Cybersecurity tips for advisors, and clients

Cyberattacks are growing in volume and sophistication and the need for the wealth management business to safeguard clients, portfolios and industry has never been greater.

In 2017 alone, more than 143 million Americans were affected by cybercrimes, a jump of 30% from 2016. As threats increase and fraudsters become more sophisticated, financial advisors and their clients must be proactive in protecting themselves and sensitive data. The process begins with education. Today’s cybercriminals use common, effective methods to acquire personal information. Malware (malicious software) can be delivered to devices via suspect websites, public Wi-Fi networks, and communal charging stations, presenting common hazards that might be sidestepped with the right information.

Below are helpful tips advisors can use to start a conversation with their clients about cybersecurity and help avoid potential catastrophe.

Software and online security

Keep your software, operating system and browser up to date. Companies continuously add security updates with every software upgrade they release. Installing updates immediately can help clients prevent a malware infection. 
Set up multi-factor authentication to login to any website or application clients use for financial transactions that contain personal data. 
Run a reputable, American anti-virus product on a home PC or laptop. This will help prevent a device from becoming infected with malware and may clean up an existing infection

As threats increase, the need to safeguard clients, portfolios and industry has never been greater, writes Rachel Wilson, head of cybersecurity for Morgan Wealth Management Technology.

Cybersecurity in public environments

Avoid using public Wi-Fi hotspots — such as the ones at coffee shops, airports, or hotels. If a client does use a public Wi-Fi hotspot, advise them to use a virtual private network (VPN) so that others cannot intercept their communications. As an alternative, clients can stick to the mobile network and create a personal Wi-Fi hotspot with their phone.
Don’t use public charging cords or USB ports to charge a device. Publicly available power outlets are generally fine, but avoid using publicly available cords and ports. These can be used to deliver malware or silently steal data.

If you’re a broker-dealer, you must be compliant with SEC Rule 17a-4. Make sure you know the regulations for Electronic Storage Media (ESM), and why it’s necessary to work with a Designated Third Party (D3P) to safeguard your electronic records.

Daily online activities

Don’t click on links or open attachments in unsolicited emails or text messages. Doing so may install malware on a device. 
Don’t reuse the same or similar username and password across multiple websites and applications. If clients reuse the same username and password and a hacker gains access to just one of the accounts, the hacker may be able to access their other client accounts as well.
Use a password manager. These apps create unique, complex passwords for clients and then store those passwords in a cryptographically sound way. 
Create and save bookmarks for the important banking and brokerage websites that clients visit often to avoid inadvertently entering credentials on a fraudulent site. 
Only download applications from Google Play or the App Store and never from a third-party app store. Third-party app stores, or apps that pop up and encourage a download, are much more likely to contain malware. 
Only give applications the permissions they really need. Granting an application access to photos, location, camera, contacts, makes data and information available to the application owner.
Limit how much information is shared on social media, and lock down the privacy settings on social media accounts. The information clients share online could be exploited to gather information for fraud schemes.

Tools to combat cybercrime

Use a current and reliable email provider that has basic, built-in security features. Using an older email account that has not incorporated security protections will greatly increase the likelihood of your email account being taken over and used to impersonate you or to spam your contacts.

Shred financial documents before discarding them, as these contain valuable information that could be used by fraudsters. Leverage online statements and paperless options, like eSign, eDelivery and eAuthorizations and Digital Vault, as these include important security features. Leverage online statements and paperless options. Additionally, clients should secure sensitive documents within their home.

These basic tips can help avoid some of the most common cybersecurity threats, but the need for vigilance and continued education is paramount. Advisors should maintain an ongoing dialogue with their clients to ensure their personal data, wealth information and financial transaction data are properly safeguarded.