Cybersecurity

Yan Huard

Yan Huard is chief of information security at Croesus, a Montreal-based information technology (IT) firm that offers sophisticated wealth-management solutions to financial services institutions across North America.

Read and follow your firm’s guidelines on social media use and take the necessary steps on a daily basis to protect your reputation, brand and data

By Yan Huard |

LinkedIn, Facebook, Twitter and other social media platforms provide great tools for financial advisors to connect with clients, promote themselves, their services and the organizations they represent. However, as with other any other technology, advisors need to be careful.

Social media platforms are, by their very nature, prone to a range of security and other risks. These include:

1. Reputational risk
Arguably, advisors' success in building their businesses is based primarily on the personal and professional reputations they develop and maintain. The stakes are particularly high these days as the line between your personal and professional brands' images is constantly thinning.

For example, a friend of mine who's an independent advisor uses his personal Facebook profile, as well as other social media accounts, to promote his services. Valuable as it is, he knows that his good reputation can potentially be destroyed by something as simple as a stupid Twitter comment. This knowledge has a strong effect on how he uses the platforms.

The past few years have proved this in spades. Negative events have impacted the image and revenue of a range of prestigious and highly brand-conscious players, ranging from Samsung, to Uber, to Toyota and Volkswagen.

Big businesses such as these can often recover by redirecting massive funds to rebrand. Advisors don't have that luxury.

2. Data security breach
The popularity you gain on social media, valuable as it is, can also bring unwanted attention. Hackers and criminal organizations are now using social media increasingly as an attack vector to deliver malicious payloads, exploiting what are often weak spots in organizational defensive perimeters.

The reason they often succeed is that although information technology (IT) or cybersecurity departments generally scan traditional transmission vectors such as emails and USB keys for malicious software, social media URLs are generally regarded as far lower priorities. However, social media platforms themselves admit that between 2% to 5% of the accounts on their network are illegitimate. That adds up to a lot of potential threats and security holes.

3. Social engineering
The practice of using psychological manipulation to get people to perform actions such as divulging confidential information, known as "social engineering," is made easier by the sheer amount of personal information available online. Worse, we share this information willingly.

A hacker, using data collected from your Pinterest, Google+ and other social media accounts, can often easily use them to hack into your business employee account. If you're working for a small company, your IT or cybersecurity department might catch the breach; but, if you're just one of 25,000 employees, that's a whole other story.

Thus, one of the keys for any advisor using social media is to minimize the potential risks. If your employer already has mature governance controls and procedures in place, chances are you already have access to its code of conduct and formal guidelines about behaviour at work, which include protocols related to social media usage. In the case of advisors working for banks or other large firms, human resources, in conjunction with IT departments, generally dictate these codes of conduct.

Be smart. Read and follow those guidelines. They were written by professionals who know their business and who are there to protect you and the company from the many potential risks that social media present.

You should also do the following — particularly if you are an independent advisor and don't have access to corporate guidelines:

  • Think twice before clicking "like" on that controversial group or sarcastic comment.
  • As with email, don't click on links that sound too good be true.
  • Restrict access to your profile to people you know. Even better, create separate groups and filter who can access what information.
  • Be prepared to respond quickly if something goes wrong.
     

Finally, do your due diligence before choosing your social media and other communications tools. Make sure that you understand the pros and cons of each platform and keep in mind the basic steps you need to take to mitigate risks.

Don't forget: as Warren Buffet once said, "It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently."