What are the Cybersecurity weak links in boutique investment firms?

Potential cybersecurity risks faced by small and medium investment firms

Usage of personal computer devices to perform work duties without proper cyber risk framework and practices such as multi-factor authentication Reliance on emails to deliver critical and sensitive data Storing client’s data in Excel or Access with password protection, can stil be hacked

Cyberattacks and data breaches are rising as workforce embraces work-from-home lifestyle. Last financial year, Australian Cyber Security Centre (ACSC) reported a 13 percent increase in data breaches with self-reported losses from cybercrime of more than $33 billion. Some of us may wonder how secured our data is after the recent string of cyberattacks affecting multinational companies such as Optus, Medibank, MyDeal and Energy Australia.


Increase in cyber attacks in FY21


Self reported losses from cybercrime in FY21

Should Investment firms be concerned of Cyberattacks?

Financial and investment industry is one of the biggest targets for cyberattacks. ACSC encourage organisations to urgently adopt enhanced cyber security measures. Typically, small and medium firms outsource their IT and security management covering only technology infrastructure and networks, but fail to consider their data handling practices. This is especially critical with the increased adoption of remote working. Most recently, the Australian Defence Department is urgently investigating whether their data was compromised after an IT contractor that provides a communication service for military perseonnel and their families was hit by a ransomware attack. (as reported by the AFR on 31 October 2022)

A home working environment does not have sophisticated enterprise prevention and detection measures. Additionally, home Wi-Fi networks are much easier to attack. Staff is more likely to be interrupted during work by family and visitors, thus IT systems need to incorporate time-outs, enhance controls to apply the ‘four-eyes’ principle in workflows, enforce segregation of duties and ability to detect abnormal instances.

In the current digital era, elevating cyber security strategies by assessing the whole of operations, particularly regarding preventive measures, automated detection and timely responses is becoming an urgent need.

How can we help?

At Focus, we go in-depth into your investment and operational processes to identify the weak links. We re-engineer ‘at risk’ processes with solutions that are layered with network security, access management, threat protection and detection, encryptions and dedicated process flows that safeguard the transfer of data.