Risky Business: The Largest Cyber-Risk for Financial Advisors
There is no way to completely protect against sophisticated cybercriminals. That said, the more aware consumers are, the better. The same is true for big businesses. As cybercrime takes a bigger bite from the pockets of U.S. consumers and businesses each year, people are beginning to pay more attention and increase defenses. These are positive trends, but more needs to be done.
To discuss these issues, Preston Connell at Delaware Investments recently spoke with us after some branch office visits with wealth managers. He realized that advisors could never be too educated about cybersecurity and how to protect against cybercrime. We sat down to take a deeper look inside cybercrime and how it’s impacted the wealth management industry in particular. Here are some of the questions Mr. Connell asked during a Q&A published in a two part series.
PC: Is it true the financial services industry suffers the greatest losses from cybercrime annually?
LT: It’s hard to measure cybercrime losses because there is no central repository for these crime statistics. The lack of information is made worse by the fact that many cybercrimes go unreported. Believe it or not, even many big companies often do not contact law enforcement when they have been victimized. This prevents the FBI and other agencies from seeing the full picture.
From all the data available, it’s clear that financial firms are a primary target of sophisticated criminal groups. These groups’ tactics can range from developing malware, to launching social engineering attacks (which are designed to trick people into skirting their normal security procedures), to presenting insider threats.
PC: What do you see as the largest cyber-risk confronting financial advisors?
LT: The fastest growing trend in cybercrime is what is known as the business email compromise, or BEC. These are emails meant to convince businesses to wire money out of the country to accounts controlled by criminals. According to the FBI, cybercriminals are increasing their attacks against businesses working with foreign suppliers or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business email accounts through “social engineering” or computer-intrusion techniques to conduct unauthorized transfers of funds.
Financial advisors need to be on guard against highly sophisticated emails that request the transfer of funds to foreign accounts. Some of these emails may appears to include inside information, which can make them seem legitimate.
The FBI’s Internet Crime Complaint Center (IC3) has the following advice for businesses to protect against this type of scam:
- Carefully scrutinize all email requests for transfer of funds to determine if the requests are out of the ordinary.
- Verify changes in vendor payment location by adding additional two-factor authentication, such as having a secondary sign-off by company personnel.
- Confirm requests for transfers of funds. When using phone verification as part of the two-factor authentication, use previously known numbers, not the numbers provided in the email request.
- Know the habits of your customers, including the details of their payments and the reasons behind them.
PC: What steps should a financial advisor take if a client suspects they’ve been the victim of a cybercrime?
LT: Most firms have protocols for addressing cybercrime situations. First, check your firm’s guidelines. But generally speaking, if a victim has lost money in an email scam, one should contact the sending bank and the FBI immediately. It may be possible to intercept the transfer before it’s too late. You should also report stolen financial information or identities and other cybercrime to the IC3 and to your local law enforcement or state attorney general as appropriate.
PC: What are some good cyber-safe habits advisors should follow?
LT: I would suggest this list, which was developed by the Anti-Phishing Working Group:
- Update your computer with the latest security software, web browser, and operating system.
- Protect your personal information by asking your bank for additional ways you can verify who you are before you access that site. These can include tokens or one-time passwords sent to your cell phone.
- Use strong passwords by combining capital and lowercase letters with numbers and symbols to create a more secure password. Make sure you use a unique password for every account.
- When available, set the privacy and security settings on websites to your comfort level for information sharing. It’s OK to limit whom you share information with.
- Be careful when connecting to the Internet. Links in email, tweets, posts, and online advertising are often how cybercriminals compromise someone’s computer. If something looks suspicious, even if you know the source, it’s best to delete, or if appropriate, mark as junk email.
- Be wary of communications that implore you to act immediately, offer something that sounds too good to be true, or ask for personal information.
- Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely.
Dynamic, Context-Aware Network, Application and Content Security Solutions for Financial Services
Wealth managers trade on their reputation. Poor governance and compliance, and the all too common breaches as a result of cyberattacks and insider threats jeopardize both the reputation and bottom line of any financial institution. Staying competitive, and ensuring customer privacy requires sound processes and secure financial systems.
Learn how Cryptzone helps wealth managers stay compliant with regulations, protect customer information and reduce the risk of cybercrime, privacy breaches and confidential information leaks.