It’s Time to Talk to Your Client About Cybersecurity

Why financial advisors are working customers into their security strategies

Financial Planner Advisor Client

Securing financial organization can be challenging due to multiple lines of attack, the countless way thieves can sneak into a network. At the end of the day, the onus—even in cases of client negligence—falls on the institution. A client will, nonetheless, be inconvenienced. So why not leverage customers’ concerns to mitigate threats, too?

An automated, analytics-based security platform should always lie at the foundation of a business. It is inexhaustible and accurate in spotting threats. It doesn’t presume what breaches may look like (a trapping of threshold-based tools) or produce false-positives like trigger-happy SIEMs. And, when based in machine learning, it becomes omnipresent in visibility, which provides actionable intelligence.

Combined with a smart insurance policy, these are formidable risk-management tools that keep you compliant to the laws of the government and the concerns of board members. But to paraphrase the adage, the customer must come first.

As the Internet of Things gets more unwieldy, interactions need to become personal. CNBC reports that some financial advisors have been currying goodwill in their clients by having actual conversations with them about best practices. In this way, an operational line item has transformed into valuable transparency.

These strategic discussions could entail:

  • The necessity of multi-step authorizations
  • Using encryption to avoid unprotected email attachments
  • Avoiding insecure wi-fi connections
  • The need for verbal confirmations (including biometrics, such as voice recognition)
  • Telltale signs of phishing
  • How to self-monitor accounts

The talks should also include assurances—and when applicable, disclosable steps—that the advisor is dedicated to protecting a client’s valuable information and investments.

In one case, a financial planner at Francis Financial filtered an urgent wire-transfer request through set protocols—in this case, a notarized letter and personal phone call. The request turned out to be a scam. Another financial planner, at Ameriprise, reportedly “asks all clients to sign a form authorizing him to speak with third parties, whom they must identify by name. The form also indicates that the third parties are authorized to talk to him.”

It’s clear that the most proactive financial institutions will have all-hands-on-deck approach to managing risks. This includes collaboration between IT, HR, and executive teams. But maybe the best way to nurture and protect an advisor’s personal reputation, as well as their company’s image, is to empower the client themselves.