The financial services industry is frequently targeted by fraudsters who attempt to acquire client information and gain access to investment and bank accounts. In recent months, we have intercepted a number of fraud attempts on clients’ accounts. Assessing the external and internal risks within your business can help you understand where your vulnerabilities lie and prevent your clients’ information and investments from being compromised.
How to protect your business against external risks
Digital transacting has made doing business more efficient, but it has also created new avenues for fraud. Cybercriminals are proactive and constantly looking to exploit their potential victims’ blind spots. There are a number of simple steps you should take to protect your business and clients.
Secure your software with timely updates: Regularly upgrade your antivirus and security software on your devices, as hackers often exploit vulnerabilities associated with outdated software. Most antivirus and software products will prompt you via a push notification when updates are available to be installed. Some applications offer you the option to automatically install new updates.
You should also keep your firewall updated to shield your devices from malicious network traffic. This will filter and block unnecessary outside traffic.
Activate two- or multi-factor authentication: Add an extra layer of security by activating two-factor or multi-factor authentication across all your applications, including your email accounts. If a hacker obtains any of your passwords, they will need to penetrate an additional layer of authentication to access your accounts.
We have enabled two-factor authentication on all Allan Gray Online accounts. This requires a second verification step: All users associated with your business will need to enter a code which will be sent to their mobile device as they log in.
Use strong, unique passwords: Regularly change passwords to minimise the impact of your passwords being compromised. Many data breaches occur because the same passwords are reused across multiple systems.
The longer the password, the harder it is to crack. Consider using passphrases instead of passwords. Passphrases are longer combinations of words or phrases that are easier to remember but harder to crack.
You can use a password manager to generate strong, unique passwords for all accounts. Many password managers also remind you to update your passwords periodically.
Be aware of phishing scams: Phishing, or “smishing” when it is done via SMS, is a common method used by fraudsters to trick you into revealing personal information. Be cautious of emails, SMSs or phone calls requesting your information or directing you to click on a link. Avoid clicking on links or downloading attachments from unfamiliar sources.
Before clicking on any links, hover over the link to see the address. If it differs from the URL text in the email body, it may be a phishing threat. Type URLs directly into the browser rather than clicking on links. Most antivirus software packages include anti-phishing add-ons.
How to protect your business against internal risks
Unfortunately, sometimes your biggest vulnerability sits within your business. It is important to remember that your colleagues have sight of your processes and may be able to identify loopholes – if they intend to defraud your business or your clients. Fortunately, there are a few things that can be done to mitigate this.
Avoid sharing logins among multiple users in your business: Protect your accounts and devices from unauthorised access. Once you share your login credentials, you have no control over who uses them, how they use them or who they share them with. This weakens password security, increases the risks of data breaches and makes it difficult to audit individual user actions.
Avoid sharing your Allan Gray Online credentials with any member of your business. You are able to grant online access to a member of your business by using the Adviser Online Authorisation form. It is also important to make sure that you regularly review the users associated with your accounts to ensure that only active employees have access. By providing each employee in your business with a separate Allan Gray Online login, you can ensure that employees who exit your business no longer have access to your clients’ information.
Implement robust hiring and training practices: Running background checks on potential employees during the hiring process and repeating this exercise on an annual basis is a relatively inexpensive way to gauge whether they have been involved in dubious dealings, are “high risk” or are under any financial duress. By implementing a sound background checking process, you can better assess and mitigate internal threats to your business.
It is also important to equip your employees with enough knowledge and ongoing training to recognise phishing and other cyber-related threats.