The biggest cyberthreats RIAs face

Ninety-five percent of breaches stem from human error; low-tech vigilance goes a long way.
MAY 26, 2016
By  Bryan Baas
Fending off cyberfraud is often portrayed as a battle with hackers employing sophisticated technology, but the weakest link at most firms is typically low-tech: their employees and clients. Installing anti-virus software and firewalls only takes you so far when you consider roughly 95% of breaches stem from human error, such as sending personal data over unsecure Wi-Fi networks or wiring money to a "client" based on emailed instructions, according to a 2014 study by IBM Security Services. The best defense, then, is some old-school vigilance. The first thing to accept is that cyberfraud is pervasive. While custodians and advisers are getting better at detecting and fending off fraud, not a day goes by when we don't learn of some attempt. Never assume it won't happen to you. The biggest cyberthreat for RIAs is fraud losses stemming from hacked email accounts, which hold a treasure trove of personal information and yet are often poorly protected with weak passwords. Bad guys gain access to years of correspondence, including conversations with an adviser, and then pose as the client. Cybercrooks typically will then demand urgent cash transfers and hope the adviser will act without further enquiry, taking advantage of the RIA's desire to provide excellent service. If you take action based on email instruction alone, please stop. Pick up the telephone and call the client to ensure they requested a payment. Double-checking is not poor service, it's a roadblock against bad guys. You'd be amazed how often fraud attempts are stopped with a phone call. The good news is that heightened awareness helps reduce the risk, but the threat isn't going away. My colleague TD Ameritrade Chief Technology Officer Lou Steinberg at a conference last year told RIAs that there are myriad threats to your personal data. For example, question how programmers make money from a free mobile app; the answer usually involves your personal information. Does a smartphone flashlight really need access to all your contacts and browsing history? The internet-of-things trend, meanwhile, means more devices are getting connected to your home networks. Hackers, true to form, are developing ways to steal your data through new gateways. In 2014, law enforcement detected the first virus written specifically for web-enabled refrigerators. Choose wireless networks carefully, because your coffee shop's free Wi-Fi can be really expensive if you become a fraud victim. Take the “evil twin” strategy, where a hacker provides a fake Wi-Fi network with a name similar to the legitimate network. If you choose the hacker's network, they can intercept your data. Smartphones and tablets, sophisticated mini computers that go out into the big bad world, are another weak spot. Unprotected phones can contract a virus and then infect your home's computer network, not unlike a toddler coming home from pre-school with the latest cold. Cybersecurity has become a top concern of regulators. The Securities and Exchange Commission is scrutinizing advisers to make sure they have a documented plan for preventing fraud and how they would respond if fraud occurs. The SEC last year found that 83% of advisers reported having a cybersecurity plan, but among those advisers only 51% had a recovery plan and just 57% regularly tested these plans. One firm that suffered a cyberattack, though it did very well in terms of their actual response, was the first subject of an SEC cybersecurity enforcement action because it lacked an adequate cybersecurity plan, a documented response plan and didn't perform regular assessments of its cyberpreparedness. If you haven't already, assess the threats to your firm, identify vulnerabilities, establish procedures and then communicate these to your staff. You yourself don't have to be an MIT graduate: Hire technology and data-security experts, and designate a chief information officer to be responsible for data security. Ultimately, good security is about good practices. Encourage employees to log out when leaving their desks and never leave computer equipment unattended when out of the office. Back up your data. Train employees regularly, because it's human nature to resume bad habits. A simple oversight could result in an enforcement action and fine. Cyberfraud can also lead to a loss of trust. Investors are reading the same headlines about data breaches and they want to know you're doing all you can to safeguard their information and money. So be prepared and be proactive, because when it comes to cyberfraud, it's not a case of if but when. Bryan Baas is managing director of risk oversight and control at TD Ameritrade Institutional.

Latest News

Northern Trust names new West Region president for wealth
Northern Trust names new West Region president for wealth

The new regional leader brings nearly 25 years of experience as the firm seeks to tap a complex and evolving market.

Capital Group extends retirement plan services further with a focus on advisors
Capital Group extends retirement plan services further with a focus on advisors

The latest updates to its recordkeeping platform, including a solution originally developed for one large 20,000-advisor client, take aim at the small to medium-sized business space.

Why RIAs are the next growth frontier for annuities
Why RIAs are the next growth frontier for annuities

David Lau, founder and CEO of DPL Financial Partners, explains how the RIA boom and product innovation has fueled a slow-burn growth story in annuities.

Supreme Court slaps down challenge to IRS summons for Coinbase user data
Supreme Court slaps down challenge to IRS summons for Coinbase user data

Crypto investor argues the federal agency's probe, upheld by a federal appeals court, would "strip millions of Americans of meaningful privacy protections."

Houston-based RIA Americana Partners adds $1B+ with former Morgan Stanley director
Houston-based RIA Americana Partners adds $1B+ with former Morgan Stanley director

Meanwhile in Chicago, the wirehouse also lost another $454 million team as a group of defectors moved to Wells Fargo.

SPONSORED How advisors can build for high-net-worth complexity

Orion's Tom Wilson on delivering coordinated, high-touch service in a world where returns alone no longer set you apart.

SPONSORED RILAs bring stability, growth during volatile markets

Barely a decade old, registered index-linked annuities have quickly surged in popularity, thanks to their unique blend of protection and growth potential—an appealing option for investors looking to chart a steadier course through today's choppy market waters, says Myles Lambert, Brighthouse Financial.