Financial advisors face cyber security threat

Securities and Exchange Commission chief gives her verdict on biggest risk to industry

There is a new nightmare facing financial advisors – and it’s come in the form of cyber security.

That is the verdict of Mary Jo White, the chairman of the Securities and Exchange Commission in the USA. She believes that not only is this the biggest risk for financial advisors, but that they are woefully unprepared for what it could entail. Quoted in Reuters she stated that advisors’ “policies and procedures are not tailored to their particular risks.”

According to, there have been many examples in recent years of criminals emptying millions from major bank accounts – with $81 million recently grabbed from the central bank in Bangladesh. However, its sources believe that financial advisors are a more opportune target because whereas the banks are buying protection, many advisors are not.

Speaking to the publication, Ben Desjardins of cyber security expert Radware, commented that “consumers should be concerned about the potential for sensitive private data - such as account numbers and Social Security numbers - getting breached via smaller financial advisor firms.”

He points out that many financial advisors are acting as their own IT teams and they don’t have experts monitoring systems and ensuring sensitive data is stored adequately. He points out that it takes around 100 days on average for enterprises to realize they have been breached – and financial advisors may have malware on their machines without realizing it. Indeed Paul Pagnato, of wealth advisory firm PagnatoKarp, told the publication that “financial advisors are some of the most targeted personnel in the financial space.”

So what can be done to secure your systems? Wealth Professional spoke to Taylor Boivin, community leader at Advisor Websites, to get some tips.

“To protect yourself, your website and your clients there are a few steps you can take,” she said.

“First, never collect any sensitive information over your website unless you are using an encrypted webform service or SSL Certificate. While it might seem like a good idea to get as much information as possible from a prospect as possible, if you are using an unsecured medium for that collection, you are essentially putting that information up for grabs online. Stick to basic, already publicly available information like name, email and phone number and stay away from personal information like SIN or credit card details. The same goes for file sharing. Be sure to use a secure service for the transfer of any sensitive files over your website.”

In fact, Boivin believes that the simplest solution is to avoid collecting any precious data information via your website at all.

“The simplest way to put it is, if there is nothing worth hacking on your website, no-one will hack it,” she said. “Those who target websites and aim to steal information are looking for specific information they can use to do things like access bank accounts or steal identities. If you don’t offer up any of that information by collecting it over your website, hackers will move on.”