Cyber attacks aren’t just for big-name businesses. Cybersecurity threats affect all businesses, big and small. If you’re a financial advisor, you need to pay close attention to how you handle sensitive financial information.
Protecting your information and your clients’ information has never been more important. According to a recent survey from the Investment Advisors Association, cybersecurity is the biggest compliance concern amongst firms. A startling 83% of respondents named this threat as the most important issue for 2019. With news of the latest security breaches popping up every day, now is the time to prepare. Here are the top cybersecurity threats facing financial advisors in 2020 as well as what to do about them.
Why Do criminals target financial advisors?
Why do criminals target financial advisors instead of other service providers? Simply put, they’re following the money. Thieves are always on the lookout for ways to score big from their attacks, and financial advisors are a potential goldmine of data.
Another reason digital criminals target advisors is because of the prevalence of technology. Using the latest tech and communication tools is the new normal in this industry. While these wealthtech trends are outstanding resources when used properly, they can also become a weapon if you’re not careful. Luckily, a bit of education goes a long way.
1. Phishing Emails
The biggest threat is also the simplest: phishing emails. A phishing email is a fraudulent email that pretends to be a company or client in order to reveal personal information. The name itself comes from the visual of “fishing” for data through an email. While email can be a powerful tool, they come with risks if you’re not careful.
How to protect yourself: There’s not much you can do to stop these phishing emails from reaching your inbox. However, you can learn how to spot them. Look for any signs that an email has been faked, such as typos or a confusing email address. No service would ever ask for sensitive information over email. When in doubt, pick up the phone to confirm an individual or company’s identity.
2. Man-in-the-middle attacks
A man-in-the-middle attack is when someone gains access to your system or data through a public network. These leave your information and clients’ information vulnerable. While you don’t have to worry about this as long as you’re using a trusted, secure network, these attacks are very real on public wifi.
While remote working is common, especially today, be careful. Your favorite coffee shop’s wifi is not secure, and your information might be at risk.
How to protect yourself: If you’re using a public wifi network, invest in a Virtual Private Network (VMP). This allows you access to a secure network no matter where you are in the world.
Ransomware is a type of malware (malicious software) that tries to scramble your data to extort a ransom from you. You can get ransomware through malicious emails or websites. You might not even know you’ve picked up ransomware until it’s too late.
How to protect yourself: Never click on any unfamiliar, suspicious links, particularly in emails. In addition, install and maintain anti-virus software. Finally, keep all of your data backed up and up-to-date.
4. Data leaks
Security doesn’t end in the office. With smartphones and other tech tools becoming a common part of our lives, we all need to be careful with how we use our own data and our clients’ data.
If our devices aren’t properly locked and secured, they can be stolen at any time. This could mean the device is physically gone (such as a lost phone) or it’s left in the wrong hands. Once data is leaked, there’s no telling what will happen.
How to protect yourself: Educate yourself and others about safe data practices. Ensure all of your devices have password protection. For portable storage devices, use encryption software to keep everything secure. Always keep an eye on your devices when traveling. Remember that criminals are opportunistic. A stray briefcase could be all it takes for a criminal to grab your device.
Finally, the last threat is hacking. Hacking is done in a number of ways, sometimes through malware and sometimes through forced entry (ie. criminals entering your password). It’s essential to stay vigilant about protecting your devices and your data.
How to protect yourself: Update your software and devices regularly to limit your risk of attack. For passwords, always use a secure, difficult passcode and update it regularly. Enable two-factor authentication whenever possible.
Protect your practice
Your data matters. It’s a myth that cyber-attacks only happen to large businesses. Today, it seems like data breaches are more common than ever. It’s up to you to protect yourself and your business.
When it comes to building strong relationships with clients, ensure they can trust you with their data. You’re the gateway to their finances. Make sure to use this information wisely and with proper security techniques. For more information on preparing your advisory for cyber threats in 2020, review the SEC’s cybersecurity guidelines.