Clearly, no business is immune to cyber risk irrespective of its size and industry. And since the digital world is constantly changing, software and networks are always developing loopholes for attackers to seek and exploit. As a Fintech finance broker, we have built cyber security into our product, and all our operations. Now a strong part of our business DNA, we’re continually strengthening our internal controls to prevent security breaches and ultimately, maintain the safety and privacy of our clients’ data.
Cyber security in financial services is a complex picture. While the challenge of cyber crime is not new for financial institutions, it is becoming increasingly diverse and can take many different forms. New threat types are emerging, and old threats are manifesting in new ways. From offences such as phishing (where the attacker sends a fraudulent message to trick a person into revealing sensitive information), to ransomware (where the attacker prevents a user from accessing data until a sum of money is paid), the impact of a cyber attack can be invariably serious. Not only can it disrupt operations; it can result in the loss of sensitive data, long-term reputational damage and financial repercussions.
How are we safeguarding your data?
Cyber security is at the heart of Fluent’s business strategy. With continual investment and a framework which focuses on people, as well as technology, we have established an advanced approach to protecting our business against the threat of cyber attacks.
1. Insider threats & access control
Given that data breaches are most often triggered by internal actors, we conduct thorough background checks on all our employees before hiring them. Whilst there is no fool-proof way to overcome this security risk, the most effective way to reduce it is to have level-based access control systems.
2. A cyber-risk aware culture
Cyber security is a concern that goes well beyond our IT department. At Fluent, we regard cyber security as ‘everyone’s job’. We consider all employees as the first line of security and defence; we believe that those that are well trained can significantly reduce the impact of a breach or even prevent it from happening.
We invest heavily in ongoing education provided to all our employees about practices for safe digital work. And staff with access to our network and data at all levels – from administrative to managerial – are trained in their responsibility for keeping data secure from cyber attacks.
Phishing attacks – which are growing in prevalence and sophistication- are just one key topic covered as part of our cyber security awareness programme. This ensures that employees can spot the tell-tale signs of an attack and what actions to take when they feel they have been targeted.
Not only do these sessions help employees to understand the privacy challenges faced by Fluent, but they also work to engrain cyber secure behaviours into the day-to-day delivery of our services and products.
3. Data privacy and protection
As an organisation that is subject to GDPR and Data Protection regulations, our Compliance function plays a critical role. With the help of this department, we have developed solid data security policies and practices to help prevent security breaches involving our customers’ data. With a high-level set of principles in place, our employees understand the importance and requirements of data protection and privacy. With clear and consistent systems for managing, storing, and using sensitive data, our Compliance team are continually working to ensure our customer’s sensitive information is safe, and secure.
4. ISO Certified
Fluent has been awarded the ISO 27001 certification: the leading international quality standard for Information Security Management. This citation recognises our unwavering dedication to data security and reaffirms that we have the best controls in place, to identify and reduce any risks on how we handle our customer data.
5. Endpoint detection & response software
To augment our cyber security infrastructure, we have installed a bespoke, next generation EDR (endpoint detection & response) system on all laptops, desktops and servers used throughout Fluent. Our chosen software delivers the defences we need to prevent, detect and undo both new and evolving threats. By keeping a close eye on anything that looks suspicious, this EDR programme predicts when an attack will occur, and essentially catches viruses, malware and other kinds of attacks early.
Staying one step ahead
At its core, our cyber security model is about managing risk. Whilst the personal data of our customers is imperative to what we do, cyber security will remain a vital component in our business strategy. And with a whole new dimension of cyber attacks emerging, we will continue to strengthen our approach and efforts to prepare, defend and respond to this ever-evolving threat, whilst maintaining consistently high levels of cyber security protection.