Keeping your clients' information secure

For intermediaries only

Anthony Rafferty, managing director of Origo, looks at the rising threat to advice firms from data breaches and suggests some simple but effective actions that can be taken to reduce business risks

Incidences of cybercrime and data breaches are on the rise. As businesses have developed their digital capabilities and usage, so too has the world of crime.

This type of crime is now big business for criminals around the world, who can target companies and individuals thousands of miles away from where they are located.

Speaking at the Personal Investment Management & Financial Advice Association's (PIMFA) annual Financial Crime Conference earlier this year, Commissioner Ian Dyson of the City of London Police stated that"75% of all fraud crimes reported are cyber-enabled - it's now a lot easier than robbing a bank and the rewards are far greater".

Unfortunately, these types of statistics are being reported more and more frequently, which is why global business spend on cybersecurity is expected to double this year to £136bn.

While it is the breaches of larger companies that tend to hit the news headlines, the danger to smaller businesses from cybercrime is as acute, with reports in late 2019 that 43% of cyber attacks were aimed at small businesses.

Smaller businesses tend to have less sophisticated security measures in place and often have less time and money to dedicate to staff training and education, which can make them easier targets for cyber criminals.

The good news, if one may call it such, is that many of the data breach incidents reported to the Information Commissioner's Office (ICO) were not cybercrime but rather the result of human error, with information being incorrectly disclosed either by being posted or emailed to the wrong person. Which, of course, is within our control to significantly reduce and eradicate.

When it comes to sending personal data through the post and by email having documented policy, procedures and monitored processes, can go a long way to preventing errors of this kind. Regular awareness and training sessions of staff both in terms of recognising potential cybercrime threats as well as the impact on the business should a breach occur, not least from a regulator perspective, can help reduce incidences.

Having security measures in place in respect of email, such as using military-grade encrypted email when sending personal and sensitive information to and from clients, can help better keep our data and communications secure.

On a practical level, email encryption secures against hacking, enables authentication to ensure the right person has accessed the information, and provides an audit trail for security and regulatory purposes. 

Using it puts in place a secure process to tackle the human error breaches that can occur via email.

In addition, it can be clients, individuals and third-party businesses, who are the weakest link in the chain. Having clients respond to emails and send information via a secure channel such as encrypted email with built-in authentication, increases security for adviser firms.   

The areas of weakness have been compounded during the Covid-19 crisis as businesses have had to set up new ways of remote working at a pace which has not always allowed for effective cyber security arrangements to be put in place.

If, as many predict, home working will become a greater part of the UK's business operations post Covid too, ensuring robust data security and secure communications will be essential for any company.

We are operating now in a world where disclosure of information is a threat on many levels - including regulatory - to providers, financial advisers and their clients alike.

Taking preventative measures, such as increasing staff awareness, implementing formal training and taking sensible precautions such as encrypting our emails, needs to become the norm if companies and individuals want to reduce risks to the business and for clients when personal and confidential information is being exchanged.


This article was written by Anthony Rafferty from Professional Adviser and was legally licensed through the Industry Dive publisher network. Please direct all licensing questions to