Licensees should take ownership for cyber security
Financial adviser licensees should take ownership of their organisation’s cyber security as the Australian Securities and Investment Commission (ASIC) are targeting negligent directors who outsource responsibility to information technology departments, according to Cyber Audit Team.
Speaking at a Profession of Independent Financial Advisers (PIFA) webinar, Damian Seaton, founder of Cyber Audit Team, said directors were personally liable for cyber attacks within their business under section 180 of the Corporations Act and that enforcement was on the rise.
“No longer can we just say cybersecurity sits with my information technology manager or provider, we have to take responsibility for this, and we need to ensure that we’ve got the right controls and mechanisms in place,” Seaton said.
“The information that you hold on your customers is highly valuable and the criminals know that the majority of smaller business aren’t protected very well.”
According to Boston Consulting Group, financial firms are 300 times more likely to be hit by cyber attacks compared to other companies.
And practices that had no cybersecurity strategies had a 90% chance of experiencing a cyber attack, according to Seaton.
Seaton said criminals rely on the assumption that small businesses had not received cyber security awareness training, had directors with dismissive cyber security attitudes and staff with poor password hygiene practices.
“That means… you’re using the same password on your Facebook or your social media as you do with your Woolworths Rewards as you do with your Microsoft Office 365 account and if you are one of those people doing that, then you must invest in an [affordable] password manager,” Seaton said.
He said the use of password managers and two factor authentication prevented unsophisticated cyberattacks by 8%.
Seaton’s six steps to mitigate breaches were to assess cybersecurity blind spots, educate staff, document cyber security policies, seek independent assessments, have monitoring processes in place and conduct penetration tests.
AUTHOR
Liam Cormican
Recommended for you
The FSCP has announced its latest verdict, suspending an adviser’s registration for failing to comply with his obligations when providing advice to three clients.
Having sold Madison to Infocus earlier this year, Clime has now set up a new financial advice licensee with eight advisers.
With licensees such as Insignia looking to AI for advice efficiencies, they are being urged to write clear AI policies as soon as possible to prevent a “Wild West” of providers being used by their practices.
Iress has revealed the number of clients per adviser that top advice firms serve, as well as how many client meetings they conduct each week.
