Hackers deliberately target smaller firms that perform tasks for large financial corporations, knowing that they probably hold important client data with fewer IT safeguards. What should a large private bank do?

Merill Lynch said last June that it was evaluating cyber-security precautions at the law firms that it uses for various tasks. This shows the extent to which the big banks are prepared to go to make sure that data about clients is secure.

Law firms are now seen as the "soft underbelly" of larger firms and therefore a prime target for hackers. Larry Ponemon, the founder of the Ponemon Institute, said recently: “Firms should be more rigorous in evaluating vendors and clients. An insecure vendor puts the organisation at risk of being sued. Law and accounting firms are notoriously poor. They often hold supplementary material that is not protected and have fewer controls in place.”

For all the genius that hackers display, however, firms can prevent attacks in many ways that involve the removal of basic human error. These include stopping unauthorised people from entering the premises, stopping people from accidentally sending confidential information to the wrong email addresses, and stopping people from transferring important documents to their personal laptops with a view to working remotely.

Insider-dealing

Security and data breaches can also take place from within the firm itself, mostly on the part of dishonest employees on the lookout for compact discs or paper documents. In 2012 an office worker called Lutz Otte stole 2,700 German clients' records from Julius Baer's internal systems. He received a partially suspended three-year prison sentence in August 2013.

It was not the first time that Julius Baer had been stung. In 2011, a former employee called Rudolf Elmer was arrested for handing over disks to WikiLeaks that contained data on private banks in Switzerland and their clients. He was tried in that same year but walked free in July despite his threats against the bank and its employees.

Firms outside the financial sector have also been victims. In June 2014 hackers demanded a ransom of £24,000 from Domino's Pizza after stealing personal data on more than 600,000 of its French and Belgian customers. The hackers, a group calling themselves Rex Mundi, posted a sample of the stolen user data alongside the ransom threat. Domino’s said at the time that it would not pay up.

Social problems

The modern temptation for individuals to share mountains of personal detail on websites such as Facebook, Twitter and LinkedIn can also cause problems. Financial firms should also be wary about how much information is moved to the cloud or storage websites such as Dropbox. Larry Ponemon commented: “Dropbox isn’t for everything. Certainly not for trade secrets. However, employers want employees to work with devices they feel familiar with and pick the tools they like. You can no longer tell everyone they must have a Blackberry. There is no fighting against increased productivity.”

Experts say pin codes and passwords should also be changed on a regular basis. A recent study found that 85% of Singaporeans use the same pin for all their cards and phones. Mark Hall at EnjoyCompare.com, a financial services website, said: "All it takes is an observant criminal to watch you unlocking your mobile device and there's every chance he's got your bank number as well. Then it's a case of a well-timed pickpocketing or purse snatch, and you're in real trouble."

Early days

Yet cybercrime is still in its infancy and wealth management chief executives admit learning to combat the problem is a continuing process with few definitive answers. The starkest reminder of this took place last June in Canada, where two 14-year-olds succeeded in hacking into a Bank of Montreal ATM cash machine during their school lunch break - simply by reading an operator's manual online and typing in the default administrator password. Surprised by their success, the boys immediately went to the nearest branch of the Bank of Montreal to alert the bank about its security problem. The bank did not believe them at first but their service to banking has now been acknowledged.