COVER STORY nd-user
BREWIN DOLPHIN INVESTS IN THE SECURITY OF ITS CLIENT DATA
As one of the UK ’ s leading wealth managers , Brewin Dolphin recognises the importance of operating with robust technical and physical solutions in place to provide data security for its customers . Simon Mair , Head of Information Security and Data Privacy at Brewin Dolphin , discusses the importance of investing in the protection of client data and tells us about some of the organisation ’ s priorities when planning its security strategy for the year ahead .
Simon Mair , Head of Information Security and Data Privacy at Brewin Dolphin
cCan you explain your role at Brewin Dolphin and the scope of your responsibility ?
As Head of Privacy and Information Security , my primary role is to ensure the security of both our client and company data .
I work closely with the Head of IT Security to identify potential and real threats to the firm and mitigate these where possible .
My team creates the core security policies and ensures that they are effective and relevant to the firm . They also provide governance , guidance and incident support when required .
How important is the protection of client data to your organisation and what security procedures do you have in place to ensure / monitor this ?
The protection of client data is critical to Brewin Dolphin . Our clients trust us with their financial well-being and core to that is the protection of their personal data .
We have robust technical and physical solutions in place to provide data security and while we are confident in these systems and processes , we are regularly testing them and improving them where necessary .
How do you manage the security of a workforce which is split across different locations ?
While the COVID-19 pandemic has presented some challenges to Brewin Dolphin , fortunately , the firm had been through a complete end-user technology refresh prior to 2020 .
During that project , every end-user was issued with their own laptop , enabling them to securely connect to the firm ’ s network . We have a two-pronged approach to security whereby we are able to push vulnerability updates to end-user devices , which works handin-hand with our awareness programme for all staff .
Can you share insight into the typical threats facing an organisation in your industry ?
The threat of ransomware presents our biggest challenge , but as with many organisations , insider threat also has the potential to disrupt the business .
A growing challenge is our relationship with our third-parties , most of whom are not regulated in the same way we are .
What approach do you take to communicating risk and security strategies to the wider C-suite and board ?
The firm has various committees , forums and groups which provide a necessary framework for communication . It is www . intelligentciso . com
51