Cyber risks - the Internet of Things

As more and more adverts on televison  and the Internet extol the virtues of being able to control your heating / lights / washing machine / CCTV  etc from your phone I wonder how many have thought of the potential for cyber attacks?

All of these devices use The Internet of Things to connect devices together - with factory set passwords - often hard coded so that they cannot be changed.  As personal computers are starting to become more secure other, less protected devices are becoming targets - with a view to enabling a third party to take them over and potentially bombard targets with traffic.   Were a hacker to start using your gagets to spy on you - potentially collecting valuable data along the way.

Often, business owners will take their work home - and with cloud based storeage the days of having to carry boxfuls of files have long gone.    Many will have spent considerable sums on having a robust defense in the Office including firewalls / anti virus software / Policies and procedures on Internet / Data useage etc.  

Is the home "safe as houses?"...something to think about.....






Compliant Solutions Limited - experts in helping Financial Services Businesses deal with the business challenges of Financial Conduct Authority Compliance - for help contact ian@compliantsolutions.co.uk

All change (again) for disclosure requirements

The Financial Conduct Authority have published a further policy statement - this time about removing ineffective disclosure requirements.

Policy Statement 16/23 sets out the planned changes which take affect from 1st February 2017.

The FCA will allow Firms to continue to use the Combinded Initial Disclosure format - but the use of the Key Facts logo will have to be removed. The FCA have confirmed that "old stock" may be used up.

The objective of these further changes is to enable consumers to be able to make an informed decision about the services that they are subscribing to.

Within Annex C of the Policy Statement the FCA have also made a change to the Consultancy Charging and remuneration requirements.  From 27 March 2017 Firms will need to take reasonable steps to ensure that its repesentatives, when making contact with an employee with a view to giving a personal recommendation on his/her employer's group personal pension / stakeholder scheme inform the employee that :

The Firm will be providing a personal recommendation on the GPP / Group Stakeholder scheme provided to the employer

Whether the employee will be provided with a personal recommendation that is restricted to the GPP / Group Stakeholder scheme provided by the employer ir the recommendation will also cover other products

That the employee will have to pay an adviser charge (if applicable) unless the employer is paying the consultancy charge / fee


Compliant Solutions Limited - experts in helping Financial Services Businesses deal with the business challenges of Financial Conduct Authority Compliance - for help contact ian@compliantsolutions.co.uk

....and a few more things to think about

Another weekend - another headline (this time in the Financial Times) that a major cyber attack had taken place. Traffic to hundereds of websites including the FT and Twitter was disrupted - with millions of users unable to gain access. Not good if your business site had been attacked.

For those businesses that are dependant upon the Internet this must be of concern.  Financial Instituions are driving more and more of their services "on line" - leaving Customers exposed should a denial of service attack take place - simplistically put, this would involve a software virus taking over thousands of computers and then inundating a website with requests and causing the server to crash. 

SMEs are unlikely to be the target of such attacks - but we all now are reliant upon third party suppliers - Banks / Insurers / Investment Houses etc and should their systems be subject to such an attack then we all would be affected. 

Having up to date anti virus software therefore is essential - does your business have a policy on internet usage ?   Viruses are typically spread via e-mails with attachments / links - decent anti virus software. 

What about memory sticks? Often, individuals may save / carry data on such a USB drive - could your data be stolen? Is the date held securely - password protected / encrypted?   Most operating systems offer to scan a memory stick before opening - how often do you "skip" that step? - might be worth changing your practice going forward.

When was the last time you reviewed your data security policy?  

Compliant Solutions Limited - experts in helping Financial Services Businesses deal with the business challenges of Financial Conduct Authority Compliance - for help contact ian@compliantsolutions.co.uk

The Robots are coming - Fintech and Cyber Crime

Driving in to work this morning I heard a report that ransomewhere attacks were up significantly and that businesses in the City of London were a primary target.

Having recently attended an informative workshop that focused on this growing risk to businesses I thought that it might be useful to remind people some of the obvious (and less obvious) risks.

How many businesses have a robust disaster recovery plan in place ?

When was the last time that it was tested? The recent problems with SSP software house highlighted how dependent many businesses are on software solutions - many businesses struggled.  How would you have coped?

That said, my previous plan failed several years ago - I had an office and my house was 1/2 a mile away.  A local electrcity sub station was put out f action by vandals and we lost power at both premises.

During the July 2005 bombings in london one of our clients plans overlooked the fact that staff may not be able to get home in the event of a disaster.

Still happy that your plans stack up and are robust?

How many businesses keep their data backed up - off and on site?  What checks did you do regarding the supplier(s)  that you are using - how secure are they holding your data?

Anti virus software - keep it up to date

Passwords - don't leave them on a post it note on your PC - something that I recently came across when visiting a client recently.

Data encryption -  how secure is the content of your emails?  Just imagine how many people would get to see / read that post card that you send home from your last Holiday - the same applies to e-mails only this time read by robots....

PC screens - How many times have you been able to see the contents of a poorly positioned screen when walking by an office window?  Could someone read the contents of your screen(s) from outside?

As more and more businesses are looking to develop automated systems we are moving into a world where the Robots take over.

Something to think about......

If you would like a copy of our checklist of businesses drop me a line...ian@compliantsolutions.co.uk