Financial advisors are targeted by cyber-criminals because of the high value of financial data and the generally unsophisticated security at small firms, Andrea McGrew writes on ThinkAdvisor. Cyber-criminals exploit human error using phishing scams, and it is up to advisors to understand these tactics and protect client data, according to McGrew.
Simple Protocols to Keep Private Data Private
In 2017, 25% of financial firms suffered data breaches, up from 20% in 2016, according to McGrew, chief compliance and chief legal officer at USA Financial. Each of these breaches cost an average of $7 million, highlighting the importance of protecting personal and financial data, she writes.
Phishing scams trick victims into sharing information and can include redirects to contact forms, false logins and prompts to open malicious attachments, according to McGrew. Phishing attacks are often emails, but can be delivered via instant message, SMS or phone calls, she writes. Additionally, phone numbers and email addresses can be manipulated to imitate legitimate sources, McGrew writes.
These messages can sometimes be identified by checking spelling and grammar, the sender’s email address and domains, and comparing linked URLs with official URLs, she writes. Any message pushing for urgent action should be questioned, since legitimate financial institutions won’t ask for immediate login or information verification, according to McGrew.
Some phishing tactics are more advanced, such as keyloggers, which record keystrokes including usernames and passwords, she writes. These can be avoided by handling links and email attachments with care and ensuring networks have anti-virus software, according to McGrew.
Attackers can impersonate clients by stealing phones or hacking emails, which can be hard to identify since messages would then be coming from a trusted source, according to McGrew. To mitigate these risks, advisors can use face-to-face meetings, make calls to verify emails and resort to pre-established ID verification , McGrew writes.
Advisors should stay abreast of the latest tactics and ensure all employees are equally informed, she writes. Additionally, advisors should take the lead educating clients on these scams and how to avoid them, according to McGrew.
