Is your advisor ready for cyber assaults? Right here's what you must know
Vasily Pindyurin | fStop | Getty Images
Cyber criminals steal billions of dollars from financial companies every year. Financial advisors – and their clients – are at risk, according to security experts, as attacks increase and become more complex.
"Consultants have one thing that bad actors want and that is money," said Brian Edelman, chief executive officer of FCI, a cybersecurity firm that specializes in financial services. "You are the goalkeeper for a lot of money."
More from Advisor Insight:
How to protect yourself from fraudulent financial advisors
What should I do before making a charitable donation?
Active mutual funds may make more sense than index funds here
Registered Investment Advisers [RIAs] manage more than $ 4.7 trillion in client assets – about a quarter of all assets under management, according to TD Ameritrade. That number could rise by $ 1.4 trillion by 2022, according to the company.
According to a report by the White House Economic Advisory Council that found cybercrime cost the US economy between $ 57 billion and $ 109 billion, the valuable customer data makes financial firms not only a central repository for customer funds, but also for fraudsters 2016.
The public and private financial sectors suffered the most security breaches this year compared to other industries, according to White House analysis.
It could have gone in a completely different direction because the quality of the fake was pretty, pretty good.
Founder of Inspired Financial
Investors don't often ask for their financial planner's cyber logs, said Evelyn Zohlen, certified financial planner and founder of Inspired Financial in Huntington Beach, California. However, questions about protective measures should be on every customer checklist.
"You should take care of it because by the time there's an incident and you ask, it's too late," she said.
According to Edelman, here are five key questions investors should ask current and future financial advisers about their cyber protection:
• What would you do if you had a security incident involving my confidential information?
• How do you protect my data?
• How can you prove that you are complying with cyber regulations?
• Do you have cyber insurance?
• Do you have a third party to certify that you are safe?
Those points are either cyber requirements or recommendations from financial regulators like the SEC and the financial industry regulator, Edelman said.
Investors should request evidence that advisors can provide evidence or substantiate their answers, Edelman said. They should also take note of their customer experience – for example, investors receive encrypted email messages and require multi-factor authentication to access the customer portal, Edelman said.
"There are two types of financial services company: those who have been exposed to a cyberattack and those who will," said consultancy PwC.
Almost half of companies have experienced some type of financial fraud in the past two years, with cybercrime being the most prevalent, according to a recent PwC survey of 5,000 global companies. About one in ten companies lost more than $ 50 million. Only 56% investigated the incident.
Zohlen could have inadvertently transferred $ 80,000 in customer funds to fraudsters this fall had it not been for cyber controls in place at the company.
"It could have gone in a completely different direction because the quality of the counterfeit was pretty, pretty good," said Zohlen, who is also chairman of the Financial Planning Association, a membership group of nearly 21,000 advisors.
Westend61 | Westend61 | Getty Images
The fraudster requested the sum for renovations using an email address that appeared legitimate, a not uncommon request to the customer, who owns many rental properties, Zohlen said. The fraudster also attached a valid invoice from a contractor.
The company discovered the attempted theft when they reached out to the customer to confirm the transaction – part of a protocol that was put in place to proactively call customers and verify details.
"I'm worried about all the new and exciting ways [criminals] to find out how to fool us," said Zohlen, who has seen that fraud attempts are becoming more common. "The experience this fall opened my eyes."
Cybersecurity is one of the Securities and Exchange Commission's top auditing priorities for financial advisors because of the increased risk to investors.
According to the FBI, consumer loss to cybercrime is increasing, reaching a record $ 3.5 billion last year.
Bill Clark | CQ Appeal, Inc. | Getty Images
The FPA launched a cybersecurity membership certification program last month. The topic is especially important given the consultants' fast pace of business, said Martin Seay, FPA president and director of Kansas State University's personal financial planning program.