Technology  

Three steps for better data security

Three steps for better data security
Data security is an issue that can affect firms of any size, and a matter that advisers need to take seriously. (Envato Elements)

Data is taking on a new importance as the world becomes increasingly digital and interconnected.

Businesses can now access more information than ever before and improved analysis is helping to drive insights and decision-making that deliver better, more suitable products and services for customers, increase efficiency and reduce costs.

However, with the explosion of data comes increased risk, especially in financial services where we work with sensitive and confidential information every day.

Article continues after advert

There is the physical threat of losing data through device theft, but also the growing issue of cyber security.

Government figures show that more than a third of businesses (39 per cent) suffered a cyber breach in the last year, with the number rising to more than half (54 per cent) within the finance and insurance sector. 

The problem is not limited to big businesses either.

The government found that more than a third (36 per cent) of micro-businesses with one to nine employees have identified or experienced a breach, and the same goes for almost half (48 per cent) of small firms with 10 to 49 employees.

When you set that against the finding from cybersecurity expert CrowdStrike that it takes just 84 minutes on average for a criminal to enter and move through your network, it brings home the very real risk posed to data security from cyberattacks. 

It is an issue that advisers need to take seriously, and there are several steps you can take to improve the resilience of your organisation.

Implement a strong data security policy

Documenting your processes and procedures is a crucial first step in increasing your data security.

This starts with understanding the type of data you hold and where it is held.

At this stage, you might discover that staff are using non-corporate devices and storage, termed ‘shadow IT’ by the National Cyber Security Centre, for work purposes. 

These could compromise any security measures you put in place and will need to be addressed by ensuring your team has access to the right equipment to do their job.

Once you know what data you hold, you can establish rules around who can access different information, how they can access it and how it can be transferred.

Introduce controls using multi-factor authentication limiting access, especially for systems that hold personal or sensitive data, to specified individuals.

Analysis by Nordpass found that password was the most common password in 2022, which was used almost 5mn times, followed by 123456, used 1.5mn times.

Both passwords would take less than one second to crack.

Using multi-factor authentication, which combines different security measures, like a password and biometric verification (fingerprint scanning, or voice or facial recognition), a PIN or authentication tool, will be far more secure than a password alone.

You also need to set the procedure to follow if the firm experiences an attack or data breach, with clear reporting lines for the initial incident including when you are required to communicate to clients, regulators and any other stakeholders.