Connect with us

Business

Why financial services should prioritise data security

Source: Finance Derivative

Rick Goud, Co-Founder & CIO, Zivver

In recent years, a wave of cyber attacks, data breaches and leaks have pursued businesses in the financial sector. A report from the NCSC found that 39% of UK-based businesses had a cybersecurity breach or attack in the last 12 months, with the average cost of a cyber attack on a business being £13,400. For firms in the financial services sharing hyper-sensitive data, the potential fallout from a data breach or leak can be even worse.

When strategising for data loss prevention in email, the focus for IT leaders traditionally remains on incoming and malicious attacks, leaving finance organisations open to the leading cause of data incidents. According to ICO reports, these are most commonly non-cyber related issues.

The global shift to remote and hybrid working has seen businesses move en masse to cloud services, remote access tools and collaboration apps. The way we work has fundamentally changed, and our reliance on digital communications, including email, is greater than ever. However, in the rush to implement these tools, companies may have overlooked security challenges, configured their settings incorrectly or used free tools with questionable security features. Due to this, as digital communication links have rapidly developed in the last year, so too have the number of vulnerabilities that cyber criminals can exploit. To close these gaps, the financial services industry need solutions which combine secure technology with watertight email practices.

Employees have adapted to working from home; however, with our days busier than ever, it’s inevitable that, occasionally, mistakes will happen.

Did you know that most email users are sending around 30-40 emails a day? Now think about the fact that the wealth management sector in particular deals with extremely confidential, high-profile and/or high net worth proceedings. Those 30-40 emails could contain information relating to a client’s savings, investments, income, and financial commitments.

Securing outbound communications

Every financial institution needs secure methods of sending emails and transferring files to customers or other contacts, even if they rely heavily on customer portals. Whether it’s a bank sending out statements to clients, an insurance company offering online consultations, or a notary sharing documents with other parties for an estate transaction, companies everywhere are increasing their use of digital communication channels.

But built-in security of email platforms fails to deliver sufficient protection against these ‘outbound’ email-borne security breaches. Likewise, many employees do not know how to recognise emails sent with malicious intent and take action, opening new opportunities for inbound threats missed up by the platforms’ shields and filters.

High-value fraud attempts via business email compromise (BEC) continue to make it through O365’s native security solutions, leaving firms more exposed to data breaches. These organisations often hold as much personal information, corporate data, customer information and financial data as banking institutions, despite having smaller budgets or a smaller headcount on their security teams to ensure their digital perimeters are secure. In fact, research revealed only 31 percent of smaller family offices had implemented cyber security measures, versus 60 percent of larger operations.

The fact is that most of today’s security solutions focus on threat protection and are built to keep ‘inbound’ risks – malware, phishing attacks, and spam – at bay, as these are consistently viewed as the biggest risks to email security. But when it comes to misdirected emails (reported by The ICO as the number one non-cyber security incident faced by businesses in the finance, insurance, and credit sectors) it is clear that data loss via human error or more insidious insider threats are security risks that are consistently overlooked.

It’s not enough to focus solely on inbound threats and keep the attackers from coming in; businesses need to ensure they prevent sensitive data being accidentally or maliciously sent out. But why aren’t existing email security solutions doing this?

Popular email service providers may have outbound email filtering rules – but these are often too rigid to adapt to evolving ways of working, and often depend heavily on IT teams having to constantly update and configure them.

Financial institutions will always remain a prime target for cybercriminals, in part because of the massive amounts of personal identifiable information stored in their databases. At the same time, threats evolve, that’s why firms everywhere should review their data security protocols and, where necessary, invest in effective tools to ensure that sensitive information can be safeguarded at all times.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

Why it’s risky for financial firms to rely on mobile device authentication

Source: Finance Derivative

Niall McConachie, regional director (UK & Ireland) at Yubico

Using mobile phones to sign into online services can offer people a sense of security and convenience. However, when their devices are damaged, lost, or stolen, they can quickly experience why relying on mobile authentication methods is not the best choice when it comes to protecting their online identities.

Despite this, many financial firms and institutions in the UK continue to encourage their customers and employees to use this form of digital authentication when accessing sensitive data. With cyber attacks being the most cited risk to the UK financial system, it is important that leaders understand the increased risks that they take on with continued use of ineffective authentication and poor cyber hygiene practices.

Limitations of mobile devices and passwords

Aside from being easily lost, stolen, or broken, the effectiveness of mobile-based authentication can be limited depending on the user’s location. For example, depending on where the mobile devices are being used, people may not have the reception needed to authenticate into an account. Additionally, they could be locked out of their accounts simply due to the device’s battery running out. However, even without these issues, mobile devices still pose considerable cybersecurity risks.

Indeed, findings from our recent State of Global Enterprise Authentication Survey, show that mobile SMS-based authentication (20 percent), push authenticator apps or mobile one-time passcodes (OTPs) (23 percent), and passwords (23 percent) are believed to be the most secure forms of digital authentication by UK respondents. As financial firms use these methods so often, it is understandable why customers and employees would come to this assumption. However, this is a misconception.

While any form of authentication is better than none, passwords and mobile-based authentication methods – including SMS verification, OTPs, and digital authentication apps – are all vulnerable to many modern cybersecurity threats. These include SIM swapping, phishing, password spraying, man-in-the-middle (MitM) attacks, and ransomware attacks which can all lead to possible data breaches, imposing serious consequences on UK financial organisations.

Improved cyber hygiene practices and training for employees

According to the survey, the primary ways that UK employees signed into their business accounts were with usernames and passwords (53 percent), mobile SMS-based authentication (24 percent), and push authenticator apps or mobile OTPs (19 percent),  indicating that UK employees are not choosing the best form of authentication methods. These practices leave their accounts easily compromised by bad actors. 

Additionally, it is important to note that no authentication solution can be fully effective in mitigating emerging cyber threats if used alongside poor cyber hygiene practices, which play a significant role in reducing an organisation’s cyber resiliency against external threats.

Overall, it appears that UK organisations are not properly enforcing best-practice cyber training amongst their internal staff. Findings show that only 42 percent of respondents are required to go through frequent cybersecurity training. The report also revealed significant lapses in employees’ cyber-hygiene practices. For instance, over the previous 12 months, UK respondents admitted to using a work-issued device for personal use (49 percent), allowing their work-issued device to be used by someone else (33 percent), not reporting a phishing attempt (31 percent), having an account reset due to lost or forgotten credentials (58 percent), and using a personal device for work (58 percent).

These poor habits should be concerning for finance firms because if an employee uses a personal device for work, bad actors can compromise that device and use it as a point of access to target their employer. As 73 percent of UK respondents claimed to have experienced a cyber attack in their personal lives within the previous 12 months – this and other similar scenarios are highly possible.

Moreso, the combination of weak authentication methods and poor digital habits make organisations especially vulnerable to cyber attacks which can directly target their customers, employees, and third party partners as well. Therefore, better cyber hygiene practices should be enforced on a regular basis to protect organisations fully and effectively from emerging threats.

Benefits of alternative authentication methods

For finance businesses looking for alternative methods, it is important to note that there are some forms of multi-factor authentication (MFA) and two-factor authentication (2FA) that are more robust than others. For example, some require users to authenticate with either a hardware security key or identity credential that is unique to the individual user like a fingerprint. With the help of FIDO protocols – globally recognised standards of public key cryptography techniques to deliver stronger authentication – stronger authentication methods like these provide users with a seamless experience when accessing their digital accounts by removing the need for passwords or mobile devices.

The National Cyber Security Centre (NCSC), recommends hardware-based security keys as a phishing-resistant solution against modern cyber attacks. In addition, a growing number of global companies and UK banks have implemented passwordless authentication. Apple, Barclays, Co-operative Bank, Google, HSBC, Microsoft, NatWest, Twitter, and the US Government are just a few reputable organisations which have opted for passwordless authentication.

Customers and staff should not be solely responsible for adjusting their own cybersecurity practices. It is also up to organisations to enhance their digital security by implementing phishing-resistant passwordless solutions. Whether using biometric identifiers or hardware security keys, these solutions are more effective and user-friendly than conventional authentication methods. They also offer robust authentication across multiple devices and accounts, reducing the number of times a user needs to sign in. However, most importantly, implementing business-wide passwordless solutions helps to reinforce an organisation’s security posture and significantly decreases the risk of emerging attacks.

Mobile-based authentication, OTPs, and passwords are some of the most widely used authentication methods but are not the most secure. As the finance sector continues to prioritise passwordless authentication, this will likely change customers’ and employees’ perceptions of what secure authentication truly is. Ultimately, providing users with the most secure authentication possible should be a top priority. With it, financial firms can experience the long-term benefits of improved data security, better user experience, and considerable ROI.



982/750 word minimum

Continue Reading

Business

Unlocking the Power of Data: Revolutionising Business Success in the Financial Services Sector

Source: Finance Derivative

Suki Dhuphar, Head of EMEA, Tamr

The financial services (FS) sector operates within an immensely data-abundant landscape. But it’s well-known that many organisations in the sector struggle to make data-driven decisions because they lack access to the right data to make decisions at the right time.

As the sector strives for a data-driven approach, companies focus on democratising data, granting non-technical users the ability to work with and leverage data for informed decision-making. However, dirty data, riddled with errors and inconsistencies, can lead to flawed analytics and decision-making. Siloed data across departments like Marketing, Sales, Operations, or R&D exacerbates this issue. Breaking down these barriers is essential for effective data democratisation and achieving accurate insights for decision-making.

An antidote to dirty, disconnected data

Overcoming the challenges presented by dirty, disconnected data is not a new problem. But, there are new solutions – such as shifting strategies to focus on data products – which are proven to deliver great results. But, what is a data product?

Data products are high-quality, accessible datasets that organisations use to solve business challenges. Data products are comprehensive, clean, and continuously updated. They make data tangible to serve specific purposes defined by consumers and provide value because they are easy to find and use. For example, an investment firm can benefit from data products to gain insights into market trends and attract more capital. These offer a scalable solution for connecting alternative data sources, providing accurate and continuously updated views of portfolio companies. Using machine learning (ML) based technology enables the data product to adapt to new data sources, giving a firm’s partners confidence in their investment decisions.

But, before companies can reap the benefits of data products, the development of a robust data product strategy is a must.

Where to begin?

Prior to embarking on a data product strategy, it is imperative to establish clear-cut objectives that align with your organisation’s overarching business goals. Taking an incremental approach enables you to make a real impact against a specific objective – such as streamlining operations to enhance cost efficiency or reshaping business portfolios to drive growth – by starting with a more manageable goal and then building upon it as the use case is proved. For companies that find themselves uncertain about where to begin their move to data products, tackling your customer data is a good place to start for some quick wins to increase the success of the customer experience programmes.

Getting a good grasp on data

Once an objective is in place, it’s time for an organisation to assess its capabilities for executing the data product strategy. To do this, you need to dig into the nitty-gritty details like where the data is, how accurate and complete it is, how often it gets updated, and how well it’s integrated across different departments. This will give a solid grasp of the actual quality of the data and help allocate resources more efficiently. At this stage, you should also think about which stakeholders from across the business from leadership to IT will need to be involved in the process and how.

Once that’s covered, you can start putting together a skilled team and assigning responsibilities to kick-off the creation and management of a comprehensive data platform that spans all relevant departments. This process also helps spot any gaps early on, so you can focus on targeted initiatives.

Identifying the problem you will solve

Now let’s move on to the next step in our data product strategy. Here we need to identify a specific problem or challenge that is commonly faced in your organisation. It’s likely that leaders in different departments, like R&D or procurement, encounter obstacles that hinder their objectives that could be overcome with better insight and information. By defining a clear use case, you will build a real solution to a challenge they are facing rather than a data product for the sake of having data. This will be an impactful case study for your entire organisation to understand the potential benefits of data products and increase appetite for future projects.

Getting buy-in from the business

Once you have identified the problem you want to solve, you need to secure the funding, support, and resources to move the project ahead. To do that, you must present a practical roadmap that shows how you will quickly deliver value. You should also showcase how to improve it over time once the initial use case is proven.

The plan should map how you will measure success effectively with specific indicators (such as KPIs) that are closely tied to business goals. These indicators will give you a benchmark of what success looks like so you can clearly show when you’ve delivered it.

Getting the most out of your data product

Once you’ve got the green light – and the funds – it’s time to put your plan into action by creating a basic version of your data product, also known as a minimum viable data product (MVDP). By starting small and gradually enhancing with each new release you are putting yourself in the best stead to encourage adoption and also (coming back to our iterative approach) help you secure more resources and funding down the line.

To make the most of your data product, it’s essential to tap into the knowledge and experience of business partners as they know how to make the most of the data product and integrate it into existing workflows. Additionally, collecting feedback and using it to improve future releases will bring even more value to end users in the business and, in turn, your customers.

Unlocking the power of data (products)

It’s crucial for companies in FS to make the most of the huge amount of data they have at their disposal. It simply doesn’t make sense to leave this data tapped and not use it to solve real challenges for end users in the business and, in turn, improve the customer experience! By adopting effective strategies for data products, FS organisations can start to maximise the incredible value of their data.

Continue Reading

Business

HOW SMALL BUSINESSES CAN FIGHT BACK AGAINST POOR PAYMENT PRACTICES

Source: Finance Derivative

SMEs across the UK are facing a challenging economic environment and late payments pose a severe challenge to maintaining cash flow. Here, Andrea Dunlop, managing director at Access PaySuite, explores the challenges facing small and medium sized businesses, the risks that late payments carry, and what can be done to secure timely payments, in full.

It’s estimated that UK businesses are currently owed more than £23.4bn in outstanding invoices. For all businesses, managing the outward flow of products and services with a steady incoming cash flow is a fine balance – with unexpected disruptions and complications capable of causing catastrophic problems.

Late and delayed payments have been identified as a significant challenge for SMEs – an issue that has scaled over recent years. In fact, in its latest report, the Federation for Small Businesses (FSB) stated that the UK is “almost unique in being a place where it is acceptable to pay small businesses late”.

The FSB also states that this “will remain the case without further action” and, as such, has called for government action to put a stop to these damaging trends.

Andrea Dunlop

Small businesses form a vital part of the economic ecosystem – in 2022, it was estimated that 99% of UK businesses were SMEs – so poor payment systems not only present a very real threat for individual businesses, but for the UK economy as a whole.

Despite this strong case for urgent action to be taken, changes to legislation can be a slow process and, in the face of ongoing economic pressure, small businesses need more immediate solutions.

Although businesses are at the liberty of their customers and clients, there are a number of actionable steps SMEs can take to increase the rate of prompt and complete payments.

The impact of late payments for SMEs

Published in Q4 2022, research published by the ICAEW demonstrates that around half of invoices issued by small businesses are paid late.

More often than not, small businesses operate within a chain of regular suppliers and customers. These chains can include multiple business links, stretching across sectors and regions. As a heavily interwoven ecosystem, if one ‘link’ in the chain is damaged by late payments and unreliable cash flow, the delays can quickly escalate and create a domino effect of complications across the whole system.

With a lack of consistent income, SMEs are more likely to be prevented from paying their overheads and suppliers on time.

As late payments add up and push multiple businesses into a negative cash flow, the problem can continue to snowball.

Simply put, extended periods of unreliable and heavily reduced payments put whole supply chains of companies in very dangerous financial positions – especially as running costs remain high.

Combined, the complexities arising from late payments and the vast scale of the issue,  demonstrates a clear need for systemic change.

Current government action

At the end of January, the government published a review of the reporting of payment practices first introduced in 2017 .

This review stated that the government is committed to “stamp[ing] out the worst kind of poor payment practices within the business community”.

The 2017 Payment Practices and Performance Regulations require all large UK companies to report publicly on their payment policies, practices and performance, to ensure accountability.

Following its review, a new consultation has been launched, seeking the opinion of business owners on current regulations – asking whether this existing policy should extend beyond its current expiry date, 6 April 2024. This consultation is part of a wider examination of payments in the UK.

Delving into issues including the emotional and psychological impact of late payments on small business owners – as well as analysing how banks and technology can help – the government’s review is a welcome development, but SMEs need to take more immediate action to strengthen their payment processes.

What can SMEs do?

With the government consultation finalising at the end of April, the future of the payment landscape in the UK will soon be made clearer – but what actions can SMEs take to immediately strengthen their payment processes?

For many SMEs, payment systems are low down the list of priorities, and the fear of disruption or additional costs can lead many to turning a blind eye to problems with their existing systems. But, with challenges around cash flow increasing, investing in a flexible and comprehensive payment system could be an incredibly worthwhile investment.

Issuing regular invoices takes a lot of time, and when working across different clients with different payment frequencies invoicing can lead to unnecessary complexities.

Instead, systems that enable customers to set up direct debits ensure payments are completed on a set date, reduce additional paperwork and still allow bespoke schedules for each client or customer to be arranged.

In many SMEs, missed payments can easily get lost in piles of paperwork and human-error can result in problems down the line. When using digital payment systems, should a missed payment occur, automated capabilities ensure the issue is flagged, and any outstanding challenges can be resolved in a timely manner.

With payments and invoicing automatically managed in a centralised database, countless hours that would otherwise be spent on repetitive and laborious administrative work are saved.

As well as reducing the amount of staff time spent managing processes and tracking financial activity, a reliable payment system delivers benefits for customers too, and contributes towards greater service and boosting brand loyalty.

In the coming weeks and months, new government guidance should clarify legislative expectations for businesses regarding payments. But, with smart investment in specialist software solutions, our country’s vital SMEs can take the necessary safeguarding steps to boost payment security and thrive through this tough financial time.

Continue Reading

Copyright © 2021 Futures Parity.