Advisers urged to consider security capabilities in product recommendations

April saw several super funds, including AustralianSuper, Australian Retirement Trust (ART), Hostplus and REST, hit in a coordinated cyber attack that resulted in some members’ funds being stolen.

The Cyber Collective founder Fraser Jack explained that due to the nature of Australia’s super system, it is an inherently valuable target for would-be cyber criminals.

“Superannuation is an environment where there is a lot of money … that’s often not monitored by people as regularly as it should be,” Jack said on The ifa Show.

Meanwhile, Jack suggested that there are other measures advisers should be encouraging clients to take in order to do their part in protecting their assets.

“It’s up to the people of Australia, to the people who’ve got super funds, to make sure that they’re protected by updating their passwords and making sure that they’ve got multi-factor authentication, etc, on all those things to protect their money,” he said.

One of the issues when it comes to such security measures is that most Australians will have created their password more than a decade ago and then just leave it be without thinking to change it to something more secure.

This, he suggested, is likely to be truer for those who created their accounts in a time where risks and general cyber awareness was lower.

When incidents do arise, such as what occurred early last month, Jack said that there can often be a bit of “finger pointing” that occurs. However, he said it is the responsibility of everyone to work together to protect against those who would do harm.

While he recognised the damage done in the April attack, Jack said this could also be an important “wake-up call and an opportunity for us to then have that conversation going forward”, making sure that people and companies have the appropriate measures in place to protect against attackers.

“And let’s be honest, there’s still a long way to go with some of the [super] funds, and I think a lot of advisers will turn around and say, ‘Well, you know, when it comes to paying for administration fees or paying peanuts, you’re going to get some work to do’. So, you get what you pay for,” he said.

In consideration of this, Jack is now urging financial advisers to do their due diligence on not only a product’s return rates but their ability to protect client assets from cyber criminals.

“It’s also an opportunity for people to go, you know what, when it comes to us making a recommendation on a product, we might not just take performance into account,” he said.

“We might take a client’s security into account and make that part of what we’re looking at when it comes to these funds and actually do some due diligence on the security settings inside of those funds and then make recommendations as to why you might not recommend a fund if they’re not up to a certain level of security or they’re likely to be infiltrated.”

He said that advisers should also be proactive in making sure that clients are utilising strong passwords and changing them regularly on important accounts, as well as putting multi-factor authentication and biometric security capabilities in place to further strengthen their resilience against cyber attacks.

“It’s incumbent on the adviser when they’re making these recommendations and they’re helping clients set up these products that they’re going that extra mile when it comes to the security,” Jack said.

To hear more from Fraser Jack, tune in here.