A conversation with Quilter’s information security culture experts
Information security has never been more important. The pandemic has led to a surge of people working from home and away from office-based systems, and these practices will continue indefinitely to varying degrees.
With even more of our lives spent reliant on online communication, information security professionals have become all the more important in helping us learn the warning signs and be aware of the ever-evolving dangers in the online world.
Louise Cockburn and Linda Morgan are information security awareness and culture managers at Quilter. Here, they discuss their role in information security and how it can help keep us all safe:
What is your job role in a nutshell?
‘We job share the role of information security awareness and culture manager, in which we look at the people side of cyber security. So, where there is a ‘human element’ to cyber risk, for example, phishing, social engineering and other human-to-human attacks, we would look at ways to raise awareness of these threats, and create ways to improve security skills and habits, both at work and at home – to champion and promote a positive security culture across the company.’
‘This requires skills in communication, psychology, behavioural economics and empathy, as well as a general understanding of the cyber threat world.’
How does your job share work?
‘We are job share partners, which means that we are responsible for the same role, splitting the week so each works three days, with a crossover day to work together. Collaboration tools have been invaluable - ensuring that each other is fully up to date with what is going on, as well as being able to reach audiences wherever they are working. It’s made it possible for us to work effectively together for 18 months – without ever physically being in the same location!’
‘We have shared the role since 2020 – each wanting to do so for different reasons - and it has been a fantastic way to continue working in a more specialist position that would not have been appropriate as a part time role, and we’ve been well supported by our management.’
‘We have the benefit of working flexibly in a complex and fascinating world we both love, with a partner who is equally passionate about the role.’
Why is information security so important?
‘Without good information security practices, anyone can become victim of an attack.
‘In the world of financial services, we regularly see first-hand the importance of being able to recognise and stop fraud and other malicious activity in its tracks, which could otherwise result in loss of money, data or other assets.
‘It is vitally important to understand that human-to-human attacks are the norm, and that none of us is ever immune from being a target. We should all be familiar with terms such as ‘cybercriminals’, ‘scams’, ‘social engineering’ and ‘phishing’, but it is good to understand we can all become a ‘human firewall’. Being able to spot red flags and potential attacks, being aware of our own blind spots, identifying when we are being manipulated, and recognising the important role we each play in keeping ourselves and others safe online is key in preventing attacks from happening.’
What are some of your top tips for staying safe online?
‘There are a number of steps we can take to keep ourselves safe and secure while using the internet, including, but not limited to:
- Check the site is secure
‘Always check that the URL beings with ‘https’ instead of just ‘http’ – particularly if you are entering any information - as this indicates the site is secure. Without an ‘SSL certificate’ (which helps create a safe, encrypted connection between your device and the website being accessed) information is exposed and could easily become accessible to cybercriminals.’
- Beware of fraudulent websites
‘A fraudulent or ‘spoofed’ website is designed to look indistinguishable from the original, and can be very harmful including by having the potential to collect your personal data or even download harmful software to your computer.'
‘To minimise the potential risk, it is a good idea to always check you are on the correct website by inspecting the address, browsing directly to the website by searching for the official company page, and by using the padlock icon to check the security certificate is present and legitimate.’
- Use secure passphrases or password managers
‘It is important to consider how best to manage multiple secure passwords without resorting to an unsafe practice, such as simple passwords, password reuse, or writing them down.'
‘Passphrases are one way to easily increase your password security: Use a phrase of three or more random words to help make a password more complex but easier for YOU to remember.'
‘Password Managers are thought to be one of the best solutions to the password problems: easy to set up, secure password vaults can generate highly secure passwords, populate them in the future and sync across your devices.’
- Set up multi-factor authentication
‘Multi-factor Authentication (MFA) is an authentication method that requires you to provide two or more verification factors to gain access to online accounts and applications.'
‘MFA combines ‘what you know’ (a password or PIN) with ‘what you have’ (a code sent to your phone, a code from a reader/token)’. MFA provides an additional layer of security and drastically reduces the chance of your accounts being accessed by a cybercriminal.’