive information, corporate and confidential data, due to a GDPR breach or fine, and long-term reputational damage to the firm.

Yet hybrid working is here to stay for over half of the firms we spoke to, despite being more vulnerable than ever to a cyber breach. A recent BBC poll on 50 of the biggest employers in Britain, including investment firms JP Morgan, Rathbones and investment bank VSA Capital, said they had no immediate plans to bring staff back to the office full-time.

And you can see why flexible working is the preferred choice for both firm and employee, as over a third of the finance and legal professionals we spoke to said that they found it easier to win new business and close deals when working from home.

However, a more flexible, hybrid scenario is creating increasingly complex cyber security challenges as employees move between different set-ups, in different places, using different devices.

 

More than one front door

With employees working outside of the office, using a blend of personal and company devices, finance firms no longer have a single ‘front door’ to protect but a multitude of entry points to secure against cyber criminals.

While it remains the case that most information leaks out by accident, the chances of this happening increases with more employees working from home, as the ‘attack surface area’ extends out to every device being used, no matter who owns it. At the same time, cyber criminals are finding ever more sophisticated ways to target remote employees, with finance an increasingly attractive target due to the high value of transactions.  What’s more, it seems a high number of employees working remotely are experiencing cyber or data breaches unknown to the firm.

 

It’s the unknown you need to worry about

52% of the finance and legal firms we interviewed said their organisation has yet to experience a cyber attack or data breach since transitioning to remote working since the first UK Covid-19 lockdown back in March 2020. Yet, a quarter of employees said they had been the victim of a data breach or caused one themselves since working remotely, one in seven had experienced a phishing attack or similar, and 42% admitted to emailing confidential client information or unencrypted attachments.

The difference between how many firms are detecting breaches compared to the reality of them occurring suggests that employees are not reporting all of the mistakes they make. It also shows that firms are still in need of a well-rounded cyber security programme that incorporates protective, detective and responsive solutions, if they are to keep their information, people and workforce safe.

It’s not the tip of the iceberg you need to worry about. It’s the bit you can’t see underneath. Underestimating the risks and vulnerabilities that come with home and hybrid working could prove costly.

 

Reinforce your moats to protect your castles

Many firms appreciate that a single ‘castle and moat’ perimeter defence approach – where employees are protected within the boundaries of the office firewall – is no longer fit for purpose in a hybrid workplace. However, some are struggling to keep up with the fast-moving challenges that blended working brings, but there are steps your firm can put in place to safeguard a firm’s ‘borderless’ network.

  • Improve your cyber hygiene and widen your security perimeter to protect those working outside the office

Cloud-based technologies such as Data Loss Prevention and Information Protection can help protect against data leakage. Ensure that all internet facing systems have multi-factor authentication, so employees keep their identity secure while working remotely, and restrict the use of personal devices.

Use software that ringfences and encrypts all the corporate data on a mobile or ‘bring your own’ devices as this means the corporate data can be wiped if the device is lost or stolen without this affecting any personal data – such as family photos – if the device is then found or recovered.  Also using disk encryption to protect all data on company devices such as laptops, will mitigate the risk of it being lost or compromised if the device is stolen.

Ensuring though that no company information is shared via personal cloud storage platforms where documents can easily be forgotten, and just as easily hacked, is also advised.

  • Conduct a cyber risk assessment at least every six months to improve your security posture

This will identify and address any critical vulnerabilities, gaps or compliance issues. An assessment should involve identifying your most important/critical assets; identifying any weakness/vulnerabilities in those assets, or in how they are used or accessed, assessing the likelihood of a risk materialising; and finally identifying controls to help address the identified risks, to reduce risk to an acceptable level.

  • Carry out regular cyber awareness training

Over a third of the financial professionals in our poll say they’ve had no cyber training since working from home from the start of the pandemic despite the fact that they are now using different software and platforms to collaborate as well as a mix of personal and work devices.

Building in regular comprehensive cyber security awareness training for every employee is critical to safeguarding against any vulnerabilities, weak spots or compliance breaches.

It should most importantly clearly convey your organisation’s approved methods of working, communicating and sharing data. Beyond this, user awareness should cover the end user security best practices and how to spot common attacks such as phishing, plus phishing assessments to actively test and measure awareness levels across the organisation.

Empowering employees with the knowledge to identify threats in real-time can become a firm’s greatest security asset so making cyber security training a ‘must’ and not just a nice-to-have is critical in this new era of hybrid working.

Your firm is only as safe as your weakest link but cyber savvy employees, robust cyber security measures, and a strong cyber defence system will keep both firm and workforce safe and secure no matter where they are.

 

Business

Four ways traders can manage risk

Published

on

By Dáire Ferguson, CEO at AvaTrade

 

Understanding the markets in which you are trading is incredibly important to optimising profit, as well as manging risk and loss. While trading can be incredibly lucrative, it can often be difficult to judge which way the market will move – especially when executing shorter-term traders, where unknown factors can cause unexpected movements. Being aware of the risks is vital to avoid unnecessary losses and to optimise the trading experience.

Dáire Ferguson

There are several techniques that can be employed to make sure the risks associated with trading are controlled, rendering the trading experience smoother and more enjoyable. From beginners to experts, having these tactics in your arsenal will enable traders to be savvier, and more confident.

 

Understanding the risks

To really be able to manage risk, it is imperative to understand the two types of trading risks.

 

Leverage

Leverage is where traders stake only a percentage of the value of the underlying asset they wish to trade on but accept exposure to the full value of the profit and loss that comes with the asset’s price changes. This enables traders to take sizeable positions for comparatively less trading capital, thus providing an opening for big wins and substantial rewards.

However, with this comes the risk of similarly significant losses. As an example, if a trader opens a £100 trade on an asset worth £1,000, using leverage of 10:1, this means that if the assets value increase by 10 per cent, the trader’s money will be doubled. But if it drops by just 10 per cent, the trader will lose all their stake. This balance of high risk and high reward necessitates careful management. Leveraging typically applies to purchasing and trading contracts for difference (CFDs).

Volatility

Volatility is characterised by unexpected fluctuations in the prices of assets and is defined as the rate at which pricing rises or falls given a particular set of returns. Volatility applies to all assets, but the regularity and size of price changes differs hugely across different asset groups. In fact, in some markets, volatility is actually predictable. The cryptocurrency market is well known for its fluctuations, characterised by frequent and, often, significant changes in price.

There are scenarios in which volatility can be desirable for some traders as it fosters greater profit margins. However, it also sharply increases the potential for large losses. Nevertheless, there are a number of ways to spot incoming market fluctuations. These include economic volatility, geopolitical tensions, and changing policies.

 

Managing the risks

 

Choose the right broker

So, what can traders to do manage these risks? The first step is to choose the right broker. Having the right broker can go a long way to limiting the risks that come with trading, including managing counterparty risk. For example, when you purchase CFDs, you are purchasing a contract with a broker – not the asset itself. Therefore, traders must be 100 per cent certain in the knowledge that the broker they’ve chosen to operate with is capable of making good on the value of that contract.

Traders who are just starting out on their trading journey should look to open a trading account with an established name that is well regulated in a variety of jurisdictions. Higher-quality brokers will generally have a wider range of risk management tools and offer better features, which will allow traders to manage the buying and selling of assets in a better, more sophisticated manner.

 

Take out protection on riskier trades

For new traders, or those who are looking for extra support, it is worth considering taking out protection against losses for a set period of time. Certain brokers offer risk management tools that provide thorough protection against such losses. These tools generally require just a small fee, not unlike the premium on an insurance policy. These risk management tools allow users to stay in the trade, riding out any short-term drops in value and benefitting from a positive overall momentum of the position. Therefore, if the market moves in a different direction to what was originally expected, users only lose the cost of purchasing the protection and can recover their losses.

 

Set-up stop-loss orders

Another form of protection against losses is through a stop-loss order. This is an instruction that is executed automatically when certain conditions are met. Therefore, stopping losses from falling below a certain point, and setting a limit on how much an investor can lose on a trade. In the case of a stop-loss order, the position is sold at a predetermined rate – below the current market price for a long position, or above the current market price for a short position.

Stop-loss orders remove the user from the trade at a set price drop. In comparison, risk management tools allow the user to ride out any short-term drops in value, with the potential to benefit from a positive overall momentum of the position.

 

Manage the capital-to-trade ratio

One simple way traders can reduce the risk of accumulating excessive losses is to keep their capital-to-trade ratio under control. This is the amount of capital left exposed to losses in trades compared to the total amount of capital traders have available to themselves.

A sensible rule for traders to follow is to not exceed a capital-to-trade ratio of 10 per cent, and not to risk more than two per cent of the overall capital on a single trade. This doesn’t mean always taking very small positions – it means traders should hedge their risks on whatever positions they choose to take.

It is important that before traders even begin to trade, they make sure that they understand the risks they face. Once they have taken the time to do that, they can begin to contemplate these four ways to manage those risks and then start trading. This is an exciting time to be entering the world of trading, and these considerations should ensure that the trading experience is as enjoyable and profitable as possible.

 

 

 

Continue Reading

Business

Out of office, home and away, moving up, moving on; when security goes AWOL

Published

on

By

Steve Bradford, Senior Vice President EMEA, SailPoint 

 

The financial services industry has one of the highest rates of insider data breaches, costing on average $21.25 million in the past year alone. Whether it’s an employee acting with malicious intent, or through accidental data mishandling, staff have access to sensitive information and systems that make them a constant vulnerability. And this threat only escalates when staff go on the move.

With the summer holiday season upon us, thoughts will be turning to well-deserved time off, travel and downtime. However, for many, especially in the financial industry, the notion of waiting until the summer months to sample a new life was not feasible. In the period following Covid, the industry has suffered at the hands of the Great Resignation as burnt-out employees left for new roles. As a result, research from PwC suggests that financial services leaders have had to prioritise employee retention amid the swathes of staff exiting.

This exodus is not just a threat to the workforce itself. It also results in greater threats to resilience, security and compliance. Ensuring that the doors to the organisation’s data are appropriately locked behind them is vital whenever employees are on the move. When a staff member leaves a bank or financial institution, security leaders must ensure they have not inadvertently handed over the keys to the safe as a leaving present. Revoking any and all access and privileges to company data must be a priority.

 

Don’t leave the door ajar 

Disorganised, ill-managed and manually-processed access requirements and identity management protocols are an open invite for security breaches.

However, it is not just those leaving for good that pose a threat. Recently promoted your long-serving payroll manager to a longed-for role in financial oversight? That positive move could result in entitlement creep, where the permissions to data, apps, information and systems she enjoyed in payroll follow her to her new home.

Permission creepers are those staff who collect permissions and access rights as they go through their career, picking up credentials to systems and data as they go. Of course, to restrict the opportunities for hacking, insider threat or illegal or incompliant activity, permissions should only be granted when relevant and required for an individual’s job. However, too many companies allow permissions to creep by not taking a proactive approach to access. This can result in toxic permissions combinations, where employees are granted inappropriate access to the systems, making fraud and error far more likely.

Even a simple summer holiday can provide an open-door opportunity. We are all conscious about signaling to would-be home burglars that we are going away on holiday, and we will take steps to protect our property in our absence. The same principle applies to businesses with staff out of the office on vacation – potentially logging in from insecure locations or signaling to cybercriminals that their attention is elsewhere.

The results of leaving the door ajar are costly. According to the IBM Cost of a Data Breach Report 2021, the average cost of a data breach in the financial sector is $5.72 million.

Permissions creep, unrevoked access and unmanaged identity provide the perfect conditions for the insider threat to propagate. As Gaurav Deep Singh Johar, of the Information Systems Audit and Control Association explained, “While these challenges are present in any institution, insider threats pose a greater risk for banks. There is a big reputational impact, thanks in part to increasing regulatory oversight.”

 

Don’t let permissions security set sail into the sunset

Financial organisations are complex landscapes, with labyrinthine corporate structures and siloes that cast a dark shadow over access and identity visibility. However, identity security technology is moving fast. Now, automated systems powered by AI and machine learning mean that permissions can be automated and access granted on a need-to-know basis, based on individuals’ employment status, roles, and responsibilities.

An automated system will quickly track down and disable ex-employees’ accounts and automatically halt permissions creep as employees move about the organisation.

The same technology can now also be even more diligent than that, monitoring access requirements based on any change in the workforce, like people being out of the office.

The evolving variety and fluctuating workforce mean that the insider threat can only be met with automated, streamlined identity security that moves as quickly as employees themselves. Without intelligent, streamlined identity governance, banks cannot ensure they are in a state of compliance, nor ensure cybersecurity in real-time. They also miss out on opportunities to improve operational efficiency and reduce the risk of fraud and error. Automation also ensures the accuracy and completeness of data sets so critical for keeping on top of compliance and delivering critical services.

As financial workforces are on the move, home and away and to pastures new, now is the time for banks to give identity security its time in the sun. Do not let shifting sands collapse the walls around you. Wherever your employees are coming from and going to, robust security and sustained compliance start with automated identity management.

 

Continue Reading

Magazine

Trending

Business20 hours ago

Four ways traders can manage risk

By Dáire Ferguson, CEO at AvaTrade   Understanding the markets in which you are trading is incredibly important to optimising...

Top 101 day ago

Pro Tips To Consider Before You Decide To Refinance Your Vacation

Refinancing debt is when you attempt to apply for a new loan or debt instrument. The goal is to get...

Finance1 day ago

The Rise of the Modern CFO: A Leader for the Information Age

Adam Zoucha, Managing Director, FloQast EMEA   Financial management is one of the oldest professions in the world, and for...

Business1 day ago

Out of office, home and away, moving up, moving on; when security goes AWOL

Steve Bradford, Senior Vice President EMEA, SailPoint    The financial services industry has one of the highest rates of insider...

Top 101 day ago

Looking to the future: How the insurance sector can meet new customer demands

By James Harrison, Head of Insurance at Dun & Bradstreet   It’s been over two years since the pandemic began,...

Business1 day ago

How IT optimisation can reduce costs and increase efficiency for businesses

by Alan Hayward, Sales and Marketing Manager, SEH Technology   In today’s digital world, business success is centred around technology....

The data literacy gap The data literacy gap
Business1 day ago

How Strong Customer Authentication can Prevent Cart Abandonment

Sham Careem, Telecom Solutions Consultant, Infobip   In 2020-21, UK residents and businesses lost over £2.5bn to fraud and cyber-crime....

News1 day ago

OneID® is now a certified Digital Identity Service Provider (ISP) under the UK Digital Identity & Attributes Trust Framework (DIATF)

OneID® is now a certified Digital Identity Service Provider (ISP) under the UK Digital Identity & Attributes Trust Framework (DIATF)...

News1 day ago

Lack of corporate disclosures forces asset managers to cast a wide net for ESG data

Buy-side financial services firms using an average of close to ten ESG sources today   More than seven out of...

Business1 day ago

Why mid-sized businesses are the driving force behind global B2B payment innovation

By Spencer Hanlon, Head of Europe, Nium   Change is coming to global B2B payments, and it is being heavily...

Business2 days ago

Finance brands need a new approach in the Privacy-first era

By Richard Wheaton, UK MD of global data company fifty-five   Trust is a brand value that pertains to every...

Finance2 days ago

Why You Should Work on Your Financial Literacy

Ebo Aneju   A lack of financial understanding plagues our society. Most people have very little understanding of finances, which...

Business3 days ago

A new beginning for financial services B2B marketing

Michael Richards, Managing Director, alan agency   Financial services B2B marketing is dead. A bold statement with B2B ad spend...

Finance3 days ago

Boosting Blockchain Security with Graph Technology

Dan McGary is Senior Sales Executive for Mid-Market Enterprise East at graph database leader Neo4j   As blockchain-backed cryptocurrencies become...

Business3 days ago

Need a business broadband package? Here’s what you need to know

Author: Kerry Fawcett, Digital Director at Radius Payment Solutions   Does your business have a broadband supply that is speedy,...

Finance3 days ago

Double and triple extortion tactics cornering financial services organisations

By Ian Wood, Senior Director and Head of Technology, UK&I at Veritas Technologies   Ransomware continues to keep those in...

Banking3 days ago

How are Variable Recurring Payments set to revolutionise the future of banking?

Sean Devaney, Vice President of Banking and Financial Markets at CGI UK   The adoption of Variable Recurring Payments (VRP)...

Top 103 days ago

Energy Storage Represents Latest Investment Opportunity in the Clean Energy Transition

Alan Greenshields, Director of Europe, ESS Inc.  The ongoing transition to clean energy has spurred new technologies, new markets and...

Business4 days ago

Innovate UK £25 million up for grabs: July deadline approaching

By Emma Lewis, Myriad Associates   The latest instalment of Innovate UK’s SMART grant competition was launched in April and...

Business4 days ago

Is telephone Hot Desking really needed anymore?

By Simon Horton, VP of International Sales at Sangoma   The world of work has totally transformed as we all...

Trending