22May

The recent cyberattack resulted in considerable problems in the National Health Service, but its effects were felt much more widely than that. The WannaCry virus affected organisations of all types and sizes across 150 countries, and led to the Financial Conduct Authority (FCA) issuing guidance to authorised firms.

The FCA’s statement reads simply:

“The National Cyber Security Centre has issued guidance on the recent ransomware attack. Our advice to firms is to review this and take appropriate action. If your firm has been subject to an attack please visit Action Fraud, or contact them on 0300 123 2040 and let your regulator(s) know through your usual route.”

The National Cyber Security Centre guidance, to which the FCA statement contains a hyperlink contains the following advice:

• All users of Microsoft Windows should update to the latest version, to ensure their systems are protected by the latest security patches
• Users should make sure that their anti-virus protection is up-to-date, and should run a scan to ensure their systems are currently free from malware
• Users should back up important files and store these separately from their computer

Any firm that has fallen victim to a ransomware attack should immediately disconnect their computer from the network, and turn off the Wi-Fi. They should then safely format or replace their disk drives; install and update the operating system and all other software; and install, update, and run antivirus software.

The NCSC also advises anyone who has been affected not to pay the ransom demand that appears on their screen.

The FCA says that firms:

• Need to have a ‘security culture’ – everyone from the board to senior management to supervisors and ordinary employees must take the issue of cyber security seriously
• Must identify what their key assets are, and how they might protect these
• Must train staff to recognise suspicious activity, such as phishing emails
• Should carry out security screening of staff with access to important data
• Need to have adequate detection capabilities, so that they know straight away if they have been attacked
• Must have effective recovery and response procedures in the form of a detailed business continuity plan, which explains what they will do in the event of a security breach to ensure business operations can continue
• Need to test their data security measures on a regular basis

Research by financial software provider Intelliflo shows that 44% of financial advisers have experienced of cyberattacks, although two thirds of these attacks affected their personal life rather than their business activities. The research also reveals that 82% of clients would stop doing business with their adviser if they became aware that the firm had been hacked.

Nick Eatock, executive chairman of Intelliflo, said:

“The findings are a shocking testament to how common cyberattacks have become and highlights how crucial it is that advisers ensure they are using software for clients that is designed to protect data from malicious attack.

“When you take into consideration that, under the general data protection regulation, all firms will have to report breaches that are likely to result in a risk to the rights and freedoms of individuals within 72 hours, breaches will become publicly available.

“In some cases, you will be required to inform the individuals who have been affected by the breach.”

The information shown in this article was correct at the time of publication. Articles are not routinely reviewed and as such are not updated. Please be aware the facts, circumstances or legal position may change after publication of the article.