Solving the cyber security riddle for wealth management firms

Track your business time

It seems sensible that the higher the value of an item, the better protected it will be.  Yet, when it comes to personal wealth management, this traditional logic does not always hold true.

Why pretend you are a Nigerian Prince to thousands when you could enjoy a bigger jackpot by pretending to a single Blue-Chip CEO that you are a senior contact in her finance department? Or, more disquietingly, by pretending to a high-net worth client that you are their personal wealth manager?

What kind of pay dirt could a malicious actor win then?

The Wealth Manager’s Riddle

78 per cent of small businesses and 92 per cent of mid-sized businesses say cyber security is a priority for them.  Yet, this falls to 60 per cent when it comes to wealth management firms.

Only 43 per cent of wealth managers say they are concerned about the potential effect of a data breach on their company’s brand.  This research has left GlobalData concluding wealth managers’ attitude to cyber security is one in which potential risks are “underestimated, if not outright ignored”.

Why security is so low down on the priority list is a puzzling riddle in a post-2015 world.  That year’s hack on offshore law firm Mossack Fonseca – and the subsequent leak of 11.5 million sensitive and private files dubbed the “Panama Papers” – must surely have illustrated the potential reputational damage, if not the financial.

And, when you’re looking after the assets of some of the world’s wealthiest people, reputation is everything.  So, what lies behind this riddle?  And how can wealth managers close the cyber security gap?

The Most Valuable Assets amongst the Least Protected

The problem of targeted social engineering and spear phishing attacks isn’t new – nor should it be the sole concern of wealth managers.  But the high-value potential of a wealth manager’s contact list makes them an attractive target for the hacker who is willing to put more time and resources into planning an attack than your average scattergun phishing attacker.

As well as the attractiveness as a target, changing business models add to the risk.

Increasing digitalisation, and the subsequently growing attack surface creates an environment which offers more potential vulnerabilities to a would-be hacker.

As a result, 28 per cent of high-net-worth individuals and firms that manage their assets report that they have fallen victim to a cyber-attack.  That said, given only 60 percent of such firms have a dedicated cyber security policy or cyber security manager, this figure is probably the tip of the iceberg.  It’s hard to know whether you’ve been the victim of a cyber-attack if you aren’t actively monitoring and analysing activity.

What Are the Greatest Threats?

The bad news is that risks and hackers’ attack vectors are varied.  The good news is there are actions you can take to protect your firm, your people, and your data.

#1. Spear phishing

Perhaps the most insidious of all attack vectors, speak phishing horror stories include tales of eyewatering amounts of money being transferred completely willingly by experienced professionals.  Malicious actors may use data available online to target individuals within an organisation, then use their networks to gradually zero in on their target.  Or they may seek to gain access on to your network and use information gained that way to target individuals – perhaps emulating internal email addresses or leveraging other insider information to perform high-level spoofs.

Staff awareness training is probably your best line of defence here – and must extend into the C-Suite. But closing other routes in is important too.  Educate staff about the dangers of sharing personal information online and beef up the internal network and perimeter security.

#2. Malware and Viruses

The goal here is usually extortion or data theft.  In smaller organisations, the goal might be simply to harness the computing power of your devices, but the potential rewards to be won from wealth management firms complicates the malware risk and makes spyware a more likely and profitable (for the hackers) install.

Employees need to be made aware of the need to exercise caution when clicking links in emails or documents.  If they are concerned anything looks dubious – don’t click.  Scan to check first.

Basic cyber-security good housekeeping can deal with many vulnerabilities.  Ensure operating systems, software, and anti-virus and malware tools are kept up to date and on the latest versions.  Don’t allow IoT devices to become unprotected gateways into your network – ensure unnecessary functionality is turned off, use the highest security settings, change default passwords and sit them behind a firewall.

Firewalls at the perimeter and at network gateways help to minimise the likelihood of unauthorised access and limit the potential damage if a malicious actor does gain access. Network monitoring tools and alarms will pay off too.

How Can Firms Protect Themselves?

For smaller firms especially, it might not always be possible to employ a dedicated cyber-security manager. We therefore always recommend that you work with a trusted IT partner with cyber security expertise.

Essential steps include:

  • Educate your staff.
  • Know your attack surface and risk.
  • Take a multi-layered approach to network security.
  • Monitor and analyse network activity.
  • Enforce defensible deletion policies in line with GDPR and ensure that you have an effective data policy that can be shared with clients.
  • Introduce policies to minimise the risk from mobile devices, including VPN tools and secure password policies.
  • Ensure that you have robust disaster recovery and business continuity plans in place, so that should the worst happen you are able and prepared to restore operations and data.

A good cyber security solution will require tailoring to the specific risks and vulnerabilities of your own network and operations – which is another good reason to partner with an experienced cyber security expert when developing your policy and controls.

Often, it can require only a few simple steps to resolve the riddle and close the IT security gap.

Take Action! Partner with a trusted IT Support Provider.

Being cyber secure doesn’t have to be a headache. While there are lots of things you can do yourself, it pays to get professional IT security advice for your business. An IT Support partner will save you valuable time, instead of trying to figure everything out yourself. You’ll gain the confidence that your business is protected – so no more sleepless nights worrying.

If you’d like to find out more about how to protect your business from cyber-attack, click here to book your free consultation call.