Licensees should take ownership for cyber security

Financial adviser licensees should take ownership of their organisation’s cyber security as the Australian Securities and Investment Commission (ASIC) are targeting negligent directors who outsource responsibility to information technology departments, according to Cyber Audit Team.

Speaking at a Profession of Independent Financial Advisers (PIFA) webinar, Damian Seaton, founder of Cyber Audit Team, said directors were personally liable for cyber attacks within their business under section 180 of the Corporations Act and that enforcement was on the rise.

“No longer can we just say cybersecurity sits with my information technology manager or provider, we have to take responsibility for this, and we need to ensure that we’ve got the right controls and mechanisms in place,” Seaton said.

Related News:

“The information that you hold on your customers is highly valuable and the criminals know that the majority of smaller business aren’t protected very well.”

According to Boston Consulting Group, financial firms are 300 times more likely to be hit by cyber attacks compared to other companies.

And practices that had no cybersecurity strategies had a 90% chance of experiencing a cyber attack, according to Seaton.

Seaton said criminals rely on the assumption that small businesses had not received cyber security awareness training, had directors with dismissive cyber security attitudes and staff with poor password hygiene practices.

“That means… you’re using the same password on your Facebook or your social media as you do with your Woolworths Rewards as you do with your Microsoft Office 365 account and if you are one of those people doing that, then you must invest in an [affordable] password manager,” Seaton said.

He said the use of password managers and two factor authentication prevented unsophisticated cyberattacks by 8%.

Seaton’s six steps to mitigate breaches were to assess cybersecurity blind spots, educate staff, document cyber security policies, seek independent assessments, have monitoring processes in place and conduct penetration tests.

Recommended for you



Add new comment