Cybersecurity essentials for financial advisers and practice owners

By Ivon Gower, Director of Financial Planning Products, Morningstar Australasia Pty Ltd.

It’s a scary reality that cyber breaches are becoming more and more common. Statistics from VMware reveal a staggering 238% increase in cyberattacks on financial institutions during the first half of 2020. This wave of attacks came at an exorbitant cost, with an average of $5.72 million attributed to each data breach. Based on Upguard data1 as of 27 July 2023.
But, though daunting, there are many practical things business owners and everyday tech users can do to minimise these threats. This article aims to offer usable insights to financial advisers and practice owners about strengthening your cybersecurity defenses, while nurturing client and team trust. 
1. Establish a Comprehensive Cyber Protection Plan
Establishing a robust cyber protection strategy not only instills a sense of security among your clients but also strengthens your team’s capabilities. The most effective approach involves crafting a plan that covers the stages before, during, and after a cyberattack.
  • Prior to an Attack: Begin by understanding and mitigating potential risks. Preparing your staff with precise protocols to follow during an attack is essential—this proactive measure ensures that everyone knows their role and minimises the risk of chaos. Forethought is key: avoid formulating your strategy in the heat of the moment.
  • During an Attack: Having a well-structured response plan in place is imperative. Equip your team with the knowledge of how to handle the situation effectively. Remember, in the midst of an attack, calm and well-orchestrated actions can save the day
  • Post Attack: The aftermath calls for swift recovery. This phase is not just about restoring your business, but also elevating your cybersecurity readiness and potentially using your cybersecurity insurance.
2. Elevate Security with a Password Manager and Multi-Factor Authentication
Enhancing your defenses against cyber threats can be as straightforward as embracing two powerful tools: a password manager and multi-factor authentication.
Let go of the habit of storing passwords on spreadsheets or within platforms like Google Drive or OneDrive. Prioritise multi-factor authentication—it might not provide absolute immunity, but it can significantly reduce cyber threats by introducing an additional layer of protection.
3. Think long term, not short term
Being cautious and dedicating extra time to verify client details can go a long way to bolstering your resilience against cyber threats, even if it means a minor reduction in productivity.
For instance, calling clients before actioning big decisions may slow you down momentarily, but it’s worth spending the extra time to ensure security.
4. Vigilance Towards Third-Party Providers
Pay close attention to your third-party providers, as they can potentially serve as weak links in your business if their data storage and management practices fall short.
Review all your applications and ensure that your third-party providers have safeguards in place to minimise the risk of errors. For example, if a third-party provider is storing sensitive customer data, they should be using encryption technology to ensure that the data is secure and can’t be accessed by unauthorised parties. Furthermore, they should have processes in place to ensure that data is regularly backed up and that access to the data is restricted to authorised personnel only.
It’s essential to make sure their protocols align with your expectations and industry standards.
5. Mitigate Email-Related Risks
Resist the temptation to let sensitive information linger in your email account, as this introduces an avoidable vulnerability. If your inbox or your client’s sent mail are breached, confidential documents such as tax returns and copies of identification may be exposed.
Sensitive information should be encrypted or stored in a secure location, and if it is necessary to send it through email, it should be done through a secure platform like a client portal. This way, the data is less likely to be intercepted by unauthorised individuals and used for malicious purposes.
6. Embrace Cybersecurity as a Catalyst for Progress
Forward-thinking advisers view cybersecurity not as a hurdle, but as a stepping-stone for advancement. Examples include integrating a client portal and digital signatures – measures that also streamline day-to-day processes. Embracing cybersecurity propels your business towards innovation and efficiency.
7. Include Ongoing Cybersecurity Costs in Your Budget
Allocate resources for cybersecurity systems, insurance, and training as dedicated budget items. Although this might take up a small percentage of your revenue and, yes, maybe even some extra time, the consequences of not doing so include strained client conversations, reputational damage, and penalties. The importance of proactive cybersecurity measures cannot be overstated.
By incorporating these tips, financial advisers and business owners can elevate their cybersecurity readiness, safeguard their operations, and lay the foundation for long-term success.
This article is for general guidance on matters of interest only. The application and impact of cybersecurity controls can vary widely based on the specific facts involved. Given the changing nature of cybersecurity, best practice and regulations, and the inherent hazards of the field, there may be omissions or inaccuracies in information contained in this article. Ivon Gower is Director of Financial Planning Products at Morningstar Australasia Pty Ltd.

This document is issued by Morningstar Investment Management Australia Limited (ABN 54 071 808 501, AFS Licence No. 228986) (‘Morningstar’). Morningstar is the Responsible Entity and issuer of interests in the Morningstar investment funds referred to in this report. © Copyright of this document is owned by Morningstar and any related bodies corporate that are involved in the document’s creation. As such the document, or any part of it, should not be copied, reproduced, scanned or embodied in any other document or distributed to another party without the prior written consent of Morningstar. The information provided is for general use only. In compiling this document, Morningstar has relied on information and data supplied by third parties including information providers (such as Standard and Poor’s, MSCI, Barclays, FTSE). Whilst all reasonable care has been taken to ensure the accuracy of information provided, neither Morningstar nor its third parties accept responsibility for any inaccuracy or for investment decisions or any other actions taken by any person on the basis or context of the information included. Morningstar does not guarantee the performance of any investment or the return of capital. Morningstar warns that (a) Morningstar has not considered any individual person’s objectives, financial situation or particular needs, and (b) individuals should seek advice and consider whether the advice is appropriate in light of their goals, objectives and current situation. Refer to our Financial Services Guide (FSG) for more information at Before making any decision about whether to invest in a financial product, individuals should obtain and consider the disclosure document. For a copy of the relevant disclosure document, please contact our Adviser Solutions Team on 1800 951 999.

How we look after your savings

  • A key focus on risk management, not just the potential for returns
  • Increasing your buying power
  • Today’s best investment opportunities