In this Help Net Security interview, Renana Friedlich-Barsky, EVP and CISO at LPL Financial, discusses how threat actors are targeting high-net-worth clients and exploiting digital touchpoints in wealth management. She explains why firms must embed security from the start to protect sensitive assets and ensure seamless, secure client experiences.
How are threat actors evolving their tactics to target high-net-worth clients or exploit digital touchpoints in wealth management platforms?
Threat actors are becoming more targeted and sophisticated in their attempts to exploit wealth management platforms. High-net-worth clients are especially attractive targets due to the value of their assets and personal information. Criminals often use tactics like fake emails, phone calls, or text to trick clients or advisors into giving up sensitive data or approving fraudulent transactions.
Clients should be cautious about what they share on social media, especially details about their wealth or travel plans, as this information can be used to tailor scams. Publishing travel schedules can make clients vulnerable to impersonation or fraud while they’re away. Additionally, clients should avoid calling back unknown numbers or replying to suspicious texts, as these are common tricks used to establish trust. As digital tools become more common in wealth management, strong awareness and cautious behavior are essential for protecting personal and financial security.
How should CISOs and CIOs work with business leaders in wealth management firms to ensure security is embedded from the outset of digital initiatives?
CISOs in wealth management firms work closely with business leaders to embed security from the start of all digital initiatives. By adopting a security-by-design approach, security measures are integrated into the planning, development and deployment phases – rather than as afterthoughts. This proactive strategy minimizes risks while supporting faster, safer innovation. The adoption of a zero-trust framework helps protect sensitive data and systems, especially in environments with high-net-worth clients.
CISOs also focus on aligning security goals with business objectives, ensure that protective measures enable, rather than hinder, growth and client trust. By demonstrating how strong security enhances brand reputation, customer confidence, and regulatory compliance, CISOs help shift the perception of cybersecurity from a cost center to a business enabler, driving security and sustainable digital transformation in wealth management.
Where do you see the biggest gaps between digital innovation goals and cybersecurity readiness in the wealth management space?
One of the biggest gaps between digital innovation goals and cybersecurity readiness in wealth management is the failure to engage cybersecurity teams early in the project lifecycle. When security is not involved from the outset, critical risks may be overlooked, often resulting in costly rework, delays or non-compliance issues later on. For example, a firm may launch an AI-driven client platform on financial advice, but without proper data governance in place, it could inadvertently access or process sensitive client data without appropriate consent or controls. This oversight not only exposes the firm to regulatory violations but also erodes client trust.
Early collaboration with cybersecurity will allow privacy, data protections, and risk management to be built into the design, faster support, and more secure innovation. Engaging security from the beginning helps align digital initiatives with compliance and client expectations, avoiding setbacks and enabling long-term success.
As wealth managers increasingly adopt mobile-first services, how can they ensure secure client experiences across devices?
As wealth management becomes more mobile-focused, firms should confirm clients can safely access their accounts from mobile devices, (e.g. phones and tablets). To do this, use tools like fingerprint or face recognition to confirm identity, and build apps with strong protections behind the scenes to keep personal and financial information safe.
Guide clients on security awareness such as not using public Wi-Fi for financial tasks, being cautious with texts or emails from unknown sources and updating apps regularly. These steps help ensure the clients protect themselves from fraud or cyber threats.
How can firms balance frictionless digital experiences with strong authentication and security, especially for high-net-worth individuals who expect concierge-level service?
Ensuring robust security and a seamless digital experience is crucial for individuals today who expect fast, personalized, and uninterrupted service. Use of smart authentication tools that offer protection without causing inconvenience. For instance, instead of requiring complex passwords each time, clients can utilize fingerprint, facial recognition, or receive a one-time password.
To further enhance trust and convenience, firms can provide dedicated support teams trained to resolve any issues swiftly and discreetly. This combination of technology and personalized service helps keep clients safe without disrupting their experience. By integrating these protections into the design of digital services, firms can deliver the concierge-level service clients expect while maintaining strong safeguards for their sensitive financial information. The goal is to make security feel effortless, allowing clients to focus on their objectives with confidence.
