By David Canter
Wire fraud, identity theft and email scams—especially "phishing"—threaten data security for financial advisors and are growing in number and sophistication.
The overall economic impact is significant. According to the 2017 Identity Fraud Study by Javelin Strategy & Research, $16 billion was stolen from U.S. consumers through identity fraud in 2016, up from $15.3 billion in 2015.
I know that the prevalence of cyberfraud comes as no surprise. In Fidelity’s 2015 Marketplace Perceptions Study, 92 percent of advisors said their firms consider it a serious threat to the financial advisory industry and their customers. More than half of executives surveyed in the Cerulli Associates 2017 Executive Outlook Survey identified cybersecurity improvement as their number-one technology investment in the next year.
The reality is that investing in security solutions is only one piece of the puzzle—the human element also plays a critical role in identifying fraud and protecting both your business and investors.
Consider integrating the following steps into your security strategies to make the human element work to your advantage and help combat the growing threat of data security compromises:
Integrate Human Confirmations Into Your Processes
Manually analyze client transactions and interactions closely. This includes carefully reviewing and authorizing each wire and EFT disbursement request received through email, and getting a verbal confirmation directly from the customer prior to submission.
Don’t rely on faxes, voicemail messages or emails to verify wire transactions—the human element of a live phone call is a crucial step in protecting accounts. According to a 2017 FBI Business Email Compromise PSA, identified exposed losses related to business email scams and email account compromise scams increased more than 2,000 percent between January 2015 and December 2016. It’s critical to go beyond email.
Review client account balances and transactions at least monthly. Any transactions or profile changes that are unusual for a client’s historical profile should trigger an immediate phone call to the client to verify the transaction.
Maximize the effectiveness of automated security tools by adding a personal element. If your system’s security tools identify suspect transactions, immediately contact the client via phone to verify the transaction.
Be Aware—and Cautious—About Employee Access
Delete the login credentials of former employees, and periodically review access levels of current employees. Consider making it a policy to regularly reset employee passwords.
Know the security level on each of your systems. Make sure your use is appropriate for the level of security available.
Don’t overextend authorizations. Be careful about who in the organization is authorized to issue money movements—and consider keeping this number limited.
Make Sure All Stakeholders Understand the Importance of Security
Establish, and regularly update, an employee education program on cybersecurity to keep all firm personnel abreast of the latest cybersecurity trends, policies and procedures. Make cybersecurity a regular agenda topic for team meetings and have a plan in place to train new employees.
Help clients understand proper security practices, for their good and yours. Customer education and awareness helps encourage them to play an active role in protecting their information and assets.
Being diligent about cybersecurity is crucial for protecting your customers’ money, and the human element plays an important part. What’s more, there is an added business opportunity to being security-savvy: the 2017 Fidelity Investor Insights Study found that 39 percent of investors would be willing to pay more for an advisor who helps educate them on ways to protect their financial assets from fraud and theft. To do that, you need to walk the walk when it comes to cybersecurity, and do everything possible to protect yourself and your clients.
David Canter is executive vice president and head of the RIA segment, Fidelity Clearing & Custody Solutions.