Skip to content


Advice firms need every-day procedures and robust technology to protect against cybercrime

16 September, 2020

Financial advice firms need a combination of every-day procedures and robust technology to help protect their businesses against cybercrime and data breaches, according to Origo.

The fintech says the extent to which cybercrime is prevalent within financial services has been brought home during the Covid-19 crisis as criminals have ramped up their attempts to trick individuals and businesses into giving away personal and financial details to enable fraudulent transactions.

Recent reports have highlighted that the FCA has been investigating more than 150 Coronavirus-related scams since the outbreak began (1) and has spent over £300,000 on fighting fraud online in the past 6 months (2).

Compliance consultancies have been warning advice firms on scams and email hacking. Paradigm Consulting recently warned advice firms about fake FCA email surveys on the impact of Covid-19 (3) while ATEB Consulting warned on fraudsters hacking personal email accounts and impersonating clients to encash investments (4).

Alongside this are reports of company owners and directors receiving highly realistic scam emails, requesting usernames, passwords, and bank details.

Anthony Rafferty, Managing Director, Origo, says: “This increase in reports and news stories serves to illustrate that the threat to financial services businesses from cybercriminals cannot be ignored by any company.

“Scammers and other cybercriminals are obtaining email addresses or relying on human error to obtain the information they require to commit fraud or identity theft.”

Data published by the Information Commissioner’s Office (ICO) has revealed that ‘phishing’ by cybercriminals was the second highest reported incidence of the ‘inappropriate disclosure of data’ by company staff (5).

Rafferty continues: “However, the most common incidence of data breach reported to the ICO was information being emailed to the incorrect recipient. That suggests a breakdown or lack of internal procedures.

“Clearly, whether dealing with cybercrime or staff error, having a well-documented policy, robust procedures and monitoring of processes, can go a long way to preventing potentially costly data breaches.

“Education is another area where firms can help protect themselves from external threat and internal error, including regular cybercrime awareness sessions and training of staff.

“Implementing technology – such as employing military-grade encrypted email, particularly when exchanging personal and sensitive information with clients or between organisations – should become standard every-day practice. Encrypted email secures against hacking, enables authentication to ensure the right person has accessed the information, and provides an audit trail for security and regulatory purposes.

“We are operating in a world where disclosure of information is a threat on many levels and putting in place preventative measures is essential for any size of firm within our industry.”

(1)The data was obtained under the Freedom of Information (FOI) Act by the Parliament Street think tank’s cyber research team.