Get serious about preparing for cybercrime

NOV 05, 2013
Financial advisers and their clients must get serious about protecting themselves from cybercrime. In fact, online crime, large and small, is inflicting increasing damage on the U.S. and world economies. Symantec Corp., an antivirus firm, estimated that in 2011, the global cost of cyberattacks was $338 billion. Gen. Michael Hayden, the former head of the National Security Agency, estimated that including the theft of intellectual property, the cost was more than $1 trillion. Most of these attacks are aimed at government departments and agencies; at corporations, where intellectual property might be found; or at banks, where details about customer accounts might be obtained. For example, the U.S. Cyber Command estimated that about 250,000 online attacks or probes hit U.S. government networks every hour. Among the attacks on corporate sites in 2011 were those on LinkedIn and eHarmony that compromised 65 million passwords, the denial-of-service attacks on Wells Fargo & Co.'s website, and the breach of Zappos.com's security that compromised the credit card numbers, personal information, and billing and shipping addresses of 24 million customers. And online crime isn't aimed only at large banks and companies. The criminals often target what may be smaller, softer targets. Symantec reported that companies with fewer than 250 employees were the focus of 31% of all cyberattacks last year, up from 18% in 2011. As InvestmentNews senior columnist Bruce Kelly reported in the May 20 issue, a number of advisers have experienced firsthand the rising tide of online crime, and the Financial Industry Regulatory Authority Inc. highlighted online security in its annual “business conduct and sales practice priorities” note to broker-dealers in January. In one case cited in the article, an e-mail purportedly from a client asked the firm being targeted to transfer $51,000 to Hong Kong, supposedly for the purchase of a condominium. The request included very specific information, including the client's account number, but the adviser suspected something was amiss and called the client, who confirmed that the e-mail was a scam. The adviser had previously adopted a policy at his firm requiring a verbal confirmation from the client before any requested wire transfer would be accommodated, which thwarted the criminal in this case. This is an example of the kinds of pre-emptive policymaking that all in the financial services industry should be adopting, because online attacks no doubt will continue to become more numerous and more sophisticated.

STEPS TO TAKE

First, firms must safeguard their own computer systems against infection or attack, and they must tighten their internal security, limiting the number of employees with access to critical client information. Second, they must develop policies for verifying the legitimacy of client requests regarding transfers of money or securities, or even changes in portfolios, and constantly remind employees of these policies. Third, they must work with clients to strengthen the clients' own online-security practices, including developing and regularly changing strong passwords, keeping Internet security programs up-to-date and making clients aware of the firms' security policies and practices. Finally, they must make sure that clients have the resources to withstand denial-of-service attacks on the nation's major financial institutions. Former Defense Secretary Leon Panetta warned before he left office that it was possible that an online attack could damage the nation's financial system, causing a financial crisis. Those relying only on debit or credit cards and carrying little cash could find themselves in difficulty if their ATMs are locked up for a significant period by a denial-of-service attack. At the very least, they should diversify their cash holdings across several banks. The time to prepare financial services firms and clients to withstand online attacks is now, and it isn't just a one-time effort. It will require continued vigilance and work.

Latest News

Trader used firm ties to freeze $3.6 million, investors allege
Trader used firm ties to freeze $3.6 million, investors allege

Clients say he copied the boss on his emails - and now they can't touch their cash.

CFTC alleges North Carolina fund manager faked profits, lost $8.6 million
CFTC alleges North Carolina fund manager faked profits, lost $8.6 million

He wired millions to his own accounts and told investors the fund was winning.

OnePoint BFG taps RISR as advisors chase business-owner clients
OnePoint BFG taps RISR as advisors chase business-owner clients

The partnership arrives as most small business owners near retirement age still don''t have a formal succession plan in place.

Trust & Will cuts staff amid restructuring, AI disruption
Trust & Will cuts staff amid restructuring, AI disruption

A spokesperson for the estate planning fintech cited AI's reshaping of the industry as Trust & Will restructures its business.

Ex-Merrill broker who allegedly wooed client to pay $2.75 million to dismiss lawsuit
Ex-Merrill broker who allegedly wooed client to pay $2.75 million to dismiss lawsuit

Juan Rionda, a Merrill veteran, told bereaved client that “he loved her,” convinced her to give him cash, a Florida lawsuit claimed. 

SPONSORED Who builds the income when the pension disappears?

Dan Biagini of American Equity says the steady decline of pensions, longer lifespans and a reset in interest rates are rewriting how advisors build retirement income

SPONSORED Why direct indexing stopped being optional

Direct indexing is on pace to outgrow ETFs and mutual funds. Northern Trust's Ken Lassner explains why the advisors who get it wish they had started sooner.