A further increase in cyber attacks is expected in 2023. Smaller companies have also been targeted by cyber criminals. The devastating consequences range from financial losses to criminal charges and permanent reputational damage. This blog post provides you with practical tips on how to reduce the risk of hacking attacks on your trust company.
The days when mainly large corporations and private individuals were hacked are over. SMEs are also increasingly affected by cyber attacks, as the insurance company AXA writes in a blog post. The Swiss SME landscape is aware of the danger: In the CEO survey “CEO Survey 2022” by the consulting firm PwC, 100 percent of the CEOs surveyed in Switzerland stated that they considered cybercrime to be a business risk. According to a PwC study, the average loss for a medium-sized company in this country amounts to around six million Swiss francs. In addition, there is reputational damage, the long-term consequences of which are often difficult to assess.
What cyber threats are currently lurking? In addition to well-known attacks such as phishing and ransomware, security experts also warn against fileless attacks. This rather new form of cyber attack uses tools and functions that are already present in the victim’s environment. They do not rely on file-based usage data and in most cases do not generate new files on the affected devices and systems. Distinguishing between the malicious use of integrated system tools as opposed to their many legitimate automation and scripting uses is not infrequently a huge challenge for traditional security solutions.
Reading tip: In this blog post, you can read about what cyber threats fiduciary companies will need to protect themselves from in 2023.
Partially digitised processes make fiduciary companies vulnerable to data loss
Data is sometimes referred to as the most important currency in the digital world. Cyber attacks and associated data losses cost billions of dollars worldwide every year. If your clients’ data falls into the wrong hands – whether intentionally or accidentally – there is the threat of a permanent loss of trust, fines and sanctions. Fiduciary companies are currently particularly at risk of losing valuable data in the event of a hacker attack. Many fiduciary companies have linked their document management system (DMS) with accounting software through an interface. This allows the two systems to communicate with each other. However, this poses security risks: Since DMSs are often not cloud-based, files stored in a DMS are not automatically stored in a cloud online. Software breaks between digital and automated solutions therefore make it more likely that files and data will be lost in the event of a hacker attack, system failure or loss of the work device.
Smart fiduciary software can significantly simplify data storage and data backup in your fiduciary company. All relevant data is kept on a secure platform that only you and authorised employees can access. You define access rights so that you always have control over who can view and edit data. The platform provider normally takes all the basic security measures, takes care of backups and creates an IT emergency plan (disaster recovery) so that no customer data is lost even in the case of perfidious hacker attacks or natural disasters.
Attention: Many international platform and software companies have their headquarters in the USA, where access to company data is possible without judicial control by means of the Patriot Act. In Switzerland, however, this is not permitted. Therefore, when choosing fiduciary software, make sure that all data is stored in Switzerland. Arrange a free live demo of the Swiss fiduciary software Accounto here, where your data is safe.
Cyber security: checklist for your trust company
Sometimes, however, cyber criminals identify security vulnerabilities not in applications, but in process flows or employee behaviour. In recent months and years, there has been an increase in the number of compromises of business processes. Cyber-attackers exploit systemic vulnerabilities and human errors.
Below is a compilation of easy-to-implement measures to improve cyber security in your trust company. It does not guarantee 100% protection against cyber attacks, but if your team follows all the points in the checklist, the risk will at least decrease.
- Do not store company credit card data on work devices and do not write down important passwords on pieces of paper lying around the office or that you carry around with you.
- Store sensitive data only on password-protected platforms and systems.
- Create complex passwords that include lower and upper case letters, at least one special character and numbers. Form a mnemonic device so that you can easily remember the password and do not have to write it down or store it anywhere.
- Do not use the same password for all systems and applications.
- Do not give out login details to external people. If you are asked to give out a password by work colleagues or the IT team, make sure that it is actually the person behind the request. Contact them through an additional channel.
- Define strict access rights for your systems. Only give employees the rights they need. This reduces the likelihood of users infecting business-critical applications, data and services with viruses due to a lack of caution.
- Do not open links from unknown senders.
- Read e-mails and other messages that seem suspicious before reacting to them. An impersonal salutation and spelling mistakes or obviously bad translations can be an indication that it is a phishing message.
- Run a virus scan before downloading files from outside the organisation.
- Always use the latest versions of firewalls and virus scanners and carry out all updates.
- Protect your work equipment against unauthorised access with strong passwords on the one hand and against physical theft on the other. When travelling on business, work equipment should always be carried in your hand luggage.
- If you or your employees accidentally delete data, you should contact the IT managers as soon as possible. Do not try to cover up errors.
- Make regular backups so that data loss is limited in the event of a cyber-attack.
- Make sure that sensitive customer data is stored in Switzerland and is subject to Swiss data protection laws.
- Check your cyber security concept for weak points at least twice a year. It may also be worthwhile to call in external security experts or hackers for this purpose.
With the above measures, you can significantly reduce the risk of successful cyber attacks on your trust company. But what can you do if it is too late for prevention and you have become a victim of cyber criminals? In the next blog post, you will get practical tips on how to react to cyber attacks and thus minimise the damage.