Trusted client relationships target for hackers in advice firms



With the financial services industry being 300 times more likely to experience a cyber attack, financial advice firms are urged to consider the volume of client information they hold and how it can be safeguarded.
Fraser Jack, founder of the Cyber Collective, recently spoke at the Institute of Managed Account Professionals (IMAP) Virtual InvestTech conference.
In order for advice practices to implement cyber security measures, Jack said they needed to re-evaluate how cyber criminals attacked advice models.
“What underpins the advice relationship is ‘trust’. The client is trusting you with their personal and private information,” Jack said.
Hackers would look to infiltrate this relationship by pretending to be the client or the adviser.
Therefore, he recommended advisers have discussions with clients regarding how they feel about the firm holding their sensitive information.
“Consumers expect their data to be stored safely and securely, and when a breach happens, they want to know about it quickly,” Jack continued.
Adding in extra security steps, such as introducing a multi-factor authentication (MFA) system or using a password manager, could make clients feel more confident in their adviser.
“Clients are hearing a lot in the media about cyber breaches and are likely to be fearful about the possibility of their identities and personal information being stolen. Clients are justifiably nervous.
“It’s important for advisers to get on the front foot and educate their clients about the cyber security in place to protect their data.”
Moreover, Jack shared that about 80% of cyber issues were related to variable risks. These were the result of human communication errors between advisers and clients through emails, phone calls, or text messages.
To mitigate these vulnerabilities from being attacked, the cyber professional urged for employees to receive ongoing training and awareness with cyber security.
“Cyber security is definitely a team sport. My advice for practices is to have a cyber champion in your business. Run cyber drills, and ensure that everybody within the business knows who to contact regarding cyber security.”
In addition, conducting regular vulnerability testing and audits of technology systems, such as phishing emails, were highly encouraged.
Earlier this week, super fund NGS Super announced it had been vulnerable to a cyber attack but no super savings had been affected.
Recommended for you
Net cash flow on AMP’s platforms saw a substantial jump in the last quarter to $740 million, while its new digital advice offering boosted flows to superannuation and investment.
Insignia Financial has provided an update on the status of its private equity bidders as an initial six-week due diligence period comes to an end.
A judge has detailed how individuals lent as much as $1.1 million each to former financial adviser Anthony Del Vecchio, only learning when they contacted his employer that nothing had ever been invested.
Having rejected the possibility of an IPO, Mason Stevens’ CEO details why the wealth platform went down the PE route and how it intends to accelerate its growth ambitions in financial advice.