Adviser & DFM Cyber & Information security

212 views
112 views

Published on

Data Protection for Independent Financial Advisers and DFM's is a Regulatory Issue

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
212
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Adviser & DFM Cyber & Information security

  1. 1. Financial Adviser Cyber Information Security What you need to know
  2. 2. IP Sentinel – watching over your intellectual property ACT NOW You are responsible for some of the most valuable data in the world. That of your clients’. It is imperative that you know how to process, protect and manage that information. The penalties for not doing so can run into the millions and ruin the reputation of your business. The Financial Conduct Authority (‘FCA’), The Information Commissioner and your PI Insurer all have requirements you have to meet. Do you know what your responsibilities are? Do you understand the threats to the information you hold? Do you know how to protect yourself? info@ip-sentinel.com http://ip-sentinel.com
  3. 3. IP Sentinel – watching over your intellectual property What is Information? As an adviser you have ‘Identifying Data’ for each and every one of your clients • Name, address, email, contact telephone You also have so much more due to AML & KYC requirements • Copies of passport, driving licence, utility bill, bank statements You could have even more that that • Bank account details, investment histories, insurance policy details This information is valuable to your clients Your servers probably hold enough information for criminals to steal the identity of every one of your clients info@ip-sentinel.com http://ip-sentinel.com
  4. 4. IP Sentinel – watching over your intellectual property You are responsible for client information The Financial Conduct Authority • • • FCA Principle 2 FCA Principle 3 Rule 3.2.6R in the Senior Management Arrangements, Systems and Controls sourcebook (SYSC) The Information Commissioner • Data Protection Act 1998 and 2003 The PI Insurer • Whilst you may have cover in place for a limited third party loss relating to cyber security, it is unlikely that your existing cover will reinstate any losses to your own business info@ip-sentinel.com http://ip-sentinel.com
  5. 5. IP Sentinel – watching over your intellectual property How do you process information? To manage your client accounts and information • • • • Do you have a manual process that is largely paper based? Or is your process largely email, spreadsheets and word documents? Or an Intranet workflow integrated with an online Customer Relationship Management (CRM) system Or a Vendor provided Practice management solution? Most probably part of your process is outsourced to a vendor or service provider, maybe as part of a network arrangement. Would you know if information had gone missing? What would you do if you discovered that it had? info@ip-sentinel.com http://ip-sentinel.com
  6. 6. IP Sentinel – watching over your intellectual property Where do you keep information? Your clients have given you their information. Do you know where that information is now? • On your laptop/PC • Or in hard copy in a locked filing cabinet in your office • Or stored in a document archive offsite • Or stored as an attachment in your email • • • • • Or saved as a spreadsheet on a file server Or in a vendor supplied application Or in the “cloud” Or hosted on a vendor service Or on a 3rd party backup service Probably a little of all of the above info@ip-sentinel.com http://ip-sentinel.com
  7. 7. IP Sentinel – watching over your intellectual property How do you protect information? • Who should and who actually does have access to client information? • Do you trust them? Does their employment contract cover their responsibilities? • • • Who is responsible for Data Protection? Who is responsible for dealing with a Data loss? Hack attack? Computer crash? Who is responsible for Employees joining and leaving, as well as examining what they bring or take with them? • • • Do you encrypt the data? If so how? • Do you audit your policies & their implementation regularly? How do you communicate? WiFi? iDevice? Laptop? Do you have an IT policy on passwords? User access levels? IP Sentinel can provide you with a solution info@ip-sentinel.com http://ip-sentinel.com
  8. 8. IP Sentinel – watching over your intellectual property Your Strategy Carry on as you are - Sorry that’s not going to work for too long • The FCA have stated Data Protection is one of their key focus areas. There’s EU legislation on the way to make sure you do something. It’s all over the news. Buy Cyber Liability Insurance – Deals with the finance aspects only • • It’s not cheap! Doesn’t help your reputation or replace your clients. Let my IT department manage this problem • • Data Protection is a whole business issue It is a specialist area If you think you need to do more, IP Sentinel can help info@ip-sentinel.com http://ip-sentinel.com
  9. 9. IP Sentinel – watching over your intellectual property Engage IP Sentinel IP Sentinel is a specialist in Cyber and Information Security in the Adviser and DFM marketplace. We provide a 4 step program to help you protect your important data and work towards satisfying the Regulators. Step 1: Recognition Step 2: Prevention Step 3: Monitoring & Mitigation Step 4: Response & Recovery Regardless of your size or business model you have a duty to protect your client data. If you have any questions about your responsibilities, call us today on 01825 701870 Or email info@ip-sentinel.com Or visit our website http://ip-sentinel.com info@ip-sentinel.com http://ip-sentinel.com

×