As an advisor, you know from first-hand experience that the banks, brokerage firms and mutual fund companies holding your clients’ wealth place an extraordinary emphasis on cybersecurity. And well they should, considering that more than 86% of affluent Americans are very or somewhat concerned about cyber breaches — with the top concern being a breach involving their financial accounts, according to the 2018 Chubb Personal Risk Services Cyber Survey.
But far more common than a cybercriminal breaking into the extremely secure system of a financial institution is the likelihood of a breach occurring through a home WiFi network or personal computer, or through “smart” devices such as internet-connected thermostats, appliances and even toys. Sometimes, even an advisor’s remote use of a work laptop can open the door to problems.
The 2018 Chubb Personal Risk Services Cyber Survey found many critical areas of cyber vulnerability go unrecognized, and that most of us aren’t taking even the most basic precautionary steps to prevent breaches. And few — only about 7% of those we surveyed — have a cyber insurance policy.
Based on our research, here are some important ways advisors can protect themselves, their firms and their clients from cybercriminals.
Be alert to ransomware. Ransomware is an attack on a computer or network that locks up or encrypts data, holding it hostage until the attacker/extortionist is paid a “ransom.” Experts agree that prevention is the best protection because attackers rarely return the information they have stolen.
Even if you or your clients use a password for a home WiFi network (as did 59% of those Chubb surveyed), don’t use the original password provided by the internet service provider (as 20% did) and update WiFi password regularly (only 15% of those surveyed did that).
Cracking a home WiFi network is an easy way for cybercriminals to gain access to personal data, as is stealing a laptop or tablet — which happens every 53 seconds, according to IT information provider ChannelPro Network. Advisors whose laptops or tablets are stolen provide cybercriminals with potential entrée to a host of firm, advisor and client data.
The best way to prevent the takeover of information on a network or a computer, experts say, is to back up data regularly; make sure antivirus and anti-malware software are installed and active; and update systems regularly. Sending reminders to clients to perform these tasks as part of regular emails or texts makes for a welcome and much-appreciated touch point.
Watch out for phishing scams. An astounding 90% of all cyberattacks start from phishing emails, according to SonicWall, an internet security company. To defend against such scams, do not click on an email or a link within an email if the message seems urgent for no reason, if it’s coming from an unknown sender, or — if seemingly from a well-known company — is somehow out of the ordinary, sloppy or poorly worded, which means it’s probably a scam.
Beware of smart devices. Security firm Symantec reports that attacks through increasingly popular “Internet of Things” devices such as home thermostats, security systems and even dolls rose 600% in 2017. For example, whoever thought using a remote garage door opener could lead to identity theft?
To prevent access through these devices, security experts advise turning off internet-connected toys when not in use, never discussing anything private in front of home voice-activated smart speakers or any other internet-connected device, and changing passwords and updating software regularly.
Advisors, who already follow strict cybersecurity protocols at work, should not neglect security when working remotely or when using home computers and networks. What’s more, as clients are equally concerned about cyber fraud, advisors can help them by sharing information about cybersecurity, as well as sending reminders about steps they can take to protect themselves. It’s a value-added service they will truly appreciate.
Fran O’Brien is Division President, North America Personal Risk Services, Chubb.