Advisors, Protect Thy Client

Advisors, Protect Thy Client

When John Sileo talks identity theft, he speaks from experience. The identity theft expert was first hit by one of his clients who embezzled $300,000. Then, someone bought a house in his name. So Sileo, CEO of sileo.com [4] and author of Privacy Means Profit, believes advisors should know how to help their clients—before disaster strikes.

“We see things like Target where hundreds of millions of records were breached,” he says. "But one criminal just needs to steal one identity. And those people are just as common as they used to. They're just being overshadowed.”

With Target's recent security breach affecting 70 million customers, investors are thinking about how to more carefully protect their digital data. But instead of focusing only on the big attacks, clients should be cautioned on how to protect themselves against small attacks as well. Regulators believe advisors should be involved too.

The Securities and Exchange Commission adopted new rules last year requiring advisors to have identity theft programs that identify, detect and protect against these kind of attacks. Many believe advisors can also help clients identify areas where they can shore their own data too.

SIFMA, a securities industry trade group, is doing a lot of education on the risks of cyber security and identity theft with its members, said Karl Schimmeck, the organization’s managing director of financial services operations. He says good prevention occurs when both advisors and clients work together as a team. At the top of his list? Encouraging a little skepticism. If an email that looks like it’s from an advisor but doesn't read right to a client, the investor should be encouraged to pick up the phone and call the investment team. Clients shouldn’t call the number from the email, but rather one they have stored at home. Advisors should use the same caution if an email purports to be from a client—but seems off as well.

"It goes both ways," said Schimmeck. "If an advisor sees a client making a large wire transfer to an eastern European country that is not typical, they might want to make a call before making that transaction. You need verification on both sides."

Sileo recommends having clients freeze their credit profile, preventing any new credit lines from being opened without you unlocking the accounts. It takes a day to re-open the profile—but that's a small amount of time as compared to the weeks, months or years it can take someone to crawl out of identity theft.

Another suggestion he offers is investing in a shredder. He cringes when he thinks about the number of people who still just throw away old bank statements in the trash. And he says documents should be stored at home—in a safe.

“A lot of this is stolen the old-fashioned way,” Sileo said. “A file folder pulled out of a cabinet that is not locked during a holiday party or someone painting the house.”

He also believes clients and advisors need to be almost paranoid when getting emails and even phone calls from each other. Hackers are known to use spoofing programs that make it look like a call is coming from a client to advisor. His suggestion? If it sounds even a bit off, get off the call and ring them back—client to advisor.

“Everything I suggest is going to have some pain to it. But that's way less pain than having your account emptied."