They say “the past is prologue,” and it’s a sentiment that certainly applies to the biggest cybersecurity risks for 2019, which have their roots in what we’ve witnessed throughout much of this year.
First, some context: So far in 2018, more than 100 cyber breaches have occurred at institutions that everyday people rely on to help keep their lives in order. The most glaring incidents have ravaged companies in a diverse range of industries, including Amazon, Marriott International, HSBC, Macy’s and Nordstrom, Facebook and Instagram, as well as the best-selling online video game Fortnite.
Many more cyber hacks and accidents occurred at lesser-known entities more comparable in size to the majority of independent RIA and broker-dealer firms.
Given the pace of breaches this year, 2019 probably will see an even more intense cyber onslaught, with independent financial advice firms and advisors increasingly viewed as relatively easier prey compared to global banks and Wall Street institutions by cyber criminals.
Here are the four most significant cyber risks that wealth management firms should watch out for next year:
1. Data Breaches with Third-Party Vendors—Your Biggest Risk Isn’t Within Your Firm
Third-party vendors that provide software and services to your practice are the biggest cyber threat in the year ahead. Knowing whether an outside service has created cybersecurity policies and procedures that will prevent client data breaches can be difficult if you’re not an expert. That’s why you must submit third-party vendors to rigorous due diligence that requires them to reveal past cyber breaches and to explain how they will protect your firm’s data.
This was underscored by a breach that stung the University of Buffalo in May, which resulted in over 2,500 students, alumni and staff having their login information stolen. During the latter half of this year, we also saw the SEC hand out a hefty fine to a well-known financial firm due to poor vendor oversight and for violating the regulator’s identity theft rules.
2. Web and Mobile Apps—Think Twice Before Posting or Sharing
Web and mobile applications have become essential to how advisory firms conduct business. Yet, these tools are susceptible to hackers and human error.
More and more advisors are using Instagram to connect with clients. This summer, hackers captured the login credentials of thousands of users, preventing them from accessing their pictures and videos. In a separate incident, Facebook, long a popular communication tool for advisor businesses, said perpetrators exploited weak coding to violate 90 million user accounts on the world’s most popular social media app.
Be careful what you post on sites like this and warn your clients likewise. Only give personal information to apps with ultra-strong cybersecurity track records. Moreover, follow the news to see if apps you once trusted have failed to stay vigilant with user data.
3. Phishing Attacks—A Continued Threat
Phishing attacks rely on unsuspecting users clicking on a malicious web link, usually sent via email, or to provide a stranger their username, password or even Social Security Number over the phone. Perpetrators typically accomplish this by impersonating someone, like a bank representative, or lying about a reward or emergency.
In a hacking ring exposed in March, cybercriminals acting at the behest of the Iranian government compromised the computer networks of 144 U.S. universities, breaching the email accounts of about 4,000 professors and stealing 34 terabytes of data. In all, it caused $3.4 billion in damages. They also attacked 36 U.S. companies and penetrated five U.S. government agencies.
If professors, companies and government agencies can fall victim to online scammers, so can financial advisors, their support staff and advisory clients. Your firm should train all participants on how to spot suspicious requests for information, whether it’s via email or over the phone.
4. Personal Devices as Ticking Time Bombs
Computers and smartphones have long been a sitting duck for hackers. Home-based gadgets linked to the Internet of Things (smart speakers and smart refrigerators, etc.) will likely become the next primary target. In all these situations, the devices themselves are often much less valuable than the data they contain.
As an outsized example, the military announced that a hacker gained access to sensitive information regarding the Air Force’s MQ-9A Reaper, advanced combat drones armed with laser-guided munitions. Each comes with a price tag of about $17 million.
Advisory firms can keep their devices safe by powering them down when unattended, using robust passwords and installing industry-specific cybersecurity software that monitors their usage in real-time.
The Independent Financial Advice Industry At the Frontline
With big-name organizations paying closer attention to cybersecurity issues and cybercriminals having already picked much of the low-hanging fruit, independent advisor data could be the new frontline for breaches, since it encompasses the information, in many cases, of wealthy clients. This means financial firms have every reason to guard against these top four cyber risks in the year to come.
Sid Yenamandra is the Co-Founder of CEO of Entreda (www.entreda.com), the leading provider of comprehensive cybersecurity solutions for independent retail financial advice firms and their affiliated advisors.