Customers may now manage their finances in a way that best fits their lifestyle thanks to the move to online financial services.
However, these technological developments have made clients more susceptible to fraud and have given rise to new opportunities for cybercriminals.
These individuals and groups have successfully evolved their tactics to keep up with emerging financial technology which has led to 41% of high-net-worth individuals becoming victims of financial crime in the past year alone. Concerningly, more than a third of these victims were targeted in the last six months.
Whilst financial planning firms have implemented robust measures to protect client finances from this risk, cyber attackers will take the opportunity to exploit even minor gaps in security systems and protocols. Therefore, advisers now bear a significant responsibility to promote awareness and best practices as the first line of defence.
Here, we’ll explore the potentially devasting consequences of failing to do so and the practical steps advisers can implement to protect clients and themselves.
Damage to client wellbeing
The frequency of sophisticated phishing schemes and malware attacks is one reason why there are more and more threats to the well-being of clients. In fact, research by Saltus recently discovered that the most common method for cyber criminals to infiltrate accounts was online shopping scams, with 24% of victims being targeted in this way.
This is followed by investment scams (20%), and pension scams (15%). By falling victim to cyber criminals, individuals lost almost £13,000 on average.
Beyond the immediate financial losses incurred, the process of retrieving lost funds can be costly, time-consuming and stressful. Funds also remain uninvested until such time that they are retrieved. Especially in volatile markets, clients’ inability to capitalise on these investment opportunities could increase their portfolio risk and chance of potential losses.
Financial advisers must remain vigilant about the emerging threats and pass these learnings on to clients. Without taking this step, financial planners are not equipping clients with the ability to protect their finances and future security, and therefore, failing to fulfil their duty to promote client wellbeing.
Adviser consequences
Whilst the financial magnitude of clients falling victim to cybercrime is clear, financial planners must also be aware of the potential damage this can cause for their careers, and more widely, the firm they work for.
Firstly, neglecting to create proactive security awareness may indicate to clients that their financial adviser has failed to successfully safeguard their assets, as well as demonstrated an inability to understand crucial emerging facets of finance. This has the potential to destroy the trust that is essential for long-lasting relationships between clients and advisers. With their reputation and faith in their abilities damaged, a lack of cyber education may encourage clients to take their custom to a different financial planning firm.
Furthermore, if the cyber crime involves the breach of client assets or data, this may lead to wider investigations into advisers’ conduct or best practices implemented by the firm, with any inadequacies discovered creating the potential for regulatory penalties.
Practical tips for clients
To minimise this risk, below are three key pieces of guidance for financial advisers to share with clients.
1. Secure connections
Many of the hacking attempts we witness today are aimed at gaining access and control of a client’s email account. If successful, criminals can read the entirety of clients’ correspondence and imitate them to gain access to other websites, such as those where clients’ banking or investments are held.
To tackle the relatively low level of security offered by email interactions, financial planning firms should provide clients with secure online portals to communicate with advisers. For additional protection, clients should always be discouraged from using public WiFi. Instead, they should wait to access a secure WiFi network or use their mobile data.
2. Recognise phishing attempts, remain vigilant
Phishing attempts often present themselves as emails mimicking banks or government bodies. Financial planners should help clients recognise these attempts and raise awareness with regular client communications, explaining that following the malicious links or clicking attachments in unsolicited emails could cause them to provide hackers with sensitive information. If a client has flagged that they have received a suspicious communication, this could be shared with all clients as an example to ensure that they do not fall victim to similar attempts to access their finances.
Equally, clients should be encouraged to be vigilant when sharing information online and consider whether the content could be used to gain access to their accounts. By regularly monitoring their statements, credit reports, and account activity, clients can quickly report any authorised transactions.
3. Introduce strong software controls
Financial planners should also recommend that clients only use strong passwords that are at least 12 characters long, and include upper and lowercase letters, numbers, and symbols. This password should not be repeated across different accounts and should be stored within password management software. Where possible, clients should enable two-factor authentication to add another layer of protection.
Clients should also be encouraged to regularly update their operating systems, browsers, apps, and security solutions whenever an upgrade becomes available. Downloading antivirus software and firewalls also minimises the occurrence of successful hacking and malware.
Protecting client and adviser interests
In an increasingly digitised sector, the modern client-adviser dynamic means it is pivotal to equip clients with a holistic cybersecurity education. By fulfilling their ethical obligations to protect clients’ overall wellbeing, financial advisers can ensure that clients do not fall victim to preventable financial losses. At the same time, they can sustain their reputation, uphold compliance, and ensure business stability amidst continually evolving cyber risks.
Amanda Jackson is head of technology at Equilibrium Financial Planning