By Brad Powar, Head of Technology, ValidPath
In today’s digital age, ensuring safe communication with clients is paramount for financial advisers. Often when people seek a financial adviser, one of their primary concerns is whether they can trust that person to safeguard their money. Trust in the adviser’s ability to protect sensitive financial information is also crucial, and a firm’s cybersecurity measures play a significant role in building that confidence.
While no sector is immune from cyber-attacks, it’s the financial services sector that faces a particular threat. Financial services firms are a staggering 300 times more likely to be targeted by cyberattacks than other companies due to the sensitive and valuable data they hold.
Over 80% of UK financial institutions reported experiencing phishing attacks in the past year, with these attacks often aiming to steal login credentials or install malware. Ransomware attacks have also surged, with a 150% increase in incidents targeting financial services in the UK from 2022 to 2023.
What’s terrifying is even the most technologically advanced firms can fall victim to these types of attacks, it just takes one employee to click on something they shouldn’t and suddenly, the entire organisation’s security can be at risk.
It’s not just client trust and business integrity that’s on the line either. These attacks can cripple operations and lead to significant financial losses. It is therefore imperative that advisers are vigilant with their cybersecurity measures. Here are some ways you can mitigate risks posed by cybercriminals and enhance your communication protocols.
Understanding the threat
Cybercriminals often have access to a client’s email or device even before you have your first interaction with them. They gather information over time to plan targeted attacks. The more data they collect, and the more technology advances, the more deceptive and successful their attacks can be. This is something you should be keeping in mind not just inside the office, but outside of it as well.
Establishing secure communication protocols
First and foremost, never assume that client emails or devices are secure. Always verify the identity of the person you’re communicating with.
Developing a clear set of communication rules and sharing them with your clients is essential to confirm authenticity. For instance, you should never authorise a third party to contact clients about their business with you.
Additionally, ensure that you only contact clients from your business phone number and email, which they should save and verify during every engagement.
Importantly, never request fund transfers via email. Instead, confirm all transactions through a phone call to verify details.
Wherever possible, pre-establish account details to avoid sharing sensitive information over insecure channels.
Always verify incoming emails to ensure the sender’s address matches the clients exactly and Instruct clients to verify they are receiving emails from your official account.
To ensure the safe transmission of sensitive data, you should utilise secure file sharing services such as Google Drive, Outlook OneDrive, or WeTransfer. These platforms offer robust security features, including expiry dates for shared links and two-factor authentication (2FA). By setting expiry dates, you can limit the time sensitive information that is accessible, reducing the risk of unauthorised access. Two-factor authentication adds an extra layer of security by requiring a second form of verification, such as a code sent to your mobile device, ensuring that only authorised individuals can access the data.
Enhancing client security
Encouraging clients to enable two-factor authentication (2FA) on their email accounts is a crucial step. Guide them through the setup process if necessary.
Additionally, advise your clients to install trusted antivirus and firewall software on their systems, as some of these come with web protection tools to keep them safe from harmful websites. Ensure you, as the adviser, have done this already.
It is recommending that clients secure their devices with a PIN or biometric lock, such as fingerprint or Face ID, which adds another layer of security. Educate clients on security measures, instructing them never to share personal or financial information if they receive a suspicious email or call. Encourage them to contact you immediately via your business phone number or email if they notice anything suspicious. Use any incident as a teaching opportunity, reminding all clients of your established protocols.
Implementing data encryption
Data encryption is a vital component of cybersecurity. It ensures that sensitive information is converted into a secure format that can only be accessed by authorised individuals.
You should use encryption tools to protect client data both in transit and when it is stored. This means encrypting emails, documents, and any other forms of communication that contain sensitive information. By doing so, even if cybercriminals intercept the data, they will not be able to read it without the decryption key.
You can utilise email encryption that is already available with your existing email provider such as Microsoft Outlook or Google Gmail.
Encourage clients to use encrypted communication channels and educate them on the importance of encryption. Tools like encrypted email services and secure file-sharing platforms can significantly enhance the security of your communications. Additionally, ensure that all devices used to access client information are equipped with encryption software.
By implementing these cybersecurity best practices, financial advisers can significantly reduce the risk of cyber threats and ensure a secure communication environment for their clients. Remember, cybersecurity is an ongoing process that requires vigilance and continuous education.