Cybersecurity Breaches Threaten Advisors Who Work From Home

Working from home may be convenient for advisors and others, but it also can draw out bad actors preying on cybersecurity weaknesses of home networks, said Wes Stillman, CEO of RightSize Solutions, a technology and cybersecurity firm.

“In these disastrous times, we are seeing the nation come together, but we are also seeing a huge increase in cyberattacks against those working at home,” Stillman said during a webinar hosted by RightSize Solutions on Tuesday.

The topics of security and compliance discussed during the webinar, “Cyber Security Work-from-Home Best Practices,” are not new but are especially relevant now as people are pushed out of their offices by the pandemic, he added.

Phishing attacks, in which fraudsters send fake emails to solicit private information, are the number one way schemers attack advisors and the public, Stillman said. If a client has been hacked, an advisor may receive a fake email that looks like it is from the client, but actually is from someone trying to take advantage of the current situation.

“Verify all email and website addresses,” he warned. In many cases, advisors have the same concerns as the general public and should react the same way. “Do not open strange files or give out any private information of yourself or a client.”

But advisors have more to worry about when it comes to cybersecurity than the general public.

Advisors need to use multi-factor authentication for their clients and themselves for email and for access to the advisory firms’ web portals, he said. Virtual private networks (VPN) can add a layer of security but VPNs they also can slow down the internet service, he added.

Once an advisor makes the switch to working at home, he or she needs to change the default password on the computer router, he said.

Susan Glover, president of Susan Glover & Associates, an operations and technology consulting firm, told advisors they should log onto the internet through their company’s platform, not their home internet, while working at home. “If you download client information onto your home computer, it stays there.”

Stillman added that all home devices used for work should be registered to the firm’s domain and all devices should meet compliance regulations.

Jeff Groves, president of CWI ComplianceWorks, a compliance support business for advisors, reminded advisors that they have to meet all federal and state regulations even while working at home.

“Advisors still have to use business email accounts for business communications and any prohibited types of communication and transactions still are prohibited at home,” he said. “Confidentiality should be considered on everything. Being in a home office does not suspend compliance.

“You also have to understand the limitations of your computer and of the systems being used by third party providers,” Groves said. “And you have to be careful what information you show during a webinar. Your client may not be in a secure environment.

“Document everything,” he emphasized. “If you did not document it, you did not do it.”

While team members are working in diverse locations, the firm still has to show clients that everyone is working together and that the firm can react to market movement as needed, Glover explained. “See how often you clients are checking their accounts. Those who are checking frequently probably need a phone call from you.

“During this time, everyone should keep good notes about the things that are going right and the things that are going wrong, so it can be analyzed later,” she added.