CYBERCRIME THREATS
As Trustees, it is your responsibility to protect members which includes protecting against Cyber fraud.
- Do you understand Cyber risks, attack types and Red Flags?
- Do you know how strong your Pension Scheme Cyber defences are right now?
- Do you have the right processes and controls in place?
- Are you monitoring and reporting Cyber risks?
- If you don't understand it, how can you make informed decisions about Cyber Risks?
Sign up below for a free brochure that will help you demystify Cyber Security and enhance your Cyber Resilience
*By signing up you agree to receive our monthly newsletters. You can opt out at any time
Can you meet PRAG Guidelines & are you cyber ready?
Every Trustee should act now on PRAG guidance on Cyber Security (last issued in Oct-20), which outlines 3 main action areas:
Understanding the nature of the scheme's vulnerabilities to Cybercrime
Ensuring the scheme is resilient to Cybercrime
Ensuring if attacked, the scheme remains able to fulfil key functions
It also recommends that schemes should consider obtaining independent verification that these actions are being followed- just like an independent audit of financial accounts. Suppliers protection levels also need to be considered. We are here to help with this.
Every pension scheme holds a huge amount of sensitive, private and confidential data and assets, known as “crown jewels” which makes them attractive targets for cyber criminals. Cyber criminals want your crown jewels. Data is the new gold, criminals seek to gain access and extract (exfiltrate) data to sell it or leak onto the dark web, to hold or freeze access to your systems causing operational disruption, and they may potentially hold you to ransom to pay monies to them to regain access.
The threat of Cybercrime is real and is happening now, with the frequency of attacks over the COVID landscape having increased significantly. Attacks are also becoming more sophisticated. This problem of Cybercrime is not going away, if anything it’s going to get even worse as technology continues to advance with Artificial Intelligence, Machine Learning and greater adoption of the Cloud technologies. Threats change as technology changes, making it more difficult to safeguard.
As there is no solution to Cybercrime, it is essential to get to grips and understand what Cyber Risk is, how attacks happen, what the red flags are and how to become more cyber resilient. Cyber Security is not an annual tick box exercise, it’s a way of life. You need to continually monitor and enhance your Cyber Security posture. It’s essential to build a strong security aware culture and take a holistic approach to all round scheme protection to reduce the impact of an attack.
What are the costs of a Cyber Incident?
Costs associated with a Cyber incident or Data breach can be truly significant, here are a few to mention:
Downtime Impact
Remediation Costs
Restoration Costs
Providing you can use your backups
Impact on Cyber insurance premium renewals
Cost of a post mortem investigation
to understand how the incident happened, when, for how long, what was impacted and to what extent
Brand damage and loss of member confidence
Ransom Costs
Member compensation claims
Potential fines
Ransoms: Pay or Not to Pay?
Are you clear on your ethical stance to paying a ransom?
It’s not illegal to pay a ransom but payment encourages criminals to continue to do it. A crisis is not the time to decide. If you are going to pay a ransom, do you have the funds to pay and access to Cryptocurrencies?
Act Now, “be proactive not reactive when it comes to Cyber Security”. You need to plan for a cybercrime. We are here to help demystify Cyber Security, to show you what, when, who, where and how.
Here at Assure UK in Partnership with Lockdown Cyber Security we can help you by providing:
Comprehensive Cyber Security Health Check report
Our analysis provides an independent objective review of your organisations Cyber position. It is very important to understand your pension scheme’s vulnerabilities and cyber risks and how to address them, in what order.
Bounce Back Faster
It’s essential you develop processes to respond to incidents to bounce back faster and mitigate down incident costs and downtime. Keeping as many scheme’s core functions going during an incident is critical to scheme operations.
On-site presentation of your results
You receive the full benefit of our experience through a personal presentation and discussion of your scheme’s results
Value
Our holistic review internally across your people, process, technology and environment and externally will enable you to improve your Cyber Resilience.
Security Awareness Training
Training staff is key, as most successful cyber-attacks are the result of human error. Your people are your weakest link, so it’s important to build security aware culture, a strong human firewall. Lockdown Cyber Security works in partnership with ICAEW to provide Cyber Security training for Accountants and Business Leaders. So are well placed to train Trustees in Cyber Security.
Straightforward approach
We implement practical Cyber risk based solutions that align to the way your pension scheme operates
Our digital tool kit
We can help you achieve a sensible, working balance between the Cyber Security needs of your pension scheme and the demands of regulations.
As an FD with the responsibility for managing the IT department, in my opinion, cyber security represents one of the key risks in any organisation and should therefore be managed at the highest level... I would highly recommend ICAEW colleagues attend the course. it will provide you with the knowledge and motivation to ensure your organisation maintains its ongoing resilience to ever more widespread and sophisticated cyber threats.
– Kerry Davies - Director of Finance and IT at Severn Hospice
After recently attending Lockdown Cyber Security training course in Partnership with ICAEW "Cyber Security for Accountants"