Financial clients have little to no confidence in financial companies to protect their data, and are generally skeptical that corporations and government agencies can do so.
According to a study by the New York City-based American Institute of CPAs (AICPA), 80 percent of Americans say ID theft is “likely” to cost them financially sometime in the next year.
Cybercrime cost U.S. consumers $19.4 billion in 2017, the AICPA reports. Evidence is beginning to mount that the financial sector is increasingly a target of data thieves.
According to the Verizon 2018 Data Breach Report, data breach attacks against financial institutions are at an all-time high. Banking trojan botnets and denial of service (DoS) are the most common attacks in the financial industry.
In such a vulnerable and risk-laden data security environment, what can financial advisory firms do to hold (and boost) the trust of clients worried about the safety of their private data?
“The general mistrust consumers have in financial services companies protecting their data is absolutely warranted,” said Maureen Gray, chief operating officer of Blue Ridge Networks in Chantilly, Va. “Hackers have proven time and again that traditional methods of defense don’t work and that anyone with enough time and resources can find their way around security protocols.”
That's why it's imperative that these organizations adopt a zero-trust methodology when it comes to cybersecurity, and completely isolate their critical systems, Gray said.
“This approach is both efficient and effective because it enables organizations to seamlessly connect, isolate, contain, cloak, and manage users and devices over any transport, anywhere in the world, with minimal network configuration change,” she explained.
Clients Share Some of the Blame?
Yet financial advisory firms don’t seem to be getting that proactive, no-nonsense prescription for client data safety -- and neither are clients.
“Every week, I inevitably hear from a distressed financial advisor who has to rescue a
client whose accounts have been compromised,” said Robert Siciliano, CEO of IDTheftSecurity.com in Boston. “Moneyed clients are big targets, and they aren’t necessarily cyber savvy.
“The problem isn't financial services insecurity, it's the problem clients. And they blame the banks.”
Advisors need to get aggressive about educating their clients on the real-life dangers of data theft, he added, and the sooner the better.
“As a financial professional, you’re perfectly positioned to inform and educate your clients on the easiest and most effective ways to keep their data secure and their identities protected,” he said. “Equip your clients with the simple tools and effective information to make them secure and you will be their trusted advisor for life.”
Here’s a short list of tips to get that job done, according to Siciliano.
1. Learn where the weak spots are in your clients’ knowledge of online fraud.
2. Empower your customers to be their own security experts.
3. Instill loyalty in your clients by providing them with 360-degree awareness of not
only their financial situation but also their security situation.
“The idea is to reduce victimization by partnering with your clients and preventing fraud
by making the client cybersecurity savvy,” Siciliano said.
Transparency Builds Trust
Another big key in securing client trust on data security issues is to be more open and transparent, other security experts say.
“For financial services firms to gain my trust, stop operating in secret,” said Greg Scott, a cyber-security specialist and author of the book, “Bullseye Breach.”
“Tell me what you're doing for security,” he said. “Present it at conferences, send out press releases, run seminars, show me the vault and publish details about how the locks work. Subject yourself to public scrutiny about your methods.”
Being transparent may seem counterintuitive, as many business decision makers believe security methods should be a secret.
“In the real world, attackers spend all day probing for vulnerabilities and they spend all night sharing ideas over the Internet to improve their probes for the next day,” Scott said. “While bad guys collaborate and improve, good guys isolate themselves behind the castle walls.”
It’s also a good idea to get your advisory firm certified by cybersecurity specialists.
“I recommend to all of my clients that they get all the prerequisite security measures put in place,” said Frank Bradshaw, founder and CEO of Ho'ike Technologies, a data security firm based in Brooklyn, N.Y. “Then, seek an industry standard certification.”
Once an outside auditor verifies that you have a sound cybersecurity program in place, they’ll give advisors a badge to place on their firm’s website.
“From there, put out a press release, let clients (and potential clients) know you have achieved this coveted certification,” Bradshaw said.
Overall, financial services firms need to be more open and transparent.
“The alternative is to lose more customers and your reputation if you try to hide what will inevitably come to light,” said Bradshaw. “Get out in front, tell your clients what's going on, and be honest and transparent.
“It's a painful exercise at first, but it will be good business in the long run.”
Brian O'Connell is a former Wall Street bond trader, and author of the best-selling books, The 401k Millionaire and CNBC's Guide to Creating Wealth. He's a regular contributor to major media business platforms. Brian may be contacted at [email protected]
© Entire contents copyright 2018 by AdvisorNews. All rights reserved. No part of this article may be reprinted without the expressed written consent from AdvisorNews.