Financial advisors face cyber security threat

Financial advisors face cyber security threat

Financial advisors face cyber security threat There is a new nightmare facing financial advisors – and it’s come in the form of cyber security.

That is the verdict of Mary Jo White, the chairman of the Securities and Exchange Commission in the USA. She believes that not only is this the biggest risk for financial advisors, but that they are woefully unprepared for what it could entail. Quoted in Reuters she stated that advisors’ “policies and procedures are not tailored to their particular risks.”

According to, there have been many examples in recent years of criminals emptying millions from major bank accounts – with $81 million recently grabbed from the central bank in Bangladesh. However, its sources believe that financial advisors are a more opportune target because whereas the banks are buying protection, many advisors are not.

Speaking to the publication, Ben Desjardins of cyber security expert Radware, commented that “consumers should be concerned about the potential for sensitive private data - such as account numbers and Social Security numbers - getting breached via smaller financial advisor firms.”

He points out that many financial advisors are acting as their own IT teams and they don’t have experts monitoring systems and ensuring sensitive data is stored adequately. He points out that it takes around 100 days on average for enterprises to realize they have been breached – and financial advisors may have malware on their machines without realizing it. Indeed Paul Pagnato, of wealth advisory firm PagnatoKarp, told the publication that “financial advisors are some of the most targeted personnel in the financial space.”

So what can be done to secure your systems? Wealth Professional spoke to Taylor Boivin, community leader at Advisor Websites, to get some tips.

“To protect yourself, your website and your clients there are a few steps you can take,” she said.

“First, never collect any sensitive information over your website unless you are using an encrypted webform service or SSL Certificate. While it might seem like a good idea to get as much information as possible from a prospect as possible, if you are using an unsecured medium for that collection, you are essentially putting that information up for grabs online. Stick to basic, already publicly available information like name, email and phone number and stay away from personal information like SIN or credit card details. The same goes for file sharing. Be sure to use a secure service for the transfer of any sensitive files over your website.”

In fact, Boivin believes that the simplest solution is to avoid collecting any precious data information via your website at all.

“The simplest way to put it is, if there is nothing worth hacking on your website, no-one will hack it,” she said. “Those who target websites and aim to steal information are looking for specific information they can use to do things like access bank accounts or steal identities. If you don’t offer up any of that information by collecting it over your website, hackers will move on.”
  • Murray Schultz 2016-06-01 12:31:28 PM
    While the concerns of the regulators are not without merit, it is becoming painfully obvious that the regulatory overlay is much too cumbersome and expensive (onerous) for smaller businesses to contend with, and getting worse The fact that security breaches at so-called top-flight firms (and, for God's sake, the SWIFT system of bank to bank communication and financial instrument transfer) have resulted in hundreds of millions in losses has no real correlation to/with what may or may not happen to smaller financial shops. This is particularly true when one realizes that much of this "private" information is already for sale on the web or on the down-low by ex-employees of large financial institutions, hackers and cyber-criminals. Rather than pretending to support small business (the number-one employer in Canada and the USA) while making it impossible to meet increasing administrative and financial overhead, the regulators may want to take part in hardening defenses against inherent weaknesses in big data, the ethernet protocol and trust-based document sharing at large institutions where employee loyalty and satisfaction levels are suspect, at best.
    Post a reply
  • Niki 2016-06-02 6:32:18 PM
    Murray--What do you suggest as a solution to the problem? What does anyone suggest as a solution to the problem? Join a large well financed corporation? If that is what it takes to ensure client's confidential information is kept secure then is that so bad? Can they still run a small business that way that fits their own design and responsibilities to client security of information and financial information?
    Post a reply
  • Mary K 2016-06-06 10:44:38 PM
    Well said Murray.
    Post a reply