Wealth managers come under attack so we speak to industry expert to find out how you can protect your business
Seventy four per cent of financial advisors have been the target of a cyber attack.
That is the attention-grabbing statistic from a recent Securities and Exchange Commission (SEC) examination with cyber security now listed as a top priority in its 2016 Examinations Priorities notice. Indeed the Financial Industry Regulatory Authority (FINRA) also identified cyber security as a priority in terms of risk management, controls and supervision.
In its letter, back on January 05, it stated: “FINRA will review firms’ approaches to cybersecurity risk management, and depending on a firm’s business and risk profile, we will examine one or more of the following topics: governance, risk assessment, technical controls, incident response, vendor management, data loss prevention and staff training.”
There are many threats related to downloading files, sharing computers and making use of mobile devices. So what can be done to protect your business – and your clients – from hack attacks? Wealth Professional spoke to Taylor Boivin, community leader at Advisor Websites, to get some tips.
“To protect yourself, your website and your clients there are a few steps you can take,” she said.
“First, never collect any sensitive information over your website unless you are using an encrypted webform service or SSL Certificate. While it might seem like a good idea to get as much information as possible from a prospect as possible, if you are using an unsecured medium for that collection, you are essentially putting that information up for grabs online. Stick to basic, already publicly available information like name, email and phone number and stay away from personal information like SIN or credit card details. The same goes for file sharing. Be sure to use a secure service for the transfer of any sensitive files over your website.”
In fact, Boivin believes that the simplest solution is to avoid collecting any precious data information via your website at all.
“The simplest way to put it is, if there is nothing worth hacking on your website, no-one will hack it,” she said. “Those who target websites and aim to steal information are looking for specific information they can use to do things like access bank accounts or steal identities. If you don’t offer up any of that information by collecting it over your website, hackers will move on.”
It’s not just via your website that you need to be cautious, however. One recent hot issue relates to wire fraud with thieves contacting advisors and pretending they are clients on vacation. They then say they have been robbed and request immediate wire transfers. This is all possible because fraudsters are able to hack into clients’ email accounts and use their sent email lists to find financial information. Michael Kitces, direct of Pinnacle Advisory Group, suggests that financial advisors inform their clients that if they ever require a wire transfer they will always call to confirm.
In order to fight back against potential hack attacks, some additional potential tips include: obtaining cyber security insurance, addressing screen sharing protocols, compiling a list of vendors that have confidential client data and ensuring they have security programs in place, and making sure lost laptops or phones are included as potential breaches of policy and attestation.
That is the attention-grabbing statistic from a recent Securities and Exchange Commission (SEC) examination with cyber security now listed as a top priority in its 2016 Examinations Priorities notice. Indeed the Financial Industry Regulatory Authority (FINRA) also identified cyber security as a priority in terms of risk management, controls and supervision.
In its letter, back on January 05, it stated: “FINRA will review firms’ approaches to cybersecurity risk management, and depending on a firm’s business and risk profile, we will examine one or more of the following topics: governance, risk assessment, technical controls, incident response, vendor management, data loss prevention and staff training.”
There are many threats related to downloading files, sharing computers and making use of mobile devices. So what can be done to protect your business – and your clients – from hack attacks? Wealth Professional spoke to Taylor Boivin, community leader at Advisor Websites, to get some tips.
“To protect yourself, your website and your clients there are a few steps you can take,” she said.
“First, never collect any sensitive information over your website unless you are using an encrypted webform service or SSL Certificate. While it might seem like a good idea to get as much information as possible from a prospect as possible, if you are using an unsecured medium for that collection, you are essentially putting that information up for grabs online. Stick to basic, already publicly available information like name, email and phone number and stay away from personal information like SIN or credit card details. The same goes for file sharing. Be sure to use a secure service for the transfer of any sensitive files over your website.”
In fact, Boivin believes that the simplest solution is to avoid collecting any precious data information via your website at all.
“The simplest way to put it is, if there is nothing worth hacking on your website, no-one will hack it,” she said. “Those who target websites and aim to steal information are looking for specific information they can use to do things like access bank accounts or steal identities. If you don’t offer up any of that information by collecting it over your website, hackers will move on.”
It’s not just via your website that you need to be cautious, however. One recent hot issue relates to wire fraud with thieves contacting advisors and pretending they are clients on vacation. They then say they have been robbed and request immediate wire transfers. This is all possible because fraudsters are able to hack into clients’ email accounts and use their sent email lists to find financial information. Michael Kitces, direct of Pinnacle Advisory Group, suggests that financial advisors inform their clients that if they ever require a wire transfer they will always call to confirm.
In order to fight back against potential hack attacks, some additional potential tips include: obtaining cyber security insurance, addressing screen sharing protocols, compiling a list of vendors that have confidential client data and ensuring they have security programs in place, and making sure lost laptops or phones are included as potential breaches of policy and attestation.