Estimated as a trillion-dollar industry, personal data has become a new form of currency for companies and criminals alike. Saffery Trust Information Security Officer, Sonia Bowditch, explains why maintaining the highest levels of data security is fundamental to client service.
Why is data security such a high priority in the wealth industry?
The value of data in today’s digital world cannot be overstated. It has, in many ways, become a new form of currency.
If sensitive information is stolen, recovery is often difficult and mitigating damage can be challenging at best, and sometimes impossible. Safeguarding data against threats is the single most important thing that all client service providers can – and should – do. As with most things, prevention is always better than cure.
At Saffery Trust we treat client data with utmost care, as if it were our own personal information. We are responsible for protecting critical information, including sensitive financial data, and our reputation depends on maintaining client trust. This takes years to build but just seconds to break and we are acutely aware of the responsibility we hold.
How has data security changed in recent years?
Without doubt, the urgency for robust data security has increased, particularly since the global covid-19 pandemic. Lockdown restrictions forced service providers to very quickly implement remote working capabilities, a process which saw an expedited move of data to the cloud.
In cases where speed was perhaps prioritised over security, vulnerabilities emerged, heightening the risk of cyber threats and highlighting the need for robust data security strategies.
The amount of data individuals share online has also impacted data security in recent years. People often unknowingly share personal data when using online services, with companies sometimes selling this information without full disclosure, leading to loss of control.
Personal data can be resold over and over, spreading across various platforms without the consent of the owner and with far-reaching consequences. Safeguarding data will, in my view, become increasingly important.
How does Saffery Trust protect client data?
Protecting client data requires a combination of multiple moving – and complimentary – parts. We are continually reviewing our processes and technologies to ensure that we are providing the highest levels of protection at every stage.
Some of the ways we protect data are:
- Using encryption at rest. This means that when data is not actively being used, it is stored in a secure, encrypted format. If an unauthorised party were to access this data, it would appear as unintelligible “gobbledygook”.
- Securing data in transit. This is crucial when data is being transmitted online, for example when interacting with online banking services. We use industry-standard encryption to ensure that data cannot be intercepted or viewed during transmission, effectively preventing “man-in-the-middle” attacks. Our cloud security measures involve breaking data into “chunks” as it travels so that, even if a malicious actor were to intercept a few chunks, they would not be able to make sense of the information.
- Advanced endpoint measures. These recognise and stop emerging threats, often before they can cause harm. For instance, our Microsoft security tools provide real-time threat intelligence to identify state-sponsored threat actors and other cyber threats.
- Dark web monitoring. We monitor the dark web – often used for illegal activity – to ensure that none of our data has been compromised. Our use of two-factor authentication means that – even if data were to end up on the dark web – it will be significantly harder for unauthorised users to gain access. We know attackers can use data collected from both the dark and clear web, so we remain proactive in our defence strategies.
What is the biggest challenge in your role?
A significant challenge of data security for Saffery Trust is keeping abreast of the continually changing regulations in each of the regions in which we operate.
The Cayman Islands and Guernsey, for example, have their own laws which are based on UK legislation. Switzerland, on the other hand, has its own take on EU regulations. It is absolutely essential that I remain diligent in understanding new regulations, and their impacts.
For example, a new regulatory framework for AI came into force on 1 August 2024 (the EU AI Act) which, despite being an EU regulation, has a global impact. We are also ensuring compliance with the Digital Operational Resilience Act, which will apply from January 2025. The consequences for failing to understand and comply with regulations such as these can be severe, however I embrace this challenge and ensure that no stone goes unturned.
What do you enjoy most about your role?
At its core, my role is ensuring that Saffery Trust is reaching the highest possible standards in its position as gatekeeper of sensitive information. Knowing that our prominent position within industry, and the assets which we deal with – for example cryptocurrency – increases our risk of being a target for cyber attacks keeps me motivated.
I love the dynamic and challenging nature of threat monitoring. Every suspicious email that comes in presents an opportunity to analyse its origins, assess its legitimacy, and identify potential red flags such as unusual grammar errors. This ‘detective work’ allows me to proactively block potential threats and protect our clients’ data, which is hugely rewarding.
I also find great satisfaction in exploring new technologies and writing policies and procedures that ensure the longevity and robustness of our security measures. These tasks keep me engaged and continuously learning, which I find very fulfilling.
At its core, my role is ensuring that Saffery Trust is reaching the highest possible standards in its position as gatekeeper of sensitive information. Knowing that our prominent position within industry, and the assets which we deal with – for example managing digital assets – increases our risk of being a target for cyber attacks keeps me motivated.
I love the dynamic and challenging nature of threat monitoring. Every suspicious email that comes in presents an opportunity to analyse its origins, assess its legitimacy, and identify potential red flags such as unusual grammatical errors. This ‘detective work’ allows me to proactively block potential threats and protect our clients’ data, which is hugely rewarding.
I also find great satisfaction in exploring new technologies and writing policies and procedures that ensure the longevity and robustness of our security measures. These tasks keep me engaged and continuously learning, which I find very fulfilling.
