Humans are the major cyber threat in a business

Ahead of the Adviser Innovation Summit 2023, Mr Jack said the greatest threat for advice practices is identity theft of their clients due to the sheer amount of data advisers hold in their files.

“Generally, advice practices are small professional firms that hold more information than institutions like banks, insurance providers, and platforms,” he told ifa.

“The biggest threat they face is having somebody get in and take the identity off their clients, along with any information about their super or investments, etc.”

Besides this, nefarious hackers could intercept the trusted relationship between the adviser and client.

“That trusted relationship is a major benefit for the business but it is also a major risk because the hacker could pose as the adviser or client,” Mr Fraser flagged.

His comments precede the Adviser Innovation Summit in June, where he will provide tips on how advice practices can bolster their cyber security posture, why understanding their assets is critical to securing them, and how they should respond to an attack.

When asked how advisers could build a cyber fortress around their practice, Mr Jack said he divides the threats into fixed and variable factors.

The former includes fixed IT settings, antivirus protections, multi-factor authentication, password managers, and backup settings.

However, the greatest threat is the variables – the humans in the advice practice who have the relationship with the clients.

This could include the practice principal, adviser, or administrative staff who converse with and collect data from clients.

“These variables could include staff losing or giving away their password to somebody who can get past all the fixed security settings because they now have that variable token,” Mr Jack said.

To close these holes and secure a business, Mr Jack urged businesses to provide ongoing training to the advisers, practice principals, and all other staff and embed a culture of cyber security and safe practices in the business.

“Every single staff member that comes in contact with their clients’ personal identifiable information should receive ongoing training to make sure this becomes the culture in the business,” he said.

“A lot of the CPD programs are geared towards just advisers and not for the rest of the staff, which is a bit of a problem because cyber training should be provided to every staff member. The information needs to be offered in small, bite-sized pieces on an ongoing basis, maybe every fortnight.

“It’s not a set-and-forget. You can’t just do something today and then come back to it next year.”

Mr Jack also advised businesses to implement a robust cyber security plan in advance so they are prepared in case of an attack.

“Walk them through what’s called a cyber drill and make sure your staff are trained so they know what to do and who to contact in case of an attack,” he said.

Having cyber indemnity insurance could also help businesses respond to a cyber attack as they would have an incident response team attached to them.

The team can negotiate with an attacker if they are demanding a ransom and contact forensic IT specialists to pinpoint where the attack occurred.

“They will also help you with your communication plan so you can inform your clients and stakeholders about the attack and explain how it could impact them,” Mr Jack said.

To hear more from Fraser Jack on how advisers can fortify their practices against cyber attacks, come along to the Adviser Innovation Summit 2023.

It will be held on 8 June at the Great Hall, University of Technology, Sydney and 15 June at Grand Hyatt Melbourne.

Click here to buy tickets and make sure you don’t miss out!

For more information including the agenda and speakers, click here.