Online security: staying safe in the digital pension age

In a world where consumers increasingly expect online services to be available for every aspect of their financial life, digital pensions are fast becoming the norm.  Covid-19 has accelerated this expectation, changing the way we shop, bank, manage our insurances, our pensions, and changed the way we interact generally with any service provider. Businesses that traditionally have had predominant offline processes have now been forced to adapt and provide digital services to their clients.

Irrespective of Covid’s impact, the trend over the last decade has shown that our information is increasingly migrating online. What constitutes an efficient and reliable service has now changed and consumers are increasingly looking for digital pension solutions that give them all the information they need at their fingertips.

At iPensions Group, we have had to adapt too. We’ve invested heavily in bespoke digital pension technology allowing clients to access information at a click of the button. However, as more services shift online, an increased focus on online security has become essential for keeping clients and our business safe.

Chief Technology Officer Hrishi Kulkarni had this to say:

“In this fast-moving era, where most transactions take place digitally, security should be by design. For firms, data and information security must be the focal point in developing their systems and processes. Boards must continuously evaluate risks, invest in technology to enhance security, and provide their clients with confidence. Here at iPensions Group, we are continuing to invest in security, keeping our client and business data safe. However, there is a role for everyone to play, including clients, when ensuring internet safety.”

With potential threats such as hacks, scams, cybercriminals, and malware, the internet can feel like a dangerous place. The proliferation of devices, from smartphones and tablets to internet-connected appliances, has opened us up to even greater risks.

But the good news is that by taking just a small handful of security measures we can greatly reduce our exposure to the many potential threats.

Only open trusted emails and web links

Emails have long been a primary access point for scammers and hackers and as digital pensions become the norm, email is an easy first point of contact with potential scam targets. But malicious emails are relatively easy to spot if you know what to look for and a little vigilance goes a long way.

First, you should check if the email has been personalised. Fake emails often will use generic greetings such as “Hi” or “Dear Customer” instead of your real name.

The next step is to check for spelling mistakes, different email formatting, or unusual email addresses; often any discrepancies here may be an early indicator of a fraudulent email.

Any links within an email should also be approached with caution. You should hover over any links with your curser to check where the URL points to before clicking. For example, the body of an email may say “Go to http://www.websiteaddress123.com/ for more information”, but when you place the cursor above the hyperlink, it points to a completely different URL, e.g. ‘www.19898d99d99d9939d8887c.com’. Does this look trustworthy to you?

There has also been a rise in ‘clone firm’ scams in the UK in recent months, where emails received from supposed trusted sources turn out to be criminals who have set up ‘dummy’ sites and email accounts to scam savers, investors, and companies. Therefore it is even more important to check the details of any incoming emails carefully. You can read more about ‘clone firm’ scams here along with details of how to spot and report this kind of fraudulent activity.

Some other key things to remember:

– Be suspicious of any email or website that is asking you to do something unusual, particularly any asking you to provide payment details for something you are not expecting.

– Avoid opening email attachments unless you are expecting them.

Use strong passwords (and don’t reuse them on multiple sites)

We all know the importance of having a password that cannot be guessed easily, but what constitutes a strong password?

Avast, a provider of antivirus software and security applications, recommend the following:

Don’t be too obvious: Avoid using personal information such as your name or date of birth, and stay away from sequential numbers or letters e.g. ‘1234’ or ‘abcd’.

Don’t use memorable keyboard paths: Just like sequential letters and numbers, sequential keyboard paths such as ‘qwerty’ or ‘asdfg’ are common and often the first kinds of passwords to be guessed.

Make it long: You should aim to have a password of 15 characters minimum.

Avoid common substitutions: An example of a common substitution is using a number in exchange for a letter, such as a ‘3’ instead of an ‘E’ or a zero instead of ‘O’. These kinds of passwords can easily be cracked by attackers.

Use a mix of characters: Using uppercase and lower case as well as a mix of letters, numbers and symbols make your password less susceptible to attack.

As well as the above advice it is a good idea to use different passwords for different services. Installing a password management system on your browser or operating system is a great way to keep multiple passwords saved securely.

Check to see if your online accounts offer multi-factor authentication. This is when multiple pieces of information are required to verify your identity. So, to log into an account you may need to enter a code that is sent to your cell phone, as well as your password or passphrase.

Never share your password with anyone: This seems obvious but it’s surprising how often people will share passwords with people they trust. The concern is not always whether the person you shared your password with is trustworthy, but whether the device they use has the potential to be compromised.

It’s also important to remember that you have no control over how that person will store the password for later use e.g. will the person write the password down somewhere it could be discovered?

With the above points in mind, the take-home message is NEVER share your passwords with anyone, even if you trust them.

Safe websites browsing

Look for the ‘S’ in HTTPS at the start of a domain. If this is present it means the site is encrypted and has an SSL certificate. Without an SSL certificate, information is exposed and easily accessible by Cybercriminals.

Legitimate companies provide contact information such as physical addresses, phone numbers, and email addresses. If these aren’t present on the website it’s worth being suspicious.

Also, check that the website contains a privacy policy, this indicates that the website cares about the safety of its users and is abiding by privacy laws.

Boost your home network security

When at home or work, you probably use a password-protected router that encrypts your data. But, when you’re on the road, you might be tempted to use free, public Wi-Fi. The problem with public Wi-Fi is that it is often unsecured. This means it’s relatively easy for a hacker to access your device or information. That’s why you should consider investing in a virtual private network (VPN). A VPN is a piece of software that creates a secure connection over the internet, so you can safely connect from anywhere.

Keep devices up to date

Ensure you keep your laptops, PCs, and mobile phones up to date. Every vendor provides regular software updates. These updates not only release new features but may also include important security updates. These security updates are very important to ensure your device and information safety.

Summary

As the financial industry becomes ever more digitised, the opportunity for cybercriminals to get hold of your data increases. Businesses can go some way to protecting themselves and clients at the organisational level by committing to investing in systems security. However, following the simple steps above may help to protect individuals from malicious attackers seeking easy ways to circumvent security controls already baked into digital pensions.

Disclaimer 

The content of this article is for general information purposes only and should not be construed as legal, financial or taxation advice. You should not rely on the information contained in this article as legal, financial or taxation advice. The content of this article is based on information currently available to us, and the current laws in force in the UK. The content does not take account of individual circumstances and may not reflect recent changes in the law since the date it was created. It is essential that detailed financial and tax advice should be sought in both jurisdictions and any legal advice, if required.

iPensions Group Limited is authorised and regulated by the Financial Conduct Authority, Licence Number 464521.