Following the recent co-ordinated mass cyber attack using ransomware that caused havoc in many organisations, particularly parts of the NHS, what can financial advisers do to minimise the risk of falling prey to scammers and cyber criminals?

We asked Intelliflo, whose Intelligent Office software is used by 16,700 financial advisers, paraplanners and administration staff, for their top five tips.

Give staff security awareness training

Good security starts with people and it’s vital you train your staff about the risks associated with cyber crime. For example, one of the most common ways of security being compromised is via phishing emails.

A personalised email is very likely to be opened. If the email appears to come from a friend or a trusted brand, it encourages people to click on the links in that email. Once opened, it is like opening a gate into your business.

Your online security is only as strong as your weakest member of staff.

Password protect everything

Encryption is the simplest form of security and one that almost everybody uses every day in the form of passwords. Surprisingly many people do not password protect all of their devices. Passphrases with uppercase, number and special characters are most secure. For example, using the first line of a song like the Elvis classic, Suspicious Minds, could appear as Imc@ught1n@tr@p.

Employ two factor authentication

Two factor authentication is a simple but highly effective method of securing the login point of your employees and colleagues. It is proven to reduce instances of attack since it dissuades casual hackers from trying to breach it.

Use offsite back-ups or cloud services to avoid being held to ransom

Ransomware attacks, such as those that hit major organisations recently, are not generally about the theft of data, rather they are about profiting through disruption. Backing up data is essential. Back-ups need to be offsite and stored so that if your office is breached an attacker cannot reach them and encrypt them too.

You can get the same benefit by using cloud based services as there is a gap between your office IT and the underlying system storing your important data. You need to have complete separation between where you staff access the internet and their email and where you store client data.

By using cloud services, you benefit from the huge investment providers make in to security like the UK Ministry of Justice, who recently migrated to Amazon Web Services.

Invest and plan for the worst

Threats to data mean that you need to invest in taking steps to protect your clients and your business. At Intelliflo, we spend around 10% of our turnover on cyber security.

Keeping your software up to date is imperative. Any chinks in your armour, often exposed by out of date and compromised software, can be exposed.

Assume that your data will get hacked. What happens in this scenario? Who will make the decisions?

How will you liaise with clients? How will you meet forthcoming regulations such as the General Data Protection Regulation (GDPR) which comes into force on 25 May 2018?

All breaches will have to be reported to the regulator within 72 hours, so how will you handle this?

The correct procedures need to be in place before an attack, not made up on the hoof once your online security has been compromised.