Cybersecurity was already a major issue for businesses even before the COVID-19 crisis. But the pandemic has made it a bigger headache, unleashing a wave of attacks as employees work from home, and access systems and networks remotely.
One trend we have observed is that attacks have become more sophisticated and brazen. A 2020 analysis by the International Criminal Police Organization shows that cybercriminals have shifted their targets from individuals and small businesses to major corporations, governments and critical infrastructure1.
Fraudsters are taking advantage of employees’ vulnerability to cybercrimes as they work outside the preventive security controls of their offices. According to data security firm HelpSystems, 65 per cent of global financial services companies it surveyed suffered a cyber attack in the 12 months to August 20202. It found that cybersecurity weaknesses in supply chains and increased remote work due to the pandemic had the most potential to cause damage.
To address these challenges, being prepared and having extensive security controls are key. While it’s hard to stop every cyber attack, it pays to have a response plan and a strong culture of security.
Defending against threats
At HSBC, we believe taking a layered and fortified approach is one of the most effective ways to protect an organisation from cyber threats. The following four steps have helped us mitigate these risks to our business, people and customers. We believe they can secure your business too.
- Roll out comprehensive security controls that meet industry standards. These include deploying security software solutions, using strong user authentication, configuring devices to make sure they’re secure, and regularly copying your important data to a secure location. Having robust security measures can minimise the impact of an attack on your business, brand and stakeholders – and prevent similar attacks in the future.
- Quickly detect threats by deploying a robust cybersecurity function and architecture that can provide an adaptable and sustainable defence. As cyber threats continue to evolve, keep track of security trends so you can promptly avoid potential attacks and proactively strengthen your defence.
- Develop robust capabilities to respond to attacks before they become a crisis. This way, your company can get back to business as soon as possible. Make sure you have an incident response plan that is part of your broader business continuity program. Ideally, your plan should identify solutions and actions to detect, monitor and respond to an attack – and have clear responsibilities to reduce risk and damage, and quickly restore operations.
- Identify critical assets and strengthen their security. Know the value of your data and systems so you can prioritise and fully secure those that matter most to your business. If you’re a company with a large customer base, it’s crucial to protect your customers’ personal information. Securing your trade secrets is also important.
To learn more how you can mitigate cybersecurity incidents, check out the Australian Cyber Security Centre’s recommended strategies.
Fortifying your first line of defence
Rolling out security controls and technologies is vital to fending off attacks, but it is not enough. The human side of your cybersecurity is also critical. Employees can pose a big risk if they’re not aware of threats and don’t know best practices to protect their organisations. So training your people – and reminding them why they need to change their passwords often and think twice about clicking suspicious links – should be your first line of defence.
To create a culture of cybersecurity, it’s wise to engage all your stakeholders, from top executives and privileged users to third parties and customers. But make sure to tailor your engagement based on each group’s needs. For example, you can run monthly cybersecurity transformation briefings for your senior management and provide training on security best practices in software development for your IT developers.
Tackling threats with a trusted partner
Like any other organisation, HSBC has dealt with cybersecurity issues of its own. We understand the risks businesses contend with because we have faced them. That’s why we make it a point to share our experiences and knowledge with clients.
We run training sessions on how you can protect your organisation and guide your employees to be aware of threats. We have rolled out NetPlus on HSBCnet, where you can get the latest business insights and information, including articles on new cybersecurity risks in your industry. You can access NetPlus for free as soon as you register for HSBCnet.
Securing your business
We are continuously innovating to make sure our online platforms are highly secure. Our award-winning platform3 HSBCnet, for example, provides safe digital banking by combining technology with access controls, system safeguards and process reviews. You can check your accounts more securely by logging into the HSBCnet mobile app using your fingerprint or Face ID.
Globally, we have capabilities to identify cyber threats and swiftly manage any attacks. So if you suspect your company is a victim of fraud, contact your HSBC representative immediately. We have a dedicated fraud operations team that can address potentially fraudulent payments 24x7.
While managing cybersecurity risks can be taxing for any organisation, it can offer a competitive advantage if done right. Connect with us and see how HSBC can help you keep your business secure.
Staying informed about online security risks means you can stay vigilant against fraud. Our online tools and solutions include the latest security technology to help keep you protected.
1 ‘INTERPOL report shows alarming rate of cyber attacks during COVID-19’. International Criminal Police Organization, August 2020. Accessed 8 March 2021.
2 ‘Cybersecurity Challenges in Financial Services’. HelpSystems, November 2020. Accessed 30 March 2021.
3 Best Mobile Technology Solution (HSBCnet), Treasury Management International (TMI) Awards for Innovation & Excellence in Treasury Management 2019.