Clients the biggest cyber threat facing investing firms

New regulations are in the works to improve cyber security for financial firms – but IIAC says clients must be educated in the meantime

As the investment sector awaits a new framework for cyber security, a key threat faces financial firms – their clients’ online practices.

Susan Copland, managing director at the Investment Industry Association of Canada, says firms are wise to educate their clients on best “cyber hygiene” practices – such as protecting their passwords and avoiding phishing emails - when accessing their data and wealth information online.

“What’s really important is educating the clients as to the things they should and shouldn’t do because the clients can be used as an attack vector as well,” she says. “If they’re accessing their information on the firm’s data base and website, and their computer is exposed, it can pose a risk to the industry and themselves.”

Ransomware in particular is a growing threat, as hackers need simply infiltrate a firm’s system by sending a malicious link to members of the organization.

“Certainly ransomware is the high one on everyone’s list right now, and that’s certainly what we’re aware of,” Copland says. “There’s instructions on the internet for someone who wants to launch a ransomware attack, and that’s awful and very troublesome.”

The IIAC is currently awaiting the results of a comprehensive survey currently being circulated by the Investment Industry Regulatory Organization of Canada (IIROC). The results, to be received by the end of the summer, will be used by the association as guidelines to establishing a new framework.

Copland says that great strides have been made among firms to improve their cyber knowledge over the past year, as cyber threats are moving beyond the IT department to the boardroom.

“The difference between last year and this year is quite significant in terms of firms being aware of cyber security issues, and moving them from the technology department to making them strategic board issues,” she says.

“A year and a half ago, it was really the purview of the technology department, and it wasn’t prioritized at such a high level. That’s a huge improvement, and it really ensures it’s on the radar of every firm, and they’re watching it closely.”

Financial advisors face cyber security threat
Cyber risks for advisors