What cybersecurity risks do financial advisors face?
Samantha Tetrault is a finance and technology writer for Xtiva, an award-winning incentive compensation tool for wealth management firms. In this guest article for WP, she outlines and the cybersecurity risks facing advisors and how they can protect themselves.
It seems like every day there’s another breaking news story featuring yet another big-name business that’s been hacked. Nowadays, we’re facing unprecedented threats when it comes to cybersecurity, and nobody is completely safe.
While it’s easy to say a data breach or cyber attacks will never happen to you, these types of misfortunes do happen to businesses and professionals of all backgrounds every day.
Financial advisors are particularly at risk when it comes to these attacks. Why? Simply put, they handle sensitive financial data, and they don’t always know the best practices when it comes to protecting this data. In this guide, we’ll break down the cybersecurity risks financial advisors are facing in 2019 and beyond so you can start taking preventative action today.
The statistics behind cybersecurity threats
While it’s easy to hide behind your computer and turn a blind eye to cybersecurity, the truth is in the statistics. These risks exist for everyone, not just those big-name businesses you see falling victim on the news. Just look at these eye-opening statistics:
Even more importantly, these risks don’t just affect your clients, they also affect your practice. These types of hacks might not be your fault, but they can do irreparable impact to your reputation. In addition, increasing regulations around data and online privacy are beginning to dictate just how protective you have to be about data. You simply can’t afford to overlook the reality of these threats.
Top cybersecurity threats for financial advisors
Now let’s discuss the real threats. A lot of these you might already be familiar with, but some might surprise you. The more educated you are on the types of threats targeting financial advisors, the better you can protect yourself and your clients.
A phishing scam is a type of online scam where you receive an email that appears to be from a legitimate company or a current service provider. This email will usually ask for personal information, account information, or other data that can be easily stolen.
While this might seem like an obvious scam to spot, it can be trickier than you think. For example, many emails can be spoofed to appear as though they’re coming from a legitimate source (ie. amazon.com, facebook.com, and so on). The term “phishing” is a spin on the word fishing since online criminals lure you with a realistic email hoping you’ll take the bait.
A ransomware attack is when hackers access your data and essentially hold it hostage until you pay a ransom. For financial practice owners, this could mean having to make a choice between losing valuable data and paying a large ransom. These attacks usually take place via a phishing email, and they’re something nobody ever wants to deal with.
Another common type of attack is known as malware. This is malicious software that’s designed to breach information from your system. You usually install malware by accident, such as by clicking on suspicious links or email attachment. Malware can do a lot of things like install other malware, copy data, destroy your computer system, or block your network.
Finally, a man-in-the-middle attack (MITM) is when an attacker intercepts messages between two online parties who believe to be interacting with each other. It can eavesdrop on information, manipulate data, and wreak havoc on your system.
These attacks can come in two forms: one that needs physical proximity and another that needs software. With the physical proximity attack, an attacker gains access to your device through unsecure wi-fi (like at your local coffee shop). From there, they can deploy tools to read your transmitted data, like bank information. The other type of attack works in a similar way, but instead it uses malware to access your browser data.
How to protect yourself online as a financial advisor
It’s no denying that these types of attacks and cyber scams are intimidating. However, it’s important to remember that 90% of all cyber attacks are the result of human error. That means these attacks are successful only because they know professionals are prone to making mistakes when it comes to their online privacy and data.
Now that you know about these attacks, you can be more critical about how you share information online. It always pays to brush up on online safety tips. Here are some best-practices specifically for financial advisors:
- Enforce strong security policies - build strong policies and tools into your business. Using safety measures like encrypting your website and using a secure email provider will limit your exposure to hackers.
- Double check your inbox - always double check that emails are coming from who they say they are. Even if the email says it’s from a trusted provider, always double check to ensure the email address hasn’t been spoofed.
- Never enter your information unsolicited - no legitimate service provider will ask for your password, bank information, or personal information unsolicited. If you’re not sure whether a request for information is legitimate, contact the company directly to confirm.
- Secure your password - if you’re using the same password everywhere, it’s time for a change. While it might seem harmless, you want to make sure your actions difficult to predict online. Getting into the habit of using a strong, secure password and changing it regularly is a smart idea.
- Use a VPN - a VPN is a Virtual Private Network, and it’s a safe way to browse the internet if you’re not sure about how secure a wi-fi network is. When you use a VPN to browse at your local coffee shop, you don’t have to worry about any middlemen grabbing your information.
- Stay educated - make a commitment to staying educated about the growing cybersecurity threats facing financial professionals today. The more you know, the less of a target you become.
A new world of online threats
We’re officially in a new era of online threats. As we approach 2020, these threats will only rise in number. In the meantime, the best path for financial advisors to take is to educate themselves and their clients. Understanding the risks, however, is only the first step. The next step is to start taking preventative action.
Making yourself less of a target will go a long way towards ensuring you’re safe from attack. Whether you have an in-house cybersecurity expert to turn to or you create your own strategy, make sure you’re committed to keeping your practice and your clients safe. A little bit of prevention now will save you a lot of stress (and money) in the future.