Bringing you live news and features since 2006 

Seven steps to success

Seven steps to avoid a cyber-attack


By George Ralph, RFA – We all know that cyber-attacks are not only more prevalent but they are increasing in ferocity, becoming ever more ambitious and overt. The latest culprits, Petya and WannaCry both used phishing attacks to spread malware through networks, and Petya rendered the user’s computer inoperable and gave hackers full access to the usernames and passwords stolen from the computer.

Here is a set of top tips to prevent your firm being an easy target for cybercriminals:

1) Get your paperwork in order

Documented policies and procedures safeguard business data, systems and networks and allow you to meet regulatory compliance mandates. 

2) Plan for the inevitable

A cyber incident response plan identifies the key processes and personnel that you will need to involve after an incident, and documents how you will go about preparing for an incident, detecting an incident, containing an incident, recovering from an incident and analysing the incident in the aftermath.

3) Take systems into account

The business continuity plan outlines the critical business processes and IT systems, and the recovery procedures and timescales, including the recovery time and point objectives.

4) Mitigate against risks

Outline details of the user training you will provide, the physical security measures you will put in place, how internal audits will happen, how risks will be identified and classified and how the supply chain will be de-risked.

5) Get all the right tools in all the right places

Getting the technology right, the hardware, software and systems, that protect every layer of data, is more complex than it seems. It is not enough for you to protect your network, and end points. A robust cybersecurity strategy should be multi-layered, and include email, mobile devices and other endpoints, web traffic and the network. You should also take into account data governance, data should be encrypted, the physical environment should be secure, access should be managed closely, and you should run regular penetration testing and vulnerability scanning across the technology estate.

6) Education is critical

Educating employees about cybersecurity, and providing effective training to help them identify malicious behaviour and to act accordingly to avoid or mitigate the risks is crucial. If training is regular and relevant, it stands a greater chance of actually embedding new behaviours into employee culture. 

7) Test the waters

One way of embedding training into users’ psyche is by regularly and without warning testing users with simulated email, voice and SMS phishing attacks, personalised landing pages, attachments and spoof domains in order to highlight risks and employee weaknesses. When employees fall victim to these attacks they can be given immediate feedback and a refresher on spotting the red flags. This type of training has been shown to reduce user error dramatically. 

With the threat of cyber-attack increasing, it’s simply not enough to leave any of this to chance.

Latest News

US ETF issuers of active ETFs are facing an increase in fees from the big custodian firms, such as Charles..
ETF data consultant ETFGI reports that assets invested in the global ETF industry reached a new record of USD12.71 trillion..
Calastone has published an ETF white paper which examines several of the processes that take place across the lifecycle of..
Adapting product lines to fit into changing methodologies and meet shifting demand is essential to remaining relevant in the industry..

Related Articles

Taylor Krystkowiak, Themes ETFs
Themes ETFs opened its doors in December 2023, with an introductory suite of 11 ETFs – seven thematic and four...
Konrad Sippel, Solactive
At the end of March, financial index specialist, Solactive, published its 2024 annual report on future trends.  ...
Lorraine Sereyjol-Garros, BNP Paribas
Following changes to the French Monetary and Financial Code and of the French market authority AMF’s General Regulation, it is...
Ed Rosenberg, Texas Capital
Texas Capital Bank first opened its doors back in December 1998 and nowadays offers wealth-management services, as well as commercial,...
Subscribe to the ETF Express newsletter

Subscribe for access to our weekly newsletter, newsletter archive, updates on the site and exclusive email content.

Marketing by