UK NCSC publishes advice for high risk users

The UK National Cyber Security Centre has published guidance for high risk users on how to protect themselves from directed attacks. We think this provides good advice to our users who, for financial reasons, may be the subject of a targetted attack and have added our own points below.

The UK NCSC has published a guide for what they describe as a high risk individual. The NCSC definition of a high risk individual is:

In a cyber security context, you are considered a high-risk individual if your work or public status means you have access to, or influence over, sensitive information that could be of interest to nation state actors.

High-risk individuals include those working in political life (including elected representatives, candidates, activists and staffers), academia, journalism and the legal sector.


Although this is a natural definition for the NCSC who have a specific focus on state-level cybersecurity, we have seen a rise in attacks on investors with significant financial resources in recent times. These attacks are a specific type of phishing attack called a spearphish attack – a targetted attack tailored specifically to try and convince you to engage. As a result, we think it’s prudent that our customers take action to protect their accounts – not only on our platform, but with every online service that you use. You should take special care with services that are gatekeepers to other services – such as online email accounts which can be used to send communications to third parties pretending to be you.

Our platform provides a range of security features for you already and we encourage you to make use of these. The NCSC guidelines specifically mention the following steps which we’ve hilighted how to achieve that in our platform.

Use strong passwords

Your password should be a secret between you and our platform and you should not communicate this to any third party. You can reset your password at any time using the “Forgot my password” link on the login page. We don’t place any restrictions on passwords so they can be as long or as complex as you want. We, and the NCSC, strongly recommend the use of multi-word passwords which are very strong, can be completely unique and difficult to guess. We also both recommend the user of password managers which can help you ensure that you use complex passwords for every website and don’t share passwords.

Two-step verification (or multi-factor authentication)

Multi-factor authentication (MFA) is a method where you use an app on your phone to generate a constantly changing and short-lived code to augment your password. Since the mathematical calculations required to break the code are unfeasibly complex, this essentialy turns your mobile phone into an additional “factor” which is considered during login. Simply put, when you log in, the platform will ask you for the code which the mobile app provides. Without your mobile app, even if an attacker is able to gain your password, nobody can log in. Setting up MFA on your GrowthInvest account is simple: On the selector menu in the top right corner, click Settings. At the top of your profile page, click the Setup MFA button. This will trigger an email to your registered email account which will start the MFA enrollment process.

Once you have MFA enabled you’ll need the code every time you try to log in. If you lose the code, you will be unable to log in without resetting all of your security credentials using the Forgot my password link on the login page.

Protecting your devices

Your laptop, computer, table and mobile are all key devices that hold huge amounts of personal information. With MFA enabled, your mobile phone becomes a critical part of your security. You should always look to keep your devices secure and updated with the latest updates to protect you from attacks.

Suspicious activity

If you suspect suspicious activity on your GrowthInvest account or the email account which you use for your GrowthInvest access, you should contact us and let us know so that we can check your account and confirm your recent activity with you. We will never ask you for your password and will always confirm fund transfers with you before taking action and then only to bank accounts which have been registered and verified on the platform.

Scroll to Top

Market Download Subscribe

The market download is a regular weekly newsletter for financial advisers, wealth managers and industry contacts. If you would like to receive it, please submit a subscription request below, and our team will review and come back to you with any questions. Please note this newsletter is only intended for industry professionals and connected parties.

Global Returns Project: Find Out More or Make A Donation

Please fill in the details below to find out more or to enquire about making a donation to the Global Returns Project.

Download Request​

Please provide your details in order to download this document.

Download Request​

Please provide your details in order to download this document.

Download Request

Please provide your details in order to download this document.

Download Requests

Please provide your details in order to download this document.

Arrange a Demonstration

Please provide as many details as you can and we will get back to you very soon to arrange the demonstration with you.

Sign Up to GrowthInvest

Thank you for signing up for GrowthInvest. Please provide as many details as possible so we can configure your account appropriately.

Message Us or Register Interest

If you would like to leave us a message or register your interest in the GrowthInvest platform, please leave a few details outlining how we can help and we will get back to you very soon.

Message Sent

Thanks for your message. We will be in touch soon.