4 Steps to Prevent Cyberattacks

DALLAS -- The "Nigerian prince" after your clients' money isn't the only one. Cyberattacks targeting sensitive data are becoming more advanced and frequent, forcing advisors to adopt stronger cybersecurity measures.

"The bad guys are out there all the time looking for vulnerability," Armistead Whitney, CEO of Preparis, said at the T3 conference last week.

In one story Whitney told an audience of advisors, the assistant of a high level executive was hacked because her password, "Lucy123" was guessed by hackers. He explained that these "bad guys" studied the assistant's social media pages and noticed her dog's name is Lucy.

"This is no longer college kids trying to break into a network," he said. "This is white collar crime."

According to an SEC survey released earlier this month, 88% of broker-dealers and 74% of advisors reported to have experienced a cyberattack either internally or externally.

Despite the growing threat, many advisors don't know the first steps to preventing an attack.

"The reality is that it's pretty simple to get your firm protected from cyberattacks," said Brian Edelman, CEO of Financial Computer Services.

To protect client data, there are four things that advisors can focus on.

1. Get outside help.

"It's not just a project for IT," Whitney told advisors. "IT departments are very taxed and stressed right now," he said, pointing to the changing cybersecurity policies that regulators will require firms to comply with.

"Have an external partner," he said. "Find a real professional that can do a start-to-finish security assessment."

Edelman agreed, adding that a cybersecurity system monitored by a consultant can be as low as $20 a month.

2. Use safe WiFi.

"If you connect to a remote WiFi, at a place like Starbucks, and you're not properly protected, I could take over your computer without you even knowing," Edelman said. "It doesn’t matter how complex your password is."

Hackers can embed a tool on a target's computer that will send them the keystrokes used for a password when prompted, he told advisors. In this instance, even well-crafted passwords can't prevent a hacker from gaining access to it.

"It comes down to the fact that we have to be more careful," he said. "We have to be careful about connecting to open wireless. Don't do it."

3. Do a test.

One of the most important things advisors can do is to test themselves. Whitney discusses hypothetical breaches with advisors in their offices and asks them how they would react.

"It opens the eyes on a senior level," he said. "It opens the eyes to the role of the employees, which is what the SEC wants."

Many of the cybersecurity issues that advisors face are unintentional and often internal, he said. They're caused by staff members or occur because firms still don’t have proper security protocols in place. In many instances, it is only when a firm runs a test that they can see the weak points in their system, whether it be electronic or the communication following an attack.

4. Educate your clients.

Once advisors understand what they need to do to keep client data safe, they must also inform clients, Edelman urged advisors. Such discussions can help prevent clients from making costly mistakes, like clicking on a link that allows a hacker to gain access to vital data.

"We have to make sure that we educate people," Edelman said. "We make sure that they know it is okay that they think something has happened." This is especially important because many clients ho make a mistake will feel embarrassed of being the victim of a scam, he said. Advisors should explain to clients what happened and how to prevent it from happening again, he warned. 

"We have to make sure we take every opportunity to educate people so we can laugh about cybersecurity and not cry."

Read more:

For reprint and licensing requests for this article, click here.
Practice management Financial planning Technology
MORE FROM FINANCIAL PLANNING