The UK NCSC has published a guide for what they describe as a high risk individual. The NCSC definition of a high risk individual is:
In a cyber security context, you are considered a high-risk individual if your work or public status means you have access to, or influence over, sensitive information that could be of interest to nation state actors.
High-risk individuals include those working in political life (including elected representatives, candidates, activists and staffers), academia, journalism and the legal sector.
NCSC
Although this is a natural definition for the NCSC who have a specific focus on state-level cybersecurity, we have seen a rise in attacks on investors with significant financial resources in recent times. These attacks are a specific type of phishing attack called a spearphish attack – a targetted attack tailored specifically to try and convince you to engage. As a result, we think it’s prudent that our customers take action to protect their accounts – not only on our platform, but with every online service that you use. You should take special care with services that are gatekeepers to other services – such as online email accounts which can be used to send communications to third parties pretending to be you.
Our platform provides a range of security features for you already and we encourage you to make use of these. The NCSC guidelines specifically mention the following steps which we’ve hilighted how to achieve that in our platform.
Use strong passwords
Your password should be a secret between you and our platform and you should not communicate this to any third party. You can reset your password at any time using the “Forgot my password” link on the login page. We don’t place any restrictions on passwords so they can be as long or as complex as you want. We, and the NCSC, strongly recommend the use of multi-word passwords which are very strong, can be completely unique and difficult to guess. We also both recommend the user of password managers which can help you ensure that you use complex passwords for every website and don’t share passwords.
Two-step verification (or multi-factor authentication)
Multi-factor authentication (MFA) is a method where you use an app on your phone to generate a constantly changing and short-lived code to augment your password. Since the mathematical calculations required to break the code are unfeasibly complex, this essentialy turns your mobile phone into an additional “factor” which is considered during login. Simply put, when you log in, the platform will ask you for the code which the mobile app provides. Without your mobile app, even if an attacker is able to gain your password, nobody can log in. Setting up MFA on your GrowthInvest account is simple: On the selector menu in the top right corner, click Settings. At the top of your profile page, click the Setup MFA button. This will trigger an email to your registered email account which will start the MFA enrollment process.
Once you have MFA enabled you’ll need the code every time you try to log in. If you lose the code, you will be unable to log in without resetting all of your security credentials using the Forgot my password link on the login page.
Protecting your devices
Your laptop, computer, table and mobile are all key devices that hold huge amounts of personal information. With MFA enabled, your mobile phone becomes a critical part of your security. You should always look to keep your devices secure and updated with the latest updates to protect you from attacks.
Suspicious activity
If you suspect suspicious activity on your GrowthInvest account or the email account which you use for your GrowthInvest access, you should contact us and let us know so that we can check your account and confirm your recent activity with you. We will never ask you for your password and will always confirm fund transfers with you before taking action and then only to bank accounts which have been registered and verified on the platform.