Could a PlayStation-like data breach hit IFAs?

The recent major security breach at Sony, which saw hackers steal the personal data of millions of PlayStation Network users, once again demonstrated the risk of losing data online.

While the names and email addresses of around 100 million PlayStation Network and Sony Online Entertainment users were stolen, around 10,700 European customers also saw their debit card details taken.

Of course, small businesses and individuals are repeatedly told of the precautions they need to take to protect their data and that of their clients.

However, with increasing number of IFAs using platforms and web-based back office solutions, this data is sometimes in the hands of other companies, who they need to trust.

So what are the dangers for IFAs and what are the major technology providers doing to ensure everyone's security?

Getting into the mind of a hacker

At IntelliFlo, security issues are taken extremely seriously, and chief executive Nick Eatock explained how the firm conducts penetration tests, where professional hackers are hired to test systems.

He said: "They do it in a way so it doesn't interfere with the performance or running of the system and they won't steal anything, but they use the same techniques that real, malicious hackers would use to try and get into your systems.

"We do those tests on a regular basis and if they find any weaknesses, we address them."

Encrypt it

Meanwhile, Ann Dempster, managing director of Plum Software (pictured), highlighted the importance of keeping data in secure data centres and pointed out her firm has its own private facility.

She said: "Everything that's here is very highly encrypted and secure. Nothing gets exported onto the world wide web."

"We've got a private cloud so all the data's here and it's a high security area.

"Some of the software houses are sharing large databases and I seriously that makes it very vulnerable to hacking."

She is also concerned many advisers are using free software, often without understanding the vulnerabilities they may be opening themselves up to, a point repeated by Eatock.

Furthermore, she warned advisers with networks they might not be able to retrieve data they have put on web-based software provided to them if they ever leave.

No time for panic

Of course, an organisation such as Sony operates in a completely different arena and Mark Loosmore of AT8 Group believes the contrasting culture between consumer operations such as the electronic giant and financial services business affects their focus on security.

He said: "Financial services firms are far more used to dealing with sensitive data over many years than consumer organisations such as Sony.

"They need to look at the scale of the hosting companies and make sure they've got robustness to their process.

"There are different scale issues for Sony to keep 75 million consumer records safe when they've not really had a mindset of doing it.

"I don't think people should panic."

He added advisers should carry out high levels of due diligence when choosing their technology solutions, just as they would do in other areas of their business."

Standard Life head of security and continuity John Whitehall stressed the way regulatory burdens keep them on their toes.

He said: "Standard Life, like any other financial services company, has regulatory and legal responsibilities, whether it's driven by the FSA or the Information Commissioner's Office.

"We have a need to demonstrate and assure ourselves in all kinds of ways, whether it's setting out our security policy standards or measures that we use and a big part of that is training and awareness of our staff.

"One solution is not going to meet the needs: you really need protection in depth and layered protection is how we go about these things."

It remains unclear exactly who was behind the attack on Sony, and whether the intention was to steal and use the data or simply make a point.

Either way, it has had a serious impact on the Japanese firm and put a significant mark on its reputation, sending out a message that anyone could be a victim.