Tag Archives: fintech

Being cyber secure

The threat of online security risks including cyberattacks, malware, and phishing scams will always exist. Cybercriminals are constantly evolving to become more complex and convincing, meaning your business must stay vigilant and take steps to protect itself, its employees, and its customers.

Startling statistics reveal that in the UK, a small business is hacked successfully every 19 seconds. Across both small and medium-sized businesses 65,000 cyberattacks are executed every day, with 4,500 of those being successful[1].

Worryingly, attacks are increasing in frequency with 46% of businesses reporting a cyber security breach or attack in the last 12 months with many experiencing issues at least once a week. Of those, 19% experienced financial or data loss while 39% suffered loss through business disruption or having to implement new measures to stop a recurrence[2].

Pandemic predators

The COVID-19 pandemic has brought a surge in online activity creating more opportunities for cybercriminals to steal data, and employees working from home also provide new targets[3]:

  • Coronavirus blamed for 238% rise in attacks on banks
  • 80% of firms have seen an increase in cyberattacks
  • Cloud-based attacks rose 630% between January and April 2020
  • Phishing attempts have risen 600% since the end of February.

Types of threats and staying safe

The term ‘hacker’ covers professional criminals and disgruntled employees alike but regardless of name, they are developing new methods of attack all the time. Throughout the cyber security industry, the eight main threats to be aware of are deemed to be as follows, together with some actions to try and stay safe, as recommended by the National Cyber Security Centre (NCSC), the government, and major security companies:

Malware – makes your computer/network malfunction or grants the attacker access and control with varieties such as worms, viruses or trojans.

Phishingmalicious emails designed to fool people in disclosing details or taking action that is damaging for the business.

Ransomwaredenies a user access to their own system by locking it behind a paywall rendering it unusable until a ransom is paid.

To minimise the likelihood of becoming a victim of malware, phishing, and ransomware, or similar threats, industry experts recommend taking the following precautions:

  • only use current and updated web browsers and operating systems;
  • scan new disks and files with anti-virus software;
  • avoid giving out personal data to unsolicited calls, emails or texts;
  • don’t click links in emails you were note expecting;
  • only download from trusted websites and sources;
  • do not click unverified links;
  • avoid use of public wi-fi networks;
  • and use a virtual private network (VPN) where possible.

Other types of threat

Distributed Denial of Service (DDoS) – designed to overwhelm either your database or website by bombarding them with more requests than they can handle, causing them to become unresponsive.

To avoid becoming victim of a distributed denial of service attack, industry experts suggest that you:

  • ensure your business/website has enough bandwidth to handle spikes in traffic;
  • spread your servers across multiple data centres and distribute traffic between them;
  • protect servers with network firewalls, web application firewalls, and load balancers.

Man in the Middle – pretending to be a reputable business using a fake website or intercepting a connection with the intent of harvesting data from users. These attacks often occur through unsecured public Wi-Fi networks.

There are several steps that experts say will counter these attacks, for instance:

  • educate employees not to use public networks;
  • use virtual private network (VPN) for secure connections;
  • monitor networks and devices for unusual activity;
  • use up to date and secure browsers;
  • implement two-factor authentication.

Structured Query Language (SQL) Injection – hackers insert a malicious code into an SQL server to make it release information.

Cyber security professional suggest preventing SQL Injection attacks by:

  • using a web application firewall;
  • and creating multiple database user accounts meaning only specific and trusted individuals can access the database.

Password attacks – whether guessing a user’s password or using software to do so, once obtained the cyber attacker has complete access to the system and all its information.

To combat password attacks, experts suggest implementing a password policy that promotes strong passwords. A strong password includes:

  • at least 12 characters;
  • no personal information;
  • a combination of numbers, symbols, capital letters and lower-case letters.

Zero-day exploits – exploiting software’s vulnerabilities, especially as they age. That is why it always important to keep software updated and apply any security patches that are issued.

Cyber security professionals suggest your business can reduce the risk of zero-day exploit attacks by:

  • using solutions that can scan for vulnerabilities;
  • installing software patches as soon as they become available;
  • utilising data validation to test any input supplied by an application or user.

­With heightened motivation and opportunity for cyber criminals, cyber security specialists say it’s important to review your cyber security regime and address any vulnerabilities that may leave your business at risk. Kaspersky estimated in 2019 that 41% of consumers left themselves open to security risk by using unsupported or near end-of-life operating systems like Windows XP or Windows 7[4].

The NCSC suggest a cyber security checklist for SMEs:

  • Knowledge is power

Establish a channel of communication to enable the exchange of information including policies and training to maintain awareness of cyber risks to your business.

  • Secure your network

Monitor and test your network, and secure its perimeter to stop unauthorised access or malicious content from entering.

  • Stop malware

Use up to date web browsers, ensure anti-virus software is used to scan disks and files; don’t give out personal data, and don’t click links in unsolicited emails.

  • Don’t go public

Public Wi-Fi is more vulnerable to being intercepted so reduce and avoid use where possible.

  • Keep systems updated

System security patches must be applied as soon as possible to ensure security configuration is maintained and avoid exploitation of vulnerabilities.

  • Control access

Limit user privileges and the number of privileged accounts to control access to systems. Restrict access to activity and audit logs.

  • Be ready to react

Prepare an incident response strategy and test your disaster recovery capabilities. Activate specialist company-wide training and report any criminal incidents to relevant authorities.

  • Monitor activity

Monitor all your systems and networks and look for any unusual activity that could indicate an attack. Set up a strategy and policies across the business to do this.

  • Away from the office

Ensure all staff understand the risks of home and mobile working and train them to follow protocols with ways to protect data at all times.

  • Strengthen passwords

Implement a password policy that promotes strong passwords that contain at least 12 characters, no personal information and a combination of numbers, symbols, and capital/lower case characters.

  • Start at the top
    Board and senior management must assess risk to information and systems within the business to establish a risk management regime.

Look out for further information on this topic from future blogs.


[1] http://hrnews.co.uk/cyber-security-statistics-in-the-uk-reveal-troubling-figures/

[2] https://www.gov.uk/government/publications/cyber-security-breaches-survey-2020/cyber-security-breaches-survey-2020

[3] https://www.fintechnews.org/the-2020-cybersecurity-stats-you-need-to-know/

[4] https://www.kaspersky.com/about/press-releases/2019_consumers-still-use-unsupported-and-near-end-of-life-os

“Alexa… open UKMortgages.”

With Amazon Echo – and its friendly virtual assistant, Alexa – now a staple item in many homes across the UK, it seemed only appropriate to explore the latest Smart Speaker technology and what it could do and thus, the first UK Amazon Echo Mortgage Skill was born.

Developed to ultimately support consumers and drive business to our mortgage adviser customers, our UK Mortgage Skill is an industry-first. Now through a Smart Speaker device, consumers are able to search for a suitable mortgage and find mortgage advisers local to them to help them purchase their new property, simply by asking Alexa.

Ground-breaking mortgage sourcing

The new Skill combines our mortgage data and Amazon’s technology, allowing users to ask Alexa to find a mortgage that fits their needs.

Alexa will ask the user a few questions before searching through over 10,000 mortgage products and then will verbally provide details of the headline product – the mortgage product deemed most suitable based on their answers. Alexa will also send a summary of the most suitable Fixed, Variable and Tracker mortgage products to the user’s Alexa app.

Connecting consumers with advisers

Users can also ask Alexa to find them a local adviser. The Skill can either use the postcode registered to the user’s device – or an alternative one can be provided – to search through thousands of mortgage advisers to find businesses closest to them. All the mortgage advisers listed use Mortgage Brain sourcing software so they have access to all the mortgage products provided by Alexa during her mortgage product search.

Alexa will then provide the name and phone number of the user’s nearest adviser, and send a further list of up to ten local advisers directly through to their Alexa app.

How does it work?

There’s no need to register for the Skill to use it – simply say “Alexa, open UKMortgages,” and Alexa will then offer the option of searching for a mortgage or finding an adviser.

Users will need to provide the amount they wish to borrow, property price and whether they are a first-time buyer, moving home or remortgaging. Alexa will then search through a comprehensive list of whole of market mortgage products and 1,000s of mortgage advisers to find the best products and nearest companies.

Be in it to win

It comes at no additional cost to your licence fee to be listed as a mortgage adviser in the Mortgage Skill, but you do need to be a Mortgage Brain sourcing customer.

In order for your company details to be included, you need to provide your company’s name, address, phone number, email address and website (if applicable). You’ll also need to provide a short company description, which you can do easily on our website.

You can check for yourself that your business details are correct within the UKMortgages suite of products by asking Alexa on an Amazon Echo device to “open UKMortgages,” or on the website www.ukmortgages.uk.com or by downloading the UKMortgages app from either your Apple or Android play store.

So don’t miss any potential customer leads and be part of the UK’s first ever mortgage Skill. Your company listing will appear both on the UKMortgages app, website and Skill – hope to see yours soon!

If this sounds appealing but you are not a sourcing customer yet, you can start a free 30-day trial here.

Take a look at our full press release for more information on this exciting announcement, and make sure you tweet us @Mortgage_Brain when you or one of your customers have tried it out!