For large companies, securing employee devices is a continuous struggle. In the pandemic, many firms have allowed advisors to work remotely, and this is likely to remain common even after companies return to the office. Staff working remotely often put data at risk by using unsecured Wi-Fi networks at home or in coffee shops. Deploying a virtual private network, which keeps data safe when staff are using such networks, is essential. Financial firms should also encrypt the hard drives on employees’ laptops to prevent unauthorized access to the data if the devices are lost or stolen.
Smaller Firms: Sophisticated Schemes and Human Error
Human error plays a crucial role in many attacks. It goes without saying that financial advisors handle huge amounts of incredibly sensitive information—exactly the kind of information that hackers want. While many companies take steps to guard that information while on their servers, many financial advisors fall into the trap of sending documents in non-secure ways to their clients, co-workers or partner organizations. While many—but by no means all—larger companies have systems in place to share documents securely, advisors in smaller firms are particularly likely to simply email a document to a client. Email is not a secure form of communication. It is relatively easy for criminals to intercept and read the contents of emails in transit over the internet. Simply put, advisors should not share any financial information or documents unless they are encrypted. That includes email, in-office chat, and file-transfer programs. There are numerous services available that can encrypt emails and keep their contents private.
Incoming emails are also a threat source. Think phishing emails are obvious to spot? Not anymore. Threat actors have become adept at making them appear to be from a colleague, client or vendor. In a recent survey, a quarter of employees admitted clicking on a potentially malicious link, with around half saying they were distracted at the time.
Corporations employ sophisticated cybersecurity tools with filters that use artificial intelligence to flag or block potentially malicious messages. But smaller companies may not have the resources or expertise for this. Cybersecurity training for employees is a relatively inexpensive step smaller businesses can take to help users spot suspicious messages.
Cyber attacks are becoming more common and more expensive. The FTC has warned that cybercriminals are targeting groups affected by the pandemic. With financial advisors facing increased demands from their clients as a result of stimulus payments and more complex tax situations, they are a target. But, through a comprehensive and continuous approach to cybersecurity, the confidential data the public trusts financial firms to handle can be kept safe.
Ara Aslanian is CEO of Inverselogic, an IT services company, and reevert software. He is also an advisory board member of LA Cyber Lab.