Licensees should take ownership for cyber security
Financial adviser licensees should take ownership of their organisation’s cyber security as the Australian Securities and Investment Commission (ASIC) are targeting negligent directors who outsource responsibility to information technology departments, according to Cyber Audit Team.
Speaking at a Profession of Independent Financial Advisers (PIFA) webinar, Damian Seaton, founder of Cyber Audit Team, said directors were personally liable for cyber attacks within their business under section 180 of the Corporations Act and that enforcement was on the rise.
“No longer can we just say cybersecurity sits with my information technology manager or provider, we have to take responsibility for this, and we need to ensure that we’ve got the right controls and mechanisms in place,” Seaton said.
“The information that you hold on your customers is highly valuable and the criminals know that the majority of smaller business aren’t protected very well.”
According to Boston Consulting Group, financial firms are 300 times more likely to be hit by cyber attacks compared to other companies.
And practices that had no cybersecurity strategies had a 90% chance of experiencing a cyber attack, according to Seaton.
Seaton said criminals rely on the assumption that small businesses had not received cyber security awareness training, had directors with dismissive cyber security attitudes and staff with poor password hygiene practices.
“That means… you’re using the same password on your Facebook or your social media as you do with your Woolworths Rewards as you do with your Microsoft Office 365 account and if you are one of those people doing that, then you must invest in an [affordable] password manager,” Seaton said.
He said the use of password managers and two factor authentication prevented unsophisticated cyberattacks by 8%.
Seaton’s six steps to mitigate breaches were to assess cybersecurity blind spots, educate staff, document cyber security policies, seek independent assessments, have monitoring processes in place and conduct penetration tests.
AUTHOR
Liam Cormican
Recommended for you
Licensee Centrepoint Alliance has completed the acquisition of Brighter Super’s annual review service advice book, via Financial Advice Matters.
ASIC has launched court proceedings against the responsible entity of three managed investment schemes with around 600 retail investors.
There is a gap in the market for Australian advisers to help individuals with succession planning as the country has been noted by Capital Group for being overly “hands off” around inheritances.
ASIC has cancelled the AFSL of an advice firm associated with Shield and First Guardian collapses, and permanently banned its responsible manager.
