SEARCH
Five simple ways to improve cyber security in your advice practice
Five simple ways to improve cyber security in your advice practice
A cyber security breach is potentially catastrophic but advice practices can take some simple steps to bolster their defences.
Cyber attacks are on the rise as the world becomes increasingly digital. And advice practices – particularly small businesses that deal with large sums of client money – are at risk of being targeted.
No one is immune. One major dealer group was recently ordered to pay $750,000 by the Federal Court over cyber security breaches that allowed criminals to gain access to confidential and sensitive client information over several years.
The landmark ASIC case serves as a warning to other advice practices to strengthen their cyber security defences no matter how busy they are in helping clients or running their business.
“It is not possible to reduce cyber security risk to zero, but it is possible to materially reduce cyber security risk through adequate cyber security documentation and controls to an acceptable level,” Justice Rofe said in the judgment.
Fortunately, there are simple steps that advice practices they can take to ensure they’re protecting their business and client assets from most cyber threats.
Use a password manager
Passwords are a common point of weakness. Simple passwords are easy for hackers to guess (“123456” remains the most used password in the world).
Another common point of weakness is re-using the same password across multiple sites. If one site has a data breach which exposes passwords, it leaves users vulnerable across many sites where they have used the same email address and password combination.
The solution is to use a password manager, such as Dashlane, 1Password, and LastPass. They require remembering just one strong master password – every other password can be generated randomly and stored within the password manager.
Use two-factor authentication
Two-factor authentication (2FA) provides a second line of defence beyond passwords. It requires confirmation on top of a password via a second channel, such as text message or email.
While it can be slightly inconvenient compared to using a password alone, it provides a significant security upgrade. Many people are now accustomed to 2FA, given that banking apps commonly require a second confirmation via text message when transferring money.
If your software supports 2FA, switch it on.
Use client portals for sensitive information rather than email
Email is a popular fallback to send sensitive data but it remains inherently insecure.
It leaves both advice practices and clients exposed to phishing attacks, where cyber criminals send fraudulent communications that appear to come from a reputable source. They can harvest personal data, make false requests, or change bank account details contained in emails.
Even if cyber criminals aren’t at play, it’s all too easy to send sensitive information to the wrong email address, which can undermine client trust.
The 2022 Future Ready IX advice report showed that 22 per cent of advisers say they don’t have adequate security and file encryption for transmitting sensitive data.
Good advice software should include a secure client portal to communicate or send information. Clients can set their own password (or the password can be delivered over a different communication channel, such as in person or by text message) to use the portal, which is significantly more secure than sharing client information via email.
Use cloud-based storage and software rather than local storage
A secure cloud-based workflow is more efficient and secure than storing information locally or on paper. It is easier to provide an audit trail, search for information, and ensure ongoing business continuity. It is cost-effective and flexible, with major cloud-based vendors investing huge amounts of money to secure their systems.
Software applications that run in the cloud are seamlessly updated with new features and security patches while desktop software often requires manual checks.
When using a cloud-based service, it is pertinent to check where the data will be stored. Storing data in Australian-based data centres not only ensures that it falls under Australian legislative protections but also that these protections can be enforced in case of a breach.
While most practices are using the cloud in some form, practices should also review their back-up strategy. The Future Ready report found that while 93 per cent of advisers now back up their critical data daily or in real time, one in three (32 per cent) said they haven’t tested or restored from their backups in at least six months.
Review cyber security of suppliers and software providers
The cyber security of any advice practice is only as secure as its weakest link. A breach at a small supplier could give cyber criminals a way into your sensitive client data or advice practice.
Ensure that suppliers have strong cyber security controls in place and be wary of free software – if you are not paying for the product, you are the product.
Most large companies invest heavily in security and technology and have the resources to adopt international standards such as the ISO/IEC 27001 on information security management. Compliance with these standards is independently assessed and provides a heightened level of confidence.
Fraser Hamilton, chief technology officer, Midwinter
About the author
Neil is the Deputy Editor of the wealth titles, including ifa and InvestorDaily. Neil is also the host of the ifa show podcast.
Neil is the Deputy Editor of the wealth titles, including ifa and InvestorDaily. Neil is also the host of the ifa show podcast.
Subscribe to our Newsletter
We Translate Complicated Financial Jargon Into Easy-To-Understand Information For Australians
Your email address will be shared with nestegg and subject to our Privacy Policy
latest articles
OUR PLATFORMS AND BRANDS
- Accountants Daily
- Accounting Times
- Adviser Innovation
- Australian Aviation
- Broker Daily
- Cyber Daily
- Defence Connect
- Fintech Business
- HR Leader
- Independent Financial Adviser
- Investment Centre
- Investor Daily
- Lawyers Weekly
- Money Management
- Nestegg
- Property Buzz
- Real Estate Business
- Smart Property Investment
- SMSF Adviser
- Space Connect
- Super Review
- The Adviser
- Wellness Daily
- World of Aviation
EVENTS AND SUMMITS
- Accountants Daily 30 Under 30 Awards
- Adviser Innovation Summit
- Australian Accounting Awards
- Australian Aviation Awards
- Australian Broking Awards
- Australian Defence Industry Awards
- Australian Law Awards
- Australian Space Awards
- Australian Space Summit
- Better Business Summit & Awards
- Broker Daily Business Awards
- Corporate Counsel Summit & Awards
- Cyber Security Summit & Awards
- Defence Connect Budget Lunch
- Defence Connect DSR Summit
- Fund Manager of the Year Awards
- ifa Excellence Awards
- ifa Future Forum
- Investor Daily ESG Summit
- Lawyers Weekly 30 Under 30 Awards
- Lawyers Weekly Women in Law Forum
- New Broker Academy
- Partner of the Year Awards
- REB Awards
- Reinnovate
- SME Broker Bootcamp
- SMSF Adviser Technical Day
- Super Fund of the Year Awards
- Women in Finance Awards
- Women in Law Awards
- Accountants Daily Podcast Network
- Australian Aviation Podcast Network
- Broker Daily Podcast Network
- Defence Connect Podcast Network
- HR Leader Podcast Network
- REB Podcast Network
- Relative Return
- Space Connect Podcast
- The Adviser Podcast Network
- The ifa Show
- The Lawyers Weekly Show
- The Smart Property Investment Show
PODCASTS
LEARNING AND EDUCATION
MOMENTUM MARKETS NETWORK
LINKS
STAY CONNECTED
Subscribe to the Adviser Innovation eNewsletter.
OUR PLATFORMS AND BRANDS
- Accountants Daily
- Accounting Times
- Adviser Innovation
- Australian Aviation
- Broker Daily
- Cyber Daily
- Defence Connect
- Fintech Business
- HR Leader
- Independent Financial Adviser
- Investment Centre
- Investor Daily
- Lawyers Weekly
- Money Management
- Nestegg
- Property Buzz
- Real Estate Business
- Smart Property Investment
- SMSF Adviser
- Space Connect
- Super Review
- The Adviser
- Wellness Daily
- World of Aviation
EVENTS AND SUMMITS
- Accountants Daily 30 Under 30 Awards
- Adviser Innovation Summit
- Australian Accounting Awards
- Australian Aviation Awards
- Australian Broking Awards
- Australian Defence Industry Awards
- Australian Law Awards
- Australian Space Awards
- Australian Space Summit
- Better Business Summit & Awards
- Broker Daily Business Awards
- Corporate Counsel Summit & Awards
- Cyber Security Summit & Awards
- Defence Connect Budget Lunch
- Defence Connect DSR Summit
- Fund Manager of the Year Awards
- ifa Excellence Awards
- ifa Future Forum
- Investor Daily ESG Summit
- Lawyers Weekly 30 Under 30 Awards
- Lawyers Weekly Women in Law Forum
- New Broker Academy
- Partner of the Year Awards
- REB Awards
- Reinnovate
- SME Broker Bootcamp
- SMSF Adviser Technical Day
- Super Fund of the Year Awards
- Women in Finance Awards
- Women in Law Awards
PODCASTS
- Accountants Daily Podcast Network
- Australian Aviation Podcast Network
- Broker Daily Podcast Network
- Defence Connect Podcast Network
- HR Leader Podcast Network
- REB Podcast Network
- Relative Return
- Space Connect Podcast
- The Adviser Podcast Network
- The ifa Show
- The Lawyers Weekly Show
- The Smart Property Investment Show