Cyber Security and Your Investments: How We and Our Platforms Protect Your Money and Data

By Julie Harris, May 2025

Recent high-profile cyberattacks on major UK retailers like M&S and Harrods have brought digital security into sharp focus. As your financial advisers, safeguarding your personal data and investments is not just a priority-it’s a fundamental responsibility. That’s why we conduct rigorous due diligence on the investment platforms we recommend. Here’s how Transact and Fundment, the platforms we use, protect your assets and information from cyber threats.

Why Cyber Security Matters More Than Ever

Imagine your investments as a house filled with valuables. In today’s digital world, cybercriminals are constantly testing the locks and windows, searching for a way in. The recent attacks on M&S and others show that even the biggest names can be targeted, causing weeks of disruption, financial loss, and stress for customers and staff alike. The lesson is clear: robust cyber security is as essential as a strong front door and a vigilant alarm system.

How Transact Protects You

1. Multi-Layered Security-A Digital Fortress

Transact employs a range of security measures, much like layers of defences around a castle:

Secure Access: Only you, your adviser, and authorised third parties can access your account. Multi-factor authentication (MFA) acts as a drawbridge, requiring more than just a password to enter.
Encryption: All data between your browser and Transact’s servers is encrypted using Secure Sockets Layer (SSL), making it unreadable to anyone intercepting it-think of it as sending your information in a locked, tamper-proof box.
Authorised Custodian: Your investments are held securely by Transact’s in-house, FCA-authorised custodian, keeping client assets separate and protected.

2. Vigilance and Best Practice

National Cyber Security Centre Protocols: Transact follows UK government best practice for cyber security, regularly updating its defences against new threats.
Fraud Prevention: Any unusual requests-like changes to bank details-are double-checked, often with a verbal confirmation, to prevent impersonation and fraud.
Staff Access Controls: Permissions are actively managed, with immediate removal of access for leavers, reducing the risk of insider threats1.

3. Client Empowerment

Alerts and Notifications: You receive alerts for account activity, helping you spot any suspicious behaviour quickly.
Security Education: Transact provides guidance on password management and how to spot phishing attempts, empowering you to be the first line of defence.

How Fundment Keeps Your Data and Money Safe

1. Segregation and Protection-Your Money in a Safe Deposit Box

Client Money Segregation: All client money is held on trust with major UK banks (like HSBC), completely separate from Fundment’s own funds. This legal ring-fencing means your money cannot be touched by Fundment’s creditors, even if the company faces difficulties.
Asset Protection: Investments like unit trusts and OEICs are held by independent trustees or depositaries, adding another layer of protection.

2. Advanced Technology and Data Security

256-bit SSL Encryption: Fundment uses bank-grade encryption for all data transmissions. Picture this as sending your information through an impenetrable tunnel.
Firewalls and Secure Facilities: Data is stored in secure UK-based data centres, protected by monitored firewalls and strict access controls-like having your valuables stored in a high-security vault.

3. Regulatory Compliance and Business Continuity

FCA and HMRC Authorisation: Fundment is regulated by the Financial Conduct Authority and complies with all relevant UK data protection laws, ensuring your rights and privacy are protected.
Disaster Recovery Plans: Fundment maintains robust business continuity and disaster recovery plans, tested regularly to ensure services can continue even in the face of major incidents-unlike the chaos seen in recent retail breaches.

4. Transparency and Client Control

Client Portal: You have direct access to your account information, with the ability to control access levels and view all activity, giving you visibility and peace of mind.
Strict Data Handling: Fundment never shares your personal data unless required for regulatory or operational reasons, and retains it only as long as necessary.

Lessons from Recent Attacks: Why Rigorous Security Matters

The M&S cyberattack, believed to be the work of the Scattered Spider hacking group, caused weeks of disruption and significant financial loss, highlighting the real-world impact of cybercrime. Unlike some organisations caught unprepared, both Transact and Fundment have robust, tested plans in place to respond to cyber incidents, ensuring continuity and the protection of your assets.

What You Can Do: The Human Firewall

Even the best security systems rely on people to work effectively. Here’s how you can help:

Use strong, unique passwords and enable two-step verification on your accounts.
Be cautious with emails and requests for personal information-if something feels off, check with us directly.
Keep your contact details up to date so you never miss important notifications.

In Summary

Think of cyber security as both a moat and a watchtower: it keeps the bad actors out and alerts you to any suspicious activity. At OAK FOUR, we take your security seriously, partnering only with platforms that meet the highest standards. Transact and Fundment are committed to keeping your data and investments safe, so you can focus on what matters most-your financial future.