Skip navigation
ones and zeros

Three Key Cybersecurity Lessons for Financial Advisors

The digital space affords us many opportunities to do more than we ever thought possible, but it comes with new and unforeseen risks.

By Mike Schaffman

Recent reports indicate that 74 percent of financial advisors have been the target of a cyberattack. That’s why both FINRA and the SEC have identified cybersecurity as a top priority.

When was the last time you had an audit performed on your website, and internal security policies and procedures? The digital space allows us many opportunities to do more than we ever thought possible, but it comes with new and unforeseen risks. Ultimately, when it comes to protecting confidential client information, it’s your responsibility. That’s why the most elite advisors don’t roll the dice when it comes to protecting themselves and their clients from potential cyberattacks.

The average website shows dozens of attempted hacks per day! Although they’re often benign, they could be carrying a virus that you may inadvertently spread to your clients. And the last thing a financial advisor wants is to spread a virus to their clients and prospects through an innocent website visit or email exchange.

While any website and company has the potential to be hacked, here are three ways to protect and prevent yourself from being the next victim.

1. Don’t wait to review your website, and internal security policies and procedures.

Recently, one of the largest cyberattacks to date (WannaCry) targeted computers with outdated operating systems and software, impacting over 200,000 people and businesses in 160 countries. Updates are made to fix flaws and provide enhancements in software and operating systems and applications. If your site is not being updated and monitored daily, you may be unaware of hacking attempts and leave yourself vulnerable. If your hosting provider finds that your site has been compromised, they likely will immediately shut down your website.

  • Identify all sources of information that your firm handles, and where it’s located (internal company, and external client/prospect data).
  • Classify and organize the information into groups based on risk level. (Probability of occurring? And, what impact would it have?)
  • Evaluate business processes. (How is data collected, stored, accessed, distributed? Do you have a set of digital best-practices?) Your employees should adhere to them when surfing the web or sending/responding to emails.
  • Review security technologies. (What operating system and anti-virus software are you using? Is it updated?)
  • Conduct due diligence on service providers. (Think about who has access to your information: Website management, hosting, Google Analytics, and those who assist in your email marketing, social media, blogging, etc.)
  • Develop an incident-response plan. (What to do in the event of a cyberattack on your firm.)

Routine reviews along with having the proper systems and procedures in place will allow you to mitigate the risks of a cyberattack, and will ultimately help prevent your potential exposure to them.

2. Communicate the security measures you have in place to your clients (and prospects).

Your clients and prospects will be reassured knowing that hack attempts, unauthorized logins, and malicious files will be thwarted by your investment in high-tech firewalls and anti-malware software. And you’ll feel more secure in knowing that you and your team will receive real-time alerts from any of these threats. Just like the disclosure in your email signature, having a privacy/security policy on your website lets your clients know that you care about protecting more than just their finances!

3. Work with experts who offer their clients 24/7 service for support and maintenance.

Ignorance is bliss…except when it comes to security measures. Routine scans for malware, daily updates on software and plugins, and multiple weeks’ worth of rolling backups on your key information and data should be standard services for your firm. That’s why when it comes to security, it doesn’t hurt to have someone looking out for you.

The last thing you want to do is call your clients (or prospect you’ve been working diligently to close) to tell them that their personal information was hacked.

If you have a virus on your website or computer, simply finding and fixing the problem is hard enough work. However, it’s not nearly as hard as winning back your clients' trust, let alone trying to get your site off spam blacklists. Cyberattacks can reach way beyond just your website and hosting platform. Hackers and spammers will target your emails, and any vendors or third parties you conduct business with as well.

We spend more time online and in the digital space as a whole than any other platform. And, while we can’t stop cyberattacks entirely, there are certain ways in which you and your firm can be smarter with your cybersecurity. In the end, think about securing your website and clients' personal information in much the same way as you would protect their nest eggs.


Mike Schaffman is director of marketing at Lone Beacon.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.