Are you doing enough to protect your client’s data?

Promoted by

A poorly managed security issue can compromise your credibility and break trust with clients. Find out which cyber incidents are impacting the industry and how to protect against them.

Are you doing enough to protect your client’s data?

• Nearly half of Australian financial advisers had a cyber security incident in 2017.
• A poorly managed incident could mean the end of your business.
• If you’re not taking cyber security seriously, you’re not prepared for business in the digital world.

Cyber security is the hot button issue for the financial sector. It’s not just your client’s personal information and financial security at risk. A poorly managed security issue compromises your credibility and breaks trust with clients who depend on you to manage their money.

Founder of cyber security services firm Kamino, Julian Plummer, recently discussed cyber security in financial services in a Netwealth webinar, Cyber security: Peace of mind in a digital world. 

What’s it costing the industry?

Based on a Kamino survey, around 45 percent of Australian financial advisors had a cyber security incident in 2017. Each incident cost an average of $275,000 to remediate, repair, take action against or prevent from happening again.

Plummer says these are alarming statistics in a sector reliant on reputation.

“We trade on trust,” he said. “If advisors have a database of client holdings, tax file numbers, addresses and account numbers, that information must be secure.”

Of the companies who experienced a cyber security incident in 2017, 60 percent were out of business within six months.

“If you have hundreds of clients, all those clients have money, and you're connected to the internet? You’re a target.”

More than hacking
The Kamino survey identified common cyber incidents for financial advisers as:

• Malware software (worm or virus) - that does malicious things to your computer.
• Ransomware software - that infiltrates your systems to encrypt all data, with a ransom to unlock it.
• Phishing emails - people pretend to be employees of your business to access information or money.
• Unauthorised access - people who don’t belong in your network having access to your emails, files and databases.

 

Netwealth adviser webinar: The advice practice of the future - does it belong to you? Join Hon. Bernie Ripoll, former federal member for Oxley and Map My Plan Director, as he provides a political landscape update and highlights the implications for your business following the Royal Commission, FoFA, new industry bodies and new education standards. He will also provide insight into RegTech, AdviceTech and clients’ changing demographics. Click here to register

 

People, process and Johnny Cash

Plummer says people and process, and how your information is treated every day, are key to preventing and managing security issues. But even then, no one is unhackable.

“There’s always an Achilles heel,” says Plummer. “You need to know your vulnerabilities and decide on your appetite for risk against investing in information security. You need to be like Johnny Cash; constantly walking the line between security and profitability.”

Overconfidence won’t protect your data

Almost half of survey respondents believed they’re prepared to deal with a cyber attack, and almost 20 percent of financial advisors said they managed their own cyber security. 

Plummer says its likely most have been hacked without even knowing it.

“It’s happening now. There’s a Ukrainian crime outfit called the Business Gang who target nothing but Australian SMSFs, they make a very good living.”

Reliance on device usernames and passwords can also provide a false sense of security.

“People walk around with a lot of information on their laptops. If your data isn’t encrypted, all I have to do is take your laptop and plug the hard drive in to read everything.”

Don’t take the click bait

Plummer says phishing emails asking for payments or information, or ransomware looking to compromise your network is usually introduced by a simple click on the wrong link.

“If you have 10 people getting a phishing email every two days, and 99 per cent of the time they don’t click on the link, that’s still a 60 per cent chance one of those links gets clicked,” he says.

“Your staff need to understand the type of emails to expect and what they look like. It can appear to come from their boss, so communicate on what you will and won’t do over email. One complacent click and that's the end of your business.”

Password protected

Julian remembers seeing a financial planner log in with a two-letter password.

“My jaw nearly hit the floor,” he remembers. “Then I saw the Post It notes all over the screen, the door was wide open, and a spreadsheet on his desktop called passwords.xls. After investing tens of thousands of dollars to protect data, his office was the weakest link.”

Plummer suggests advisors use a password manager like LastPass. 

“You have one very difficult password to remember and generate all your other passwords as gibberish. You will not have a business if you share passwords,” he says.

“Even if LastPass got hacked, you’d have a month’s head start and time to change your passwords. They're security experts and you’re not.”

Managing cyber threats for a better night’s sleep

If you’re not taking cyber security seriously, you’re not prepared for business in the modern world.

“It's much easier for people to do massive harm on a much larger scale than it was ever before. You can lose your business in an instant,” says Plummer. “That's something that should keep you awake at night.”

Want to know more? 

Listen to the complete Cyber security: Peace of mind in a digital world webinar.

 

Disclaimer

This information has been prepared and issued by Netwealth Investments Limited (Netwealth), ABN 85 090 569 109, AFSL 23097, ARSN 604 930 252. It contains factual information and general financial product advice only and has been prepared without taking into account your individual objectives, financial situation or needs. The information provided is not intended to be a substitute for professional financial product advice and you should determine its appropriateness having regard to your particular circumstances. The relevant disclosure document should be obtained from Netwealth and considered before deciding whether to acquire, dispose of, or to continue to hold, an investment in any Netwealth product. While all care has been taken in the preparation of this information (using sources believed to be reliable and accurate), no person, including Netwealth, or any other member of the Netwealth group of companies, accepts responsibility for any loss suffered by any person arising from reliance on this information. For further information or enquiries please email [email protected] or Freecall 1800 888 223. We respect your right to privacy; please visit our website to read our Privacy Policy.