Linda Preston-Todd runs through some simple and effective steps advisers can take to ensure the data they hold on clients is secure and so help protect them from the threat of cybercrime
Cybercrime and data breaches have long been associated with banks and other large institutions, rather than advisers. Criminal gangs are, however, turning their attention to smaller businesses - and that includes adviser firms.
Figures from the Security and Exchange Commission indicate almost three-quarters (74%) of US financial adviser firms had been the target of a cyber attack in 2015, and anecdotal evidence suggests firms this side of the Atlantic are also at risk of data breaches.
While some smaller firms might outsource their IT needs to specialist companies who will look after their network and security, others may work remotely with just one laptop. Either way, adviser firms hold a wealth of personal information - from pay-slips or bank statements to personal details such as addresses and more qualitative information - which could offer vital clues to what a customer's password might be.
All of these make these firms vulnerable to criminals looking to harvest this information - and without putting adequate measures in place, they could be unwittingly compromising customer data.
So what can advisers do to ensure the data they hold on customers is secure and protected? Here are four tips to help you get your cyber-houses in order.
1. Secure your emails
Every individual in your business should understand the risks inherent in opening suspect emails. They should know not to click on links or open any documents in suspicious emails or respond to messages with unexpected attachments or links. As a general rule of thumb, the golden rule should be, if in doubt, delete the email.
Firms should also ensure business and personal activities are kept separate. Individuals should avoid using their work device for personal use, even if they use a different login. It is also advisable to use a business-focused email service from a reputable supplier, such as Google for Business or Microsoft Office 365, who can help filter malware before it reaches staff at the firm.
2. Ensure systems are robust and backed up
It is essential all your IT operating systems, such as Windows 7 are up-to-date with security patches and that auto updates are enabled within the computer's settings. Without having these measures in place, malware will often use known vulnerabilities in software to get into a system when people are slow to update.
You should also ensure your data - particularly where it is needed for audit purposes - is securely backed up. Don't forget cloud accounts can be accessed and encrypted too so use a business cloud account rather than a personal one where security may not be as rigorous.
Wherever possible, don't use computer administrator accounts for day-to-day activity. This will minimise the risk of accidental infections as these generally need to run on the computer and install files. Using a non-administrator account can help to prevent such issues.
3. Disable macros and install anti-viral software
Make sure macros are disabled for all installations of Microsoft Office - newer versions are disabled by default. Up-to-date internet security and anti-virus software should be installed and this should be set to automatically update and run continually, checking files as you open them. This allows it to identify any glitches happening in the system in real time, alerting you to them before they become a problem.
4. Protect your passwords
Last but not least, password integrity is vital. A password should be a minimum of eight characters using a mix of symbols, numbers, upper and lower case letters and should be unique to every site you use. It should be changed regularly and patterns in your passwords should be avoided. Keep your passwords to yourself - and be careful what you post online to avoid giving fraudsters any clues as to your password or security question.
Taking these simple and effective steps now will help advisers meet their duty of care to customers. Conversely, advisers who fail to do so could face financial and reputational repercussions further down the line.
Linda Preston-Todd is head of bespoke solutions at Bankhall
Our weekly heads-up for advisers
'Pleased Unbiased has clarified'
The chairman isn’t answering his email
Reforms not enough
An economic cocktail