Cyber threats are evolving, and businesses must stay ahead. Sarah Coles, Parmenion’s Head of Cyber & Resilience, reviews recent cybersecurity risks - including malware vulnerabilities, insider threats, and phishing scams - and shares essential steps to stay protected.
7-Zip critical security flaw
A serious vulnerability in 7-Zip, a popular file compression tool, is allowing attackers to bypass Windows security protocols, exposing financial advisers and businesses to malware. The flaw affects how Windows marks internet-downloaded files, making malicious files appear safe.
Protect your client data and business
✅ Update 7-Zip immediately – install the latest patched software version of 7-Zip. Remember, 7-Zip doesn’t offer automated updates, so you must manually install the updates.
✅ Beware fake updates – cybercriminals may distribute fake versions of 7-Zip. Only download updates from the official website.
British Museum hit by cyber-attack from a former employee
The British Museum's IT systems were sabotaged by a disgruntled ex-employee, forcing exhibition closures. This incident highlights the risks of insider threats, posed by former staff retaining access to critical systems, particularly for financial firms who handle sensitive client data.
Prevent insider security breaches
✅ Revoke employee access – disable all accounts, cloud logins, office keycards and alarm codes as soon as an employee leaves.
✅ Strengthen access controls – regularly audit user permissions to ensure access is restricted to necessary areas only.
Don’t wait for a security breach to discover ex-employees still have access to critical systems. Revoke access before they leave.
Hackers posing as Microsoft Teams tech support
Cybercriminals are now posing as fake MS Teams support agents, tricking users into downloading malicious software - leading to ransomware attacks and making MS Teams a prime target for phishing scams.
Phishing threats are no longer limited to email attacks. By exploiting trust in internal communication tools, hackers convince users to download harmful files, potentially compromising entire systems.
How to stay protected
✅ Boost staff awareness – regular cybersecurity training and phishing simulations can help your employees avoid threats.
✅ Limit external Teams access – consider disabling access to external contacts through Teams to reduce exposure to phishing attacks.
Windows 10 users urged to upgrade
With Windows 10 heading for retirement and support ending in October 2025, your firm will no longer receive security updates, making it vulnerable to cyber threats.
How to upgrade safely and stay secure
✅ Upgrade to Windows 11 now – Microsoft offers free upgrades for most users. Act before Windows 10 expires and support ends.
✅ Consider extended security updates (ESU) – if you can’t upgrade now, explore Microsoft’s ESU programme to continue receiving critical security patches.
Never miss an update
The cyber landscape is constantly evolving, staying informed and proactive can help businesses mitigate risks.
Sign up to our fortnightly 'Adviser Insight' newsletter for expert insights - use the 'Sign up' button on the left-hand side to receive our updates.
This article is for financial professionals only. Any information contained within is of a general nature and should not be construed as a form of personal recommendation or financial advice. Nor is the information to be considered an offer or solicitation to deal in any financial instrument or to engage in any investment service or activity.
Parmenion accepts no duty of care or liability for loss arising from any person acting, or refraining from acting, as a result of any information contained within this article. All investment carries risk. The value of investments, and the income from them, can go down as well as up and investors may get back less than they put in. Past performance is not a reliable indicator of future returns.
