There are several important steps that RIA firms should be taking now — if they haven’t already — to reduce their risk of cybersecurity issues, especially now that their practices have largely gone remote as a result of the coronavirus pandemic, according to GJ King, president of RIA in a Box.
During a webinar Friday called “How to Manage Cybersecurity Risks with the Coronavirus Disruption,” he pointed to three key areas that RIA firms need to focus on as part of their cybersecurity considerations: People, technology and vendors.
Vulnerabilities with people include phishing, ransomware and spyware, with preventive steps that need to be taken for those including access controls, employee training and phishing testing. Underscoring the importance of employee training, King said those who work for you “are your firm’s greatest cybersecurity defense or weakness” because they are “being targeted more than ever right now during this disruption” and are at their most vulnerable.
“We’re seeing a huge increase in email phishing attacks targeted at RIA firms,” he told listeners. He pointed to a few specific email phishing attacks that have been experienced in the industry recently that advisors and their firms should avoid at all costs.
There have been “fake delivery of household goods confirmations” and fake Amazon order confirmations, where scammers “try to get employees to click on and enter in user credentials to confirm orders” of hand sanitizers and other products, he warned. Those kinds of attempts have been happening more often now, he told listeners.
There are also “fake charities being set up right now, trying to encourage employees to provide billing” and other information to make donations. Also being seen are scam emails “claiming to be from authoritative sources” including the World Health Organization, he noted.
The latter was among the phishing attacks that law firm Eversheds Sutherland recently predicted we would see more of now, along with emails from scammers claiming to be from other health-related organizations and even companies’ own human resources departments.
RIAs should also be on the lookout for scammers who email employees and claim they need to download software onto their devices to work remotely, and that software is actually malware, King warned.