Cyber criminals steal billions of dollars a year from
financial firms. Financial advisors – and their clients – are at risk as
attacks increase and grow more complex, according to security experts.
“Advisors have one thing the bad actors want, and that’s money,”
said Brian Edelman, chief executive of FCI, a cybersecurity firm specializing
in financial services. “They’re the gatekeepers to a lot of money.”
Registered investment advisors, or RIAs, manage more than
$4.7 trillion dollars in client assets — about a fourth of all assets under
management, according to TD Ameritrade. By 2022, that figure could grow by $1.4
trillion, according to the firm.
In addition to being a central repository for customer
money, financial firms are attractive to scammers due to their valuable
customer data, according to a White House Council of Economic Advisors report,
which found that cybercrime cost the U.S. economy between $57 billion and $109
billion in 2016.
The finance sector, both public and private, suffered the
largest number of security breaches relative to other industries that year,
according to the White House analysis.
Investors don’t often ask about their financial planner’s
cyber protocols, said Evelyn Zohlen, a certified financial planner and founder
of Inspired Financial in Huntington Beach, Calif. Yet inquiring about
protective measures should be on each client checklist.
“They should care because by the time there’s been an
incident and they’re asking, it’s too late,” she said.
The checklist
Here are five important questions investors should ask
current and prospective financial advisors about their cyber protections,
according to Edelman:
• What would you do if you have a security incident
involving my confidential information?
• How do you protect my data?
• How can you show that you are in compliance with cyber
regulations?
• Do you have cyber insurance?
• Do you have a third party validating that you are secure?
These points are either cyber requirements or
recommendations from financial regulators like the SEC and Financial Industry
Regulatory Authority, Edelman said.
Investors should ask for proof that advisors can demonstrate
or justify their answers, Edelman said. They should also take note of their
client experience — for example, do investors receive encrypted e-mail messages
and need multi-factor authentication to access the client portal, Edelman said.
“There are two kinds of financial services firms: those that
have faced a cyberattack and those that will,” according to the consulting firm
PwC.
Almost half of companies experienced some type of financial
fraud in the past two years, cybercrime being the most prevalent, according to
a recent poll of 5,000 global firms by PwC. About 1 in 10 companies lost more than
$50 million. Just 56% investigated the incident.
‘Eye opening’
Zohlen might have inadvertently wired $80,000 of client
money to scammers this fall if it weren’t for cyber controls instituted at the
firm.
“It could have gone a very different direction because the
quality of the fake was quite, quite good,” said Zohlen, who also chairs the
Financial Planning Association, a membership group of almost 21,000 advisors.
The con artist, using an e-mail address that appeared
legitimate, requested the sum to do home renovations, a not-uncommon ask for the
client, who owns many rental properties, Zohlen said. The fraudster also
attached a valid invoice from a contractor.
The firm discovered the attempted theft when reaching out to
the client to confirm the transaction — part of a protocol instituted to proactively
call customers and verify details.
“I’m concerned about all the new and exciting ways
[criminals] are figuring out how to fool us,” said Zohlen, who has seen fraud
attempts grow more common. “The experience this fall was eye opening.”
Cybersecurity ranks among the Securities and Exchange
Commission’s top examination priorities for financial advisors, due to the
heightened risk it poses investors.
Consumer loss to cybercrime is on the rise, hitting a record
$3.5 billion last year, according to the FBI.
The FPA launched a certificate program for members last
month around cybersecurity. The topic is especially important given the fast
pace of business being conducted by advisors, said Martin Seay, FPA president
and director of Kansas State University’s personal financial planning program.
Click
here for the original article.