Cybersecurity essentials for financial advisers and practice owners
By Ivon Gower, Director of Financial Planning Products, Morningstar Australasia Pty Ltd.
It’s a scary reality that cyber breaches are becoming more and more common. Statistics from VMware reveal a staggering 238% increase in cyberattacks on financial institutions during the first half of 2020. This wave of attacks came at an exorbitant cost, with an average of $5.72 million attributed to each data breach. Based on Upguard data1 as of 27 July 2023.
But, though daunting, there are many practical things business owners and everyday tech users can do to minimise these threats. This article aims to offer usable insights to financial advisers and practice owners about strengthening your cybersecurity defenses, while nurturing client and team trust.
1. Establish a Comprehensive Cyber Protection Plan
Establishing a robust cyber protection strategy not only instills a sense of security among your clients but also strengthens your team’s capabilities. The most effective approach involves crafting a plan that covers the stages before, during, and after a cyberattack.
- Prior to an Attack: Begin by understanding and mitigating potential risks. Preparing your staff with precise protocols to follow during an attack is essential—this proactive measure ensures that everyone knows their role and minimises the risk of chaos. Forethought is key: avoid formulating your strategy in the heat of the moment.
- During an Attack: Having a well-structured response plan in place is imperative. Equip your team with the knowledge of how to handle the situation effectively. Remember, in the midst of an attack, calm and well-orchestrated actions can save the day
- Post Attack: The aftermath calls for swift recovery. This phase is not just about restoring your business, but also elevating your cybersecurity readiness and potentially using your cybersecurity insurance.
2. Elevate Security with a Password Manager and Multi-Factor Authentication
Enhancing your defenses against cyber threats can be as straightforward as embracing two powerful tools: a password manager and multi-factor authentication.
Let go of the habit of storing passwords on spreadsheets or within platforms like Google Drive or OneDrive. Prioritise multi-factor authentication—it might not provide absolute immunity, but it can significantly reduce cyber threats by introducing an additional layer of protection.
3. Think long term, not short term
Being cautious and dedicating extra time to verify client details can go a long way to bolstering your resilience against cyber threats, even if it means a minor reduction in productivity.
For instance, calling clients before actioning big decisions may slow you down momentarily, but it’s worth spending the extra time to ensure security.
4. Vigilance Towards Third-Party Providers
Pay close attention to your third-party providers, as they can potentially serve as weak links in your business if their data storage and management practices fall short.
Review all your applications and ensure that your third-party providers have safeguards in place to minimise the risk of errors. For example, if a third-party provider is storing sensitive customer data, they should be using encryption technology to ensure that the data is secure and can’t be accessed by unauthorised parties. Furthermore, they should have processes in place to ensure that data is regularly backed up and that access to the data is restricted to authorised personnel only.
It’s essential to make sure their protocols align with your expectations and industry standards.
5. Mitigate Email-Related Risks
Resist the temptation to let sensitive information linger in your email account, as this introduces an avoidable vulnerability. If your inbox or your client’s sent mail are breached, confidential documents such as tax returns and copies of identification may be exposed.
Sensitive information should be encrypted or stored in a secure location, and if it is necessary to send it through email, it should be done through a secure platform like a client portal. This way, the data is less likely to be intercepted by unauthorised individuals and used for malicious purposes.
6. Embrace Cybersecurity as a Catalyst for Progress
Forward-thinking advisers view cybersecurity not as a hurdle, but as a stepping-stone for advancement. Examples include integrating a client portal and digital signatures – measures that also streamline day-to-day processes. Embracing cybersecurity propels your business towards innovation and efficiency.
7. Include Ongoing Cybersecurity Costs in Your Budget
Allocate resources for cybersecurity systems, insurance, and training as dedicated budget items. Although this might take up a small percentage of your revenue and, yes, maybe even some extra time, the consequences of not doing so include strained client conversations, reputational damage, and penalties. The importance of proactive cybersecurity measures cannot be overstated.
By incorporating these tips, financial advisers and business owners can elevate their cybersecurity readiness, safeguard their operations, and lay the foundation for long-term success.
This article is for general guidance on matters of interest only. The application and impact of cybersecurity controls can vary widely based on the specific facts involved. Given the changing nature of cybersecurity, best practice and regulations, and the inherent hazards of the field, there may be omissions or inaccuracies in information contained in this article. Ivon Gower is Director of Financial Planning Products at Morningstar Australasia Pty Ltd.
