From ransomware attacks to unsecure Wi-Fi connections, the ways in which advisors' data, including client information, can be compromised is only increasing.
That was the message from Eric Strong, president and co-founder of Mississauga, Ont.-based 4Cast Services Inc., who spoke about cyber risk and compliance in financial services at the Canadian Institute of Financial Planners (CIFPs) annual national conference in Ottawa on Monday.
"The landscape out there is fraught with increased risk," said Strong, who noted the four following cybersecurity risks advisors and their firms face, as well as some tips on how to keep their data safe:
> Too much faith in technology
Just because you have the latest mobile device or computer doesn't mean your information is secure.
"Technology in and of itself is not safe," Strong said.
As such, advisors should be careful about what devices they use — and where they use these devices. For example, although an advisor may work on a secure device and Internet connection at the office, that same data could be compromised when an advisor transfers those data to an unsecure personal computer or smartphone.
> Global footprints
Cyberattacks can hit companies on a global scale, which means an attack won't necessarily be an isolated regional incident, but could instead impact a firm's entire operation.
> Climate change
Companies that work in multiple regions and countries could find themselves, and their data, exposed because of extreme weather.
For example, natural disasters can destroy or damage a firm's infrastructure for storing and protecting confidential information, which means that data would then be vulnerable to hackers.
"In that instance, it's paramount for the organization to make sure the data that existed in those locations is securely protected, backed up and recoverable," Strong said, "so that your clients' information doesn't get compromised in any way."
> Third-party resources
Even with the proper procedures in place, advisors and their firms could still be vulnerable to a cyberattack because of third-party vendors that may not be as diligent about cybersecurity.
"The reliance on your downstream suppliers, your partners, your ecosystem, all generate and contribute to the level of risk that you as an individual, and you participating in an organization, are going to be confronted with," Strong said.
The amount of personal liability an advisor or other employee has for a data breach at a corporation is still unclear, Strong noted, but there are a few steps advisors can take to protect clients' information.
For example, avoiding commonly used passwords, such as "123456" or "Qwerty," can go a long way to securing data properly. Similarly, you should never use passwords that include easily guessed information, such as a birthday, anniversary or telephone number.
Instead, advisors should create unique passwords that use a combination of numbers, symbols, as well as upper- and lower-case letters.
Advisors should also be wary of public Internet connections, which are often referred to as "hotspots."
"There are tools that hackers use that can very easily pick up on the nature of whatever you might be transacting [over a public Internet connection]," Strong said.
As a result, advisors should be careful about using the free Wi-Fi connections at coffee shops and other public locations as they could be putting their information, as well as their clients' data, at risk.
Photo copyright: maxkabokov/123RF