Safeguarding client data
1. Craigs conducts regular cyber security audits with an independent cyber security company to check that our security controls are effective.
2. KPMG undertake an annual internal controls audit across key Craigs systems and platforms to ensure we are following industry best practice.
3. Craigs has an independent specialist cyber security partner who work with us to ensure our policies, procedures, prevention and detection mechanisms are best practice and effective. These mechanisms include enterprise grade Firewalls and Intrusion detection tools
Protecting your information
Cyber fraud poses a significant risk, specifically affecting instructions to transfer funds to a bank account unknown to us. That is why it is important to be vigilant and stay aware and we encourage clients to protect themselves from scams and fraud.
Craigs will never send an email instructing you to change your bank account details or notify you of any change to our bank details.
If you receive an email that appears to be sent from someone from Craigs Investment Partners notifying you that we have changed our bank details or asking you to do something out of the ordinary, it is very likely to be from a fraudster. Do not reply to the email. Do not click on any links or attachments that may be included in the email.
If you are concerned about any suspicious emails you may receive or are ever in doubt, please phone your Craigs Investment Adviser as soon as possible, either using a direct dial number known to you or 0800 272 442. Do not phone any numbers included in a suspicious email.
If you have any concerns that your email or other personal information has been compromised, please contact your information provider immediately.
Outlined below are some tips on how to keep safe and protect yourself from cyber-criminal activity, if you wish to discuss further please speak with your adviser:
- Set unique passwords for each site. If passwords are used across sites, a hacker only has to compromise it once and they can access all of your logins. Change your passwords regularly.
- Do not save passwords to your web browser, it is better to use a password tool for this.
- Make passwords hard to guess; don’t use things like names, pet’s names, or addresses. The longer your password is, the stronger it will be. Try using a phrase, like the lyrics to your favourite song.
- Do not access secure websites such as banks or the Craigs Investment Partners client portal, from public computers (e.g. libraries, internet cafes).
- Don’t give out your account details unless you made the phone call and trust the number and recipient of that call.
- Log directly onto websites by typing the address in the address bar. Do not click on any logon links in emails or text messages or from senders you don’t know.
- Never provide or confirm your credit card details, log-in details or two factor authentication codes, through a link in an email or text message, or in response to a phone call you’ve received out of the blue.
- Keep your identity information safe, and only reveal this to trusted sources, for example date of birth, driver licence, passport details. Before divulging that information, ensure they will protect it.
- Check your statements and alert your provider if anything is amiss.
- Investment offers that are too good to be true or don’t add up are red-flags, as are calls, emails or text messages needing urgent action.
- Keep your devices operating systems, apps and anti-virus software up to date. Make sure all your devices are protected with a PIN, password or biometric (fingerprint, face or voice).
- Have back-ups of your important items such as photos and documents and store this somewhere else such as a separate hard drive or online. This will help you recover if you do get compromised and safeguards those important artifacts.