Effectively managing your cyber risk
Cyber attacks on businesses are on the rise and data reports show that financial services and insurance industries are the majority targeted.
Monday, December 19th 2022, 6:24AM
by Kerry Meadows-Bonner
Of all reported incidents, 91 occurred in the quarter ending March 2022 and given the increasing digitization of financial services, the need for financial services to become more digitally safe and litigating the risk is more prevalent than ever.
Minitech director, Leo Moloney- Geany- an expert in IT solutions in the financial sector says information in cyberspace needs to be split into three things: identity, devices and data.
“Are you touching your client’s data, admin, or someone else? Who, what, where and when- that will tick the regulatory box, but so many across this industry don’t do that. They have their own personal email address, then you’ve got a breach and reporting data breaches is not fun.”
He says having to do that process because of shared staff credentials is not a good look in an audit trail and neither is letting consulting contractors access client’s data from their own devices.
“Having a device management policy process and a two factor authentication is vital because devices have multiple different bodies that work on that one system with no way to separate it.”
However, having the right kind of devices and digital ecosystems is just as important. Maloney-Geany says it’s important to have set security expectations on devices and remember not everything is fit for purpose.
“ If you have Huawei, please replace it or don’t use it for business. They are wonderful devices, but they’re not secure. Apple is the best. example here. All of you who have ever owned an Apple device will find things start to randomly slow down and the battery dies. When that happens, that’s apple doing it on purpose in the background.”
Under the privacy act, data is owned by the client and advisers are the custodians of that information. Currently there aren’t many rules as to what can and can’t be done with that data- although you can’t sell data without permission and the information that is there must be protected and kept safe.
Maloney-Geany says when choosing third party data providers it's important to choose the right one and the mistake that people make is thinking that their systems are safe because of anti-virus software.
“Your antivirus is one piece of a very large and complicated project and you have to get all those pieces working together. To get that correct, you have to get your device management right.”
He says there has to be some way of litigating the risks and choosing which risks to accept because having that well rounded defense comes back to advisors being custodians of clients data and making good or bad decisions on their behalf.
“The only way you can be digitally safe is if you’re using paper. The main thing with digital defense is picking one that does everything. Microsoft ecosystem is king and comes second in almost everything next to the other top ecosystem, Apple.”
He says just like clients need a financial advisor, financial advisers need good digital providers.
“Things will change dramatically in the coming years and we have to keep up with the party.”
« The rise of the digital investor | Tough times ahead for NZ economy: Nikko economist » |
Special Offers
Comments from our readers
No comments yet
Sign In to add your comment
Printable version | Email to a friend |