What advisors can do to protect client information

Leaving complete responsibility for the protection of client information to head office may be a mistake, with experts identifying key steps individual advisors can take to stave off a cyberattack

Financial firms are among companies that cyber hackers are targeting. With a multitude of private information and personal databases, hackers set their sights on those companies who recognize the importance of putting such information in jeopardy.
The Canadian Anti Fraud Center estimates that cyber attacks result in $19m worth of losses per year. This number is considered to be extremely low given that many instances go unreported. Financial firms contribute to some of those losses having had their systems hacked and information stolen.
The hackers use a variety of tactics to hack their way into company databases, access information then hold it for ransom or sell it on. They have also been known to impersonate staff members in emails asking for invoices to be paid in order to receive large sums of money.
Whatever the scam may be, financial firms are at risk. We spoke to experts in the tech industry to learn what individual advisors and their firms can be doing to make sure they’re super-safe and cyber-sensitive.
  1. ‘By adding one more character to your password you can add days, years, even eons of time that it would take to crack it.’ – Jim Love, CIO at IT World Canada
  2. ‘Making sure your technical capabilities are fully up to date. So antivirus and malware solutions are up to date with the latest patches and drivers and also make sure you’re thinning about any other technical capabilities to deal with this type of issue.’ – Paul Hanley, a cyber security lead at KPMG
  3. ‘Make sure you have an up-to-date centralised and functioning anti-virus solution that’s running across the environment. Hopefully someone is looking at this thing and responding and is aware of what’s happening across the environment.’ – Mike Kolasa, VP of Security Analysis at Herjavac Group
  4. ‘Make sure any back ups you create are done on a write once read many type media. Once you’ve created that back up, even if malware comes into your systems, it can’t affect that back up or infect it.’ – Paul Hanley, a cyber security lead at KPMG
  5. ‘The second thing is you want to have a network based intrusion prevention system that is rolled out properly across core segments of the environment so basically watch what traffics traversing the network and identify anything bad that’s happening there. All these systems should be feeding into a centralised management solution like a log management solution. So all that data and all those logs should be fed and aggregated into one place where analysts can correlate that date and analyse threats.’- Mike Kolasa, VP of Security Analysis at Herjavac Group
  6. ‘If you suddenly get confronted with this piece of malware, this ransomware, you need to think about if you are going to pay or are you not? What we typically say is you need to be clear on whether you are going to or not in advance. If you are you have to pay via bitcoins and most organisations don’t have a bitcoin account and it can take a number of days to create and open an account so can you open that quickly enough to be able to pay the ransomware even if you want to?’ - Paul Hanley, a cyber security lead at KPMG
  7. ‘If the organisation themselves does not have the skills or capabilities to run and monitor these kinds of technologies they should really outsource the speciality of security to organisations that do specialise in that. It’s one thing to have the security technology in place but it’s a whole other thing to make sure that technology is working properly and defending your organisation.’ Mike Kolasa, VP of Security Analysis at Herjavac Group
  8. ‘I’d be happy if people just didn’t have their social media passwords be their bank password or corporate password. We ban that.’ – Jim Love, CIO at IT World Canada