Close Close

Industry Spotlight > Broker Dealers

Hacked: What to Do When Cybercriminals Hit Your Firm

Your article was successfully shared with the contacts you provided.

Cybersecurity is a constant threat, and considering how attractive a target a financial firm is, especially if they serve high-net-worth clients, advisors should be prepared for the worst.

Kimberly Foss, founder of Empyrion Wealth Management based in Roseville, California, noted the importance of having the right people to help you following a data breach.

“Hopefully you have a great IT team,” she told ThinkAdvisor on Thursday. When you realize you’ve been hacked, “you shut everything down, call the IT team and tell them what’s happened. Hopefully they can come in and find out where the hack happened and do the diagnostic of how they need to fix that.”

Then advisors need to determine how far the hackers got. “You have to figure out, did they get to client data? If you’re assuming yes, you do have an obligation to contact the client,” Foss said. “Things happen; stuff like this happens, so don’t wait. Email or call them and let them know what happened; what are the steps that you’re taking to contain that breach and move forward.”

Sometimes cybercriminals use “ghosting,” a type of identity theft where the attacker adopts the identity of a dead person, to make contact with a victim.

She described a colleague’s experience with ghosting. “A client was buying a home, talking back and forth through the advisor, and there was an outside attack. After a few months, the “ghost” had “enough information to be able to talk with the client and say, ‘Listen, we need another $100,000.’ End of the story is they did wire the money and they lost $100 grand.”

One of Foss’ own clients was a victim of the Cryptolocker virus. “It wasn’t a lot; it was a couple grand, but the panic that the client went through, it was horrific,” she said. “He had to succumb to the extortion and actually had to pay in bitcoin. It was like from a movie; it was a little bit scary.”

Foss said she worked closely with her client even though the attack didn’t involve her firm. “I wanted to know what happened so I could be a value to my client,” she said. They even “went through several different companies who were experts in Cryptolocker who said, ‘If you don’t have any backup, we can’t help you there. Either you move on or you work with the extortionist,’” she said.

Her experience with that client led her to hire a security auditor to test her technology for weaknesses. “You want to be proactive about it so I had a team from a company called Risk Control Strategies come in and do an audit of my system to find where my walls were thin,” Foss said. “If you don’t know that your system is infallible, get a diagnostic check first.”

Foss also recommended looking into insurance policies that cover cybercrime, but as Marlene Satter pointed out in her October column for Investment Advisor magazine, advisors who purchase those policies should pay close attention to what they do and do not cover. Some policies may not protect policyholders who are tricked into handing over money.