​Press Room

CYBER-Security at NFB


Jul 27, 2018

In light of the news around cyber-attacks and the cyber-breach event at Liberty recently, we decided to provide detail to our valued clients, about what we do at NFB to protect personal and investment information.

Below is a number of Frequently Asked Questions which we receive and how we go about aiming to protect information on a day to day basis:
 

1. HOW DOES NFB SECURE MY DATA?

  • Cybersecurity and client protection is critically important to NFB. As such we have a number of layers of security covering all elements of our IT infrastructure. These include Firewalls, network & antivirus security, malware and ransomware protection. Further we ensure regular backups are actioned that should a breach or data loss occur we can seamlessly continue servicing our clients while we address the risk event with the necessary level of focus and attention.
  • We use reputable and recognisable suppliers of IT services including Microsoft, having their own 16 step security cycle, as well as “Elite Wealth” which is our financial planning and data CRM system. Elite Wealth also then have their own security including firewalls, complex password access, daily backups and local servers applying strict restrictions on access.

    Below is a table showing the IT control protection and where it fits into the service we provide:

   CYBER 

  

2. HOW DID "HACKERS" GET ACCESS INTO LIBERTY'S DATABASES AND WHAT HAVE THEY DONE WITH THE INFORMATION?

  • Hackers gained access to a single Liberty email server and accessed confidential Liberty emails. The hackers then threatened to release certain confidential attachments that relate to sensitive company related information like production figures. Liberty have stated to us that no clients with Liberty information have been breached. Liberty further state that their IT system firewalls have been successful in protecting client data. Liberty also state that Blue Print Online (Liberty’s online system that contains policy information and client data) was NOT compromised.
     

 3. IN GENERAL, WHAT CAN "HACKERS" DO WITH INFORMATION THEY STEAL? 

Hackers use the information gained for a variety of reasons including:

  • Use the threat of release or information contamination to extort payment from the impacted party
  • To sell personal & banking information to 3rd parties
  • Release for public consumption & PR impact
     

4. IN LIGHT OF THE LIBERTY BREACH, WHAT DOES NFB DO TO TRY TO ENSURE A SIMILAR THING DOES NOT HAPPEN TO US?

Further to the controls mentioned above, we run simulated exercises of spam and phishing for our staff to ensure that their awareness and vigilance of suspected activities always remains high

  • Our infrastructure is constantly monitored and disaster recovery systems are tested regularly
     

5.  LASTLY, WHAT CAN YOU DO IN YOUR DAY TO DAY LIVES TO MONITOR AND STRENGTHEN YOUR DATA SECURITY?

  • Create a strong password (use of alphanumeric characters and symbols recommended) and ensure that you update your password on a regular basis likely monthly, quarterly or bi-annually depending on the system and access significance.
  • Be aware of fraudulent requests via email as scam emails often look realistic. Be on the lookout for suspicious emails asking for urgent attention; requiring personal information or passwords as well as asking you to click on a link to take you to a website where you did not originate the instruction or request to be taken to.
  • Be aware of fraudulent requests of your personal information via telephone. If you do not know the caller or have initiated the request, be careful in giving your personal, banking or password information over the telephone.
  • Be aware of the use of public/hotspot wi-fi areas as these are not encrypted and vulnerable to viruses and malicious attacks on your device.

We hope to have answered all your pressing questions on IT Security.