Staying safe online
Megan Chester
7 August 2023Firstly, what is Cybercrime?
Cybercrime is a criminal activity which targets users of computers, tables, mobile phones and computer networks to make a profit. Cybercrime is generally carried out by ‘hackers’ who, using their technology skills are able to gain access to people’s personal details and private accounts. They can use this information to assume people’s identity and gain financially from doing so.What does the FCA have to say about staying safe online?
The FCA expects that all firms should have systems, controls, and processes in place to protect their consumers and the markets they operate in from risk. The FCA separates firms into different types of groups called ‘portfolios’ based on their business models. Each group is supervised and managed according to key drivers of harm. One of those key drivers of harm, which features across all of these portfolio groups, is the potential for fraud. The risk of fraud, both in terms of having inadequate systems and controls and risk management frameworks and firms not being fully aware of the threats from cyber-attacks will lead not only to greater client detriment, but the overall loss of integrity of the financial services industry. The FCA expects that firms should be aware and up to date with cybercrime attacks, including the latest scams, and be able to defend themselves effectively by responding proportionately to cyber incidents.
Under Principle 11, firms must disclose to the FCA anything relating to the firm of which the Regulator would reasonably expect notice which includes making them aware of any cyber incidents, and where any customer harm occurs as a result of an attack.
Find out more using the links below:
Okay, so how does this relate to marketing and how do I stay safe online?
Obviously, it’s not a one size fits all, but we’ve listed some things that we think will help both in your marketing and your business practices.Be careful what you share on social media
Hackers can target you with a sophisticated phishing campaign from information you’ve posted on both social or professional networking sites. Say you post on LinkedIn that you would really wish you had got tickets to the latest Fleetwood Mac concert and the next day you received an email that you had won tickets to the concert in a competition (that you don’t remember entering). Use extreme caution when clicking any links, from someone you know or don’t and if something seems too good to be true, it probably is.Privacy is key
It's also a good idea to take off any personal contact details from your social media accounts to avoid getting any unwanted spam emails. Do you need your personal or company email address on your LinkedIn account? Not really, you are still able to contact people through the messaging option on the account and give this information out if needed.Finally, think about the risks before posting something
For example, have you posted about a new partnership you have with an amazing company that you will be working closely with, and then received an email from someone at this company you’ve never met and who is asking in-depth questions? Have you posted on LinkedIn that you had a great time at the Christmas party and then received an email from the “CEO” asking you to buy gift cards for all the staff as a Christmas gift? Both of these could be legit occurrences, but always verify before you trust and proceed with caution on any interactions!Some final top tips!
Wherever possible, use Multi-Factor Authentication (MFA) on all your accounts, including all social accounts – making your account more secure massively reduces the risk of potential hackers gaining access!Using different passwords across your accounts reduces the likelihood that all your accounts will be hacked. You could use a secure password manager, as you will be able to have different, more complex passwords across your accounts without having to remember them all.
Stay up to date! Hackers aren’t always trying to steal your information, they can sometimes be looking to see if you’re using a computer that hasn’t been ‘patched’. Patches are software and hardware updates and address security vulnerabilities on your computer - for example, a security hole or a weakness found in a software program or operating system. By keeping these updated, you can avoid any system weaknesses.
Please be vigilant at all times and exercise caution to help keep your business, and your customers, safe. You may be interested in our Strategic Partner, Mitigo, who specialise in cyber risk management for the financial services profession. They can review your cyber security policies and controls and provide operational resilience, data security and legal and regulatory compliance.
