The finance industry is facing a rapid period of change as the result of disruptive tech, regulatory changes and the economic landscape. But how will this impact the ways financial institutions function internally? What can companies do to manage their brand and reputation? And what will this mean for employee engagement and recruitment in the future? Our series will explore these questions and offer solutions –and in our final post of this series, we’ll discuss how to use internal communications to reduce the risk of cyber attacks in your organisation.
Whenever I leave my house, I always make sure the windows are shut, and all of the external-facing doors are locked. I do it without thinking; it’s an integral part of my going out routine, and so far it has proven to be effective. My apartment has never been burgled, and – fingers crossed – this habit will continue to deter would-be thieves.
Ensuring windows and doors are locked when a property is vacant is common sense: I’m sure everyone reading this would feel their heart rate increase dramatically should they realise that, heaven forbid, they’d left the patio door open. An open door is, after all, a welcome invitation for burglars.
However, while we are all vigilant when it comes to keeping our homes safe, many of us have a far more lackadaisical approach to ensuring valuable electronic data and documents remain beyond the reach of bad guys. A failure to utilise adequate security practices when it comes to computers is, quite simply, the digital equivalent of leaving one’s kitchen window on the latch before heading off on holiday.
Looking after sensitive information need not be difficult, but it is absolutely essential, and all businesses – large, small and everything in between – must do all they can to avoid cybercriminals. With the internet playing a fundamental role in how companies operate, taking the right steps to ensure your organisation is protected has never been more crucial.
The finance industry’s predicament
When it comes to finance companies, cyber threats appear to be far more prevalent than in any other sector. According to a report produced by Accenture and the Ponemon Institute, the rate of breaches amongst financial services firms has tripled over the last five years. And, on top of that, the report claims that ‘cyberattacks have a greater financial impact on the financial services industry than on any other’.
Falling victim to cybercrime can not only result in drastic financial implications, but can seriously damage reputations. So, with that in mind, what should finance companies be doing to limit losses and avoid infiltrations, and how damaging can such digital attacks be?
According to research carried out by Beaming, cybercrime costs UK businesses in the region of £29.1 billion annually. And, while that is a staggering amount of money, there are other statistics that are even more astounding.
Beaming research also found that in 2017, the average UK business was subjected to around 231,028 internet-borne cyber-attacks. That’s approximately 633 attempts each and every day, which is an absolutely astonishing number.
Speaking in the wake of these remarkable findings, Sonia Blizzard, managing director of Beaming, said:
“2017 was the worst year yet for cyber-attacks on British businesses, whose IT security systems are under constant pressure from hackers and malicious computer scripts seeking to exploit any vulnerability. With most attacks targeting relatively simple devices, it is possible many companies are already infected and don’t know about it.”
Given the prevalence of these digital assaults, and the fact that only one need be successful to put a company at risk, it is vital all businesses understand not only the associated dangers, but where businesses are particularly vulnerable, how threats can be mitigated, and how firms can ensure all employees are clued up on the dangers.
Where are you vulnerable?
More often than not, visiting only secure websites, downloading material from places that are trustworthy, and installing sufficient security software, will be enough to repel the vast majority of cyber-attacks. However, it always pays to remain attentive, especially when it comes to things that can easily slip under the radar, such as opening emails.
One of the most common ways that a fraudster will attempt to infiltrate a company is via an email. This is often referred to as a ‘phishing’ scam. Such emails will encourage the recipient to click a link or download a file, often by declaring it to be something that it isn’t. And, while most of these emails are written in a way that is amateurish and, therefore, immediately suspicious, criminals are becoming far more adept at creating scams that, on the surface, appear trustworthy.
If you have an IT manager, ensure they keep on top of not only protecting your company’s systems, but of alerting employees should they become aware of threats or scams that could evade firewalls and antivirus software. Have a content strategy in place that will allow them to update employees on progress and procedures at regular intervals – perhaps quarterly – within regular internal communications documents, such as newsletters.
Remember, it just takes one misjudged click to infect an entire network, and potentially generate numerous complications.
Invest and assess
Getting the right security software is vital. This is a pretty basic statement, but that doesn’t mean its importance should be watered down. Investing in anti-virus software, ensuring manufacturer updates are installed when prompted, and running regular tests to find – and subsequently vanquish – threats, is computer protection 101.
Education and the value of internal comms
Internal communications can be the difference between ensuring an employee refrains from opening a virus-ridden email, and them downloading a document that infects a company’s entire computer network.
It is important that all members of staff be made aware of what a cyber threat is, and what to do should they suspect that a hacker is at play. This means educating everyone during their onboarding sessions, but also making them aware of changes or particular hazards as and when they arise in real time. And this – with regard to the latter point especially – is when internal comms becomes indispensable.
Companies are most vulnerable when employees are unaware of protocol, or can be hoodwinked into committing an action that works in the cybercriminal’s favour. And, the more employees your company has, the more avenues a hacker has to attempt to exploit.
By remaining alert, keeping employees updated regularly, and letting them know who should be contacted if they ever become suspicious, attacks can be kept to a minimum, and in a lot of cases eradicated entirely.
Getting the message right
If you’re having difficulties when it comes to getting messaging spot on, or knowing how best to communicate serious dispatches to employees or stakeholders, we’re here to help. We’ve worked with numerous clients – from Shell to NatWest, Government agencies to technology giants – to help them deliver complex and multifaceted communications campaigns, and now we want to assist you.