BOCA RATON, Fla. – After the widely publicized Equifax hack, clients are asking prickly questions about data security, and advisors are taking those concerns to their regional broker-dealers.

As attacks have become increasingly prevalent at wealth management firms, clients are taking notice, said Raymond James’ Chief Information Security Officer Andy Zolper in an interview at the Raymond James' Wealth Manager Conference earlier this month. The Equifax hack has only heightened their concern.

“Over the last couple of years, the attackers have gotten more patient and more sophisticated,” Zolper said.

Bloomberg News

Zolper suggests practical advice and a lot of reassurance when talking to clients about Equifax. Remind clients to check with the credit bureau to determine whether they were affected and about credit monitoring options, he said.

Clients should also consider placing a freeze on any lines of credit that could have been impacted. All three major credit bureaus will have to be contacted, he said.

Lastly, help clients flag any unusual items on their credit reports, and inform financial institutions right away.

Email filtering is the first step toward preventing fraud and other phishing attempts, Zolper said, especially for RIAs that choose to host their own email servers separate from Raymond James’ platform.

While advisors are becoming savvier about such attacks, Raymond James still receives thousands of malicious emails. The firm scans all emails on its platform and discards 2.5 million per day. While not all of those are attacks, almost eight in 10 messages received are rejected, according to Raymond James.

“Hackers’ greatest skills are as social engineers,” says Andy Zolper, CISO at Raymond James (center).
“Hackers’ greatest skills are as social engineers,” says Andy Zolper, CISO at Raymond James (center).

Once gaining access, hackers now comb through months and months of correspondences to learn about the advisor-client relationship, he said.

“Hackers’ greatest skills are as social engineers,” Zolper said, adding that they will read all the old emails in an account to build context into their scheme. “They’ll say, ‘It was great playing golf with you three weeks ago,’ and the advisor really did play golf with the client, and the bad guys know that.”

Be aware of one major red flag. Scammers are aware that advisors must verify wire-request emails with a quick call to clients, and will have an excuse ready explaining why they're not available to speak over the phone.

Beyond email hacking, ransomware is now the number 1 attack on firms, Zolper said. Once infiltrated, ransomware encrypts the data that then can only be accessed with a password. The hackers require the victim to pay with a form of cryptocurrency to release the data.

“For millennia, criminals have used extortion schemes,” Zolper said, adding that clients should regularly back up all critical documentation.

Another essential is two-factor authentication — a password that requires an additional form of verification when clients sign in to an account for the first time — especially to protect against email attacks, Zolper said.

Register or login for access to this item and much more

All Financial Planning content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access