Fintech Robos discusses Cyber Risks for Middle East advice and wealth management industry

International Adviser magazine interviews Fintech Robos's CEO on Cybersecurity as investment institutions increasingly introduce work-from-home practices.

  1. How much data is unprotected when staff are working from home? Can client details be hacked easily when home working?

We at Fintech Robos, as a MENA-based digital solution provider for investments, savings, and pension businesses and also as a license applicant for an investment firm ourselves, understand that working remotely is “the new normal”. It ensures health and safety of employees during the unfortunate times of pandemic whilst still maintaining business operations. We believe that in today’s digital life, being tech-savvy and on trend with latest software, data collection and storing solutions, is necessary for every institution to operate smoothly. However, we also cannot overlook the risks that come with it, especially cybersecurity threats and the importance of combating them. Acknowledging the sensitivity and confidentiality of data leads institutions to take intense security measures to fight cybersecurity threats.

For us, to protect data and prevent data getting hacked as staff work from home, the answer is by implementing “Zero Trust Security” through verification, to ensure protection of credentials. This is done by utilizing the following: first, multifactor authentications whereby staff identification is not only done through passwords but also through alternative methods; second, device access control management whereby only approved and authorized devices are granted access to data and programs; third, segregation of duties and least privileged access that creates users with few or no permission that serves as the foundation of sustainable risk management and internal control; and fourth, real-time monitoring and continuous learning through AI and data cloud to detect any security breaches.

 

  1. How can advice firms help staff protect client data? What are firms doing to combat cyber-attacks and bolster cyber-security?

Financial institutions rely on a lot of crucial and confidential data from clients, hence it is important to ensure that staff carry out the appropriate security measures. Such knowledge plays a key role in protecting clients’ data; and employee awareness is acknowledged as the key to maintaining the security of the firms’ database.

Firms could help staff protect client data through provisions of security tools, implementing training courses and phishing simulations to certify employees regularly. From experience, and in addition to what we mentioned in the first question, we encourage employers to implement a reward system for staff who report any form of threat to the firm and its client database.

And to answer the second part of your question, we would use the Central Bank of Bahrain (CBB), Bahrain’s financial regulator and the region’s most progressive financial regime, as an impressive example of demonstrating speed and seriousness in issuing and enforcing a package of cybersecurity laws following threat incidents. The CBB is really a fast mover and has done a fantastic job in executing the NIST Cyber Security framework that guides institutions on how they can manage cybersecurity risks. They also adopt a risk-based approach to ensure a high return on Cyber-Security Investment.

Considering the rapid growth of digital adoption in the past two years due to the Covid-19, the investments made and regulatory scrutiny around cyber security have increased as a result of hugely rising cyber-attacks. 

 

  1. Will we start seeing more attacks made in the advice/wealth space? If so, what can investors do?

With the acceleration of digital transformation and rising cybercrimes globally, investors and institutions must always be cautious and wary of different techniques followed by cyber-attackers, especially those associated with payments in crypto currencies and the loss of crucial information, which have proven to be lucrative for cyber-threat actors. Investors and clients may help protect themselves by following a set of security measures such as: first, not disclosing any confidential information online, over the phone, in person; second, adopting safe online habits such as using password manager, MFA system, and developing phishing awareness. In simple terms, the less cautious institutions are, the higher their exposure to cybercrimes threats.

 

  1. Are advice firms ready for cyberattacks? Does there need to be more training?

All institutions need to be ready for cyber-attacks – including of course financial and advice firms. As a technology provider that is also building an investment firm, Fintech Robos embraces the digitized and technical changes stemming from Covid-19; however, we do acknowledge the inevitable security risks that could occur as a result. In the end, attackers just need to be lucky once! Thus, advising customers on security measures and training staff and partners are key in combating cyberthreats. Regular targeted security training based on employees’ roles and responsibilities is vital in ensuring information safety and security.

Again, as a Bahrain domiciled firm, we feel confident in stating that the guidelines set for reducing cybersecurity threats allow financial firms in Bahrain to be safe and well equipped in facing cybersecurity threats.

 

  1. What is the future for wealthtech with home working – will there need to be more data security provided?

A lot of financial institutions in the region have recognized and incorporated the hybrid model of working from home and in-office in order to curb the threats to health and safety during the current pandemic. As Fintech Robos, we appreciate robo-advisors in the wealthtech continuum for the commitments to their regulators, customers, staff, and partners.

Transparency is doubly important for security when it comes to robo-advisors and platforms. For instance, an advisor should tell you about any security breach as soon as possible. They should warn you so you can change accounts and passwords before crooks get into your other accounts.

They must explain all security features and protocols. Moreover, security features should work quickly. For instance, there should be an easy but secure way to access your account if you lose your password.  A good example of such backup access is an algorithm that sends a text to an encrypted phone if you change your password. They usually call such features as 2-step authentication.

Plus, the advisor should list all the security protocols and features and explain them. If an advisor does not provide a clear picture of the security, you should avoid it.

Data security is an evolving field, a cat and mouse game where intuitions need to be ahead of the curve with various technological breakthroughs to prevent breaches.

Robo Advisors are committed and will evolve with the times. It is expected that people will continue to use robo-advisory and wealthtech services even after the pandemic ends and safety measures are lifted.