How to keep your business and clients safe from cyber crime
October is Cyber Security Awareness Month, which encourages Australians to find new ways to stay safe online. For financial advisers, adopting the right strategies can help to keep your practice secure, while giving your clients extra peace of mind, as this article explains.
Financial advisers are trusted to keep their clients’ wealth and sensitive information safe, which means robust cyber security practices are paramount for today’s practices.
In the past couple of years, large-scale hacks at companies such as Optus, Medibank and MediSecure have brought the critical issue into focus and led to many businesses upscaling their mechanisms to protect customers.
As we mark Cyber Safe Awareness Month – which encourages all Australians to take steps to stay secure online – intelliflo has explored the ways advice businesses can ensure they are meeting their cyber-safe obligations to clients, while also shielding their practice from harm.
Carefully monitor and vet your cyber supply chain
Much like patients trust their doctors to manage their health discreetly, advice clients expect their personal information, goals and investments will be kept private. However, if you’re using multiple systems to collect and manage data, there’s a potential for that information to fall into the wrong hands.
For example, with the recent MediSecure hack, which leaked private health information, a third party was blamed for the release of information.
It’s therefore important to carefully vet third parties to ensure they have robust processes in place to keep your clients’ information secure. At intelliflo, we ensure that only a select group of people have access to our customers’ information through robust Identity and Access Management (IAM). In other words, only people who have authorised access can view specific information and that access is regularly reviewed. We also engage trusted external agencies to oversee our processes to ensure we’re doing the most we can to keep customers’ data safe.
In recognition that cyber crime is a persistent and escalating threat to all businesses, we decided to increase the number of cyber security experts on our team, too.
Embrace technology to protect clients’ sensitive information
Financial advisers regularly communicate with their clients and often, that communication involves sensitive personal or financial information. If intercepted or emailed to the wrong address, the results can be catastrophic, ranging from identity theft to scams impersonating an official party.
Recent statistics from Scamwatch show cyber crime involving ‘attempts to gain personal information’ – including phishing, identity theft and remote access scams – have cost Australians more than $20m in 2024 alone. Sadly, more than half of the losses have been reported in the 65+ age group.
To avoid these risks, secure technology, such as client portals, are increasingly being favoured to share information safely. Insights from intelliflo indicate clients in the 60-69 age bracket are the highest users of client portals, with security among the attractive features for this cohort. Access to client portals is limited and protected, which can help to reassure clients that their sensitive information is unlikely to be viewed by anyone beyond their trusted adviser.
Use systems with accredited security certification
If one weak link in the chain can make your business vulnerable, how can you trust the systems you use are up to scratch when it comes to cyber security?
One way is to review the standards external providers meet by looking at their accreditation. For instance, our solutions are validated by ISO 27001 certification, which means that we adhere to the highest recognised standard of information security compliance. As part of that, we commit to maintaining and regularly improving our information storage methods.
Cyber.gov.au – the hub of the Australian Cyber Security Centre – recommends small businesses ask a few key questions, including:
- Does the third-party follow its own cyber security process for its system?
- Does it use secure coding practices?
- Has the business made a commitment to maintaining the security of its products and services?
Adopt a proactive approach
Hackers’ methods evolve quickly in order to evade detection, which means businesses need to stay a step ahead to keep their data safe.
Ways to elude cyber criminals include:
- Continually updating software to ensure it has the most up-to-date protection against potential, emerging threats;
- Changing passwords and passphrases on a regular basis;
- Avoiding shared accounts, as they are less secure and potentially more difficult to trace;
- Using Multi-Factor Authentication (MFA) to try and limit the ability of third parties to hack into your systems.
Register for alerts about Cyber Crime
To keep on top of the latest tricks cyber fraudsters are using, consider subscribing to alerts or regularly checking in with verified sources, such as the Australian Securities and Investments Commission (ASIC), Scamwatch and the Australian Cyber Security Centre. Being aware of active scams can help you and your team to avoid them.
Keep your staff and clients in the loop
The key message from Cyber Security Awareness Month is that “cyber security is everyone’s business”.
For advice and other financial services businesses, keeping staff aware of cyber security risks and vulnerabilities can help to either prevent or limit harm from an attack. Depending on the size of the practice, that may mean regular team or individual training or seminars about how to spot criminal activity, who to report it to and ways to prevent it. If your system is compromised, it’s important to tell staff immediately and have a plan in place around what to do next.
Your clients are also likely to be interested in how you’re keeping their sensitive information safe and what your plans are if your systems are targeted. Being clear with clients about what you’re doing to protect their sensitive information can help to ease anxiety and feel confident they can trust that you are doing your best to shield their wealth. These discussions can take place in client meetings or be communicated with clients in email newsletters.
It’s also important to have a framework dictating how you would tell customers if your system was attacked. The Australian Cyber Security Centre says businesses should ask themselves who is responsible for reporting incidents to customers and where customers can get in touch to find out more information. Even if your business is small, appointing someone internally to oversee cyber security issues could reduce confusion and lead to a swifter response if your system is compromised.
When it comes to protecting your business against cyber crime, your staff and clients are among your best assets. Remember: cyber security is everyone’s business.
When you visit any of our sites, bits of information (i.e., cookies) may be stored or retrieved on your browser. We use these cookies to improve our site operations and remember your preferences for interacting with us. Because we respect your right to privacy, you can choose not to allow some types of cookies (e.g., those that directly identify you). Click on the different cookie category headings under ‘view preferences’ to find out more and customize your default settings. Please note that blocking some types of cookies may impact your site experiences and the services we are able to offer.
Strictly Necessary/Functional cookies Always active
Preferences
Analytical/Performance cookies
Targeting cookies