View more on these topics

Danby Bloch: Protecting your clients from cyber crime

Danby Bloch white

It is hard to write about cyber security without sounding overly scary, but that is because it is a scary subject. Platforms and other providers have reported more cyber attacks in the past year than ever before, and financial advisers are also an obvious target.

One of the most common attacks is the fraudulent email. A firm receives a simple email from a client telling them their bank details have changed and providing a new address, sort code and account number. The adviser changes its records accordingly.

A few days later, another email comes through from the client asking for £20,000 to be drawn from their investment account. The adviser arranges for the sum to be dispatched to the new bank account.

However, it soon turns out the emails have not come from the client and all hell breaks loose. A crook has hacked into the client’s email account (not that hard with the free email services around), impersonated them and stolen the money.

This unhappy story has been the experience of a fair number of advisers lately and will continue to happen until everyone has woken up to the danger and introduced some sensible precautionary procedures. As the use of computers and the internet becomes ever more central to our businesses, cyber security has become something that no adviser firm can ignore.

Email impersonation is one of the most straightforward types of cyber crime – equivalent to a backstreet mugging and often carried out by people hardly more sophisticated. Advisers should be able to stop it happening to them and their clients.

Make sure all these types of requests are followed up in person and that the person doing the check knows the client really well or can check on the basis of data that a crook is most unlikely to have captured. Warn clients of the dangers as well: suggest they change their email and other passwords reasonably often.

Crooks can gather a lot of knowledge about people. There is a surprising amount of information on the internet, especially of those on Facebook or Twitter.

‘Phishing’ is another way crooks can find out a good deal, by impersonating a bank or even HM Revenue & Customs. A phishing operator could pretend to be a product provider, a platform or even a financial advice firm and ask trusting clients for their personal information and for confirmation of banking and other financial details. Firms should have set procedures for asking for such information and warn clients they would never do so via email.

Further up the scale of potential cyber threats are more sophisticated assaults on or via advisers. TalkTalk recently fell prey to SQL injections – information-seeking software that penetrated their defences and directly sucked out names and banking details from its database.

Encryption and effective firewalls should be a strong enough defence against most such attacks and other malware. However, a really determined attack can sometimes get through.

With this in mind, it is worth having a plan of how to respond to such a catastrophe. What would you say to clients and the press? What practical actions would you take to limit the damage and isolate the problem? What insurance do you have to cover such an eventuality?

There are many elementary actions advisers should take to deal with cyber security generally. Secure all laptops, phones and tablets with coded entry, and use secure email. Change passwords often and make them strong. Remember also that cloud-based data storage is probably more secure than office-based servers.

I actually finished writing this article on an aeroplane and my neighbour in the next seat suggested I should place a special filter over my screen so that nosy people could not read what I was reading or typing. It is important to keep confidential information safe in public places.

Danby Bloch is chairman of Helm Godfrey

Recommended

Lee-Robertson-MM-Peach-700.png
4

Lee Robertson: Lessons from the US on robo-advice evolution

It has been an interesting few weeks in the robo-advice space, what with news that the regulator is letting possible new entrants play in a sandbox with less supervision and that one of the more respected US robo-advisers LearnVest has been sold to Northwestern Mutual. This latest acquisition follows on the heels of the purchase […]

Claire Trott Talbot & Muir
1

Claire Trott: Investing in commercial property through a Sipp

Sipps were initially founded on the investment in commercial property and it has only really been the past 10 years or so that they have come to be all things to all people. Technically, a Sipp is just a personal pension where the member can choose the investments themselves, according to the FCA anyway. In my […]

MM is 30: Editors past and present reflect on 30 years at the financial services coalface

Advisers and the wider financial services industry are well used to dealing with the fast pace of regulatory and political change. For the last 30 years, Money Marketing has helped advisers navigate the myriad reforms to come their way, and provided them with the insight they need to help run their business. To mark Money […]

Richard-Leeson-MM-Peach-700.jpg
8

Richard Leeson: FCA must clear up advice charges confusion

A few weeks ago, Money Marketing ran a story headlined “Sunday Times takes SJP to task over charges”. The piece explained that several readers had been in touch with the Sunday paper concerned about a lack of clarity surrounding the cost of advice from St James’s Place. One reader told The Sunday Times: “I use both Hargreaves […]

Newsletter

News and expert analysis straight to your inbox

Sign up

Comments

There are 2 comments at the moment, we would love to hear your opinion too.

  1. Another precaution is to remove or disable default or administrator accounts. I have seen and heard of instances where hackers have got into systems using default administrator accounts and passwords.

  2. “I actually finished writing this article on an aeroplane and my neighbour in the next seat suggested I should place a special filter over my screen so that nosy people could not read what I was reading or typing.”

    Nosy parkers like him, you mean. If he hadn’t been looking at your screen you could have been writing a novel, emailing your mother or posting comments on the Daily Mail for all he knew. To make that suggestion he must have looked at your screen and noticed that it had something to do with money or finance.

    I would hope we would think twice before opening really personal information in a public place, but at the same time there is a limit to the amount a nosy parker can see on a crowded plane, with view obstructed by bodies, armrests, seats etc, without their staring becoming completely obvious. Maybe your neighbour ran a business selling screen filters to the paranoid.

Leave a comment