For experienced advisers, planning robust yet agile, effective investment strategies is a walk in the park. Your clients place their complete trust in your hands, but what happens when their data or your intellectual property falls into the wrong hands? Are you as adept at building a cyber risk management plan as your client’s financial plan?

Planning your cyber risk management strategy should be at the top of your firm’s agenda this Cyber Security Awareness Month. We discuss the importance of enhancing your cyber security and step you through some of the important considerations to ensure the cyber security of your firm.

What is cyber risk?

Particularly given how many data breaches have occurred in major Australian companies recently, it is easy to hone our attention on cyber threats when we think about cyber risks. However, the full breadth of cyber risks extends past just the threat of a cyber attack.

Cyber risks include any risk of a security breach within your company or business, including erroneous use of your information. For this reason, so many advice principals and directors overlook some of the most basic holes in their cyber security.

The most common cyber threats

It can be easy to fall into the trap of thinking that cyber criminals only want to target large-scale organisations when, in fact, some of the most common cyber threats apply to every size firm and business in Australia.

Most business owners are familiar with:

• Malware,
• Phishing emails,
• Identity theft,
• Ransomware,
• And scams.

But when you’re running an advice practice, you’re undoubtedly time-poor and maybe haven’t invested the time to understand some of the other cyber liabilities you face.

Do you email client information, forms, documents and statements?

Many advice practices have realised how easily their email communications can be intercepted. Encrypting your client’s sensitive information and attachments is one small measure that can make a significant impact in protecting your office from experiencing a data breach.

Secure client portals can be a fantastic way to not only keep in touch with your book of ongoing service clients but also provide their forms, statements, and advice documents securely.

Did you know: Xplan Client Portal allows your client to engage and interact directly with your business? The ability to instantaneously and securely share advice documents, forms, statements and other documents provide peace of mind for your clients and can even improve efficiency within your business practices.

Do you share an office space with another business or have cleaners that enter your premises?

We understand that many smaller advice firms are likely to share their office space with neighbouring or partnering businesses. While this setup is fantastic for resource sharing and reducing the cost of your operating expenses, it can leave your business open to erroneous use of either your intellectual property or your client’s sensitive information.

Consider the use of a shared scanner. A client who has trusted you with their utmost personal medical information on a personal insurance application may be subject to this information landing in the wrong hands through something as simple as leaving the documents in the scanning tray. Not only this but how many times have you placed a sticky note reminder on your PC with client account numbers, phone numbers or TFNs?

Would your staff know a phishing email or scam if they saw one?

Cybercriminals are not the rudimentary basement criminals you may envisage. The sophistication and complexity of phishing emails and scams can look legitimate, especially to the eyes of staff working in a high-paced environment.

An email from a known client’s email address requesting a withdrawal or transfer of funds into a new bank account is one basic request that may be overlooked by busy and time-poor support staff. Even advisers themselves may fall into a false sense of security when it comes to email scams.

This should prompt you to consider what policies and procedures you have in place for requests such as this from your clients!

How are your passwords stored?

If you’re still using a shared spreadsheet in your local drive to store passwords, it may be time to undergo an overhaul. By now, you’re probably familiar with investment and superannuation platforms requiring multi-factor authentication when signing in. This is another simple step that can go a long way to protecting your passwords from falling into the wrong hands.

Practical steps every advice practice can take to enhance their cyber security

Putting a risk management plan in place should be the very first step in protecting your organisation against its cyber security risks.

1. Understand your present and future risks

The Australian Cyber Security Centre (ACSC) has step-by-step guides to understanding what risks may be present in your business, regardless of whether it’s a small to medium business or a large organisation.

2. Put together a cyber risk management plan

Just like any sound financial strategy, a set-and-forget approach simply doesn’t cut it. Devising a plan for your cyber risk management and regularly reviewing it is the best way to make sure that you’re one step ahead of your cyber liabilities.

3. Access Cyber Liability Insurance

Cyber Liability Insurance is not a blanket solution but is crucial in forming a formidable cyber security risk management framework.

4. Educate and train your staff in cyber security practices to reduce your liability

At Umlaut Solutions, our complete, end-to-end Xplan services not only provide your practice with the level of support you need to ensure the most efficient and effective Xplan practices — but our specialists underpin their guidance with a cyber security focus.

Working together with our cyber security solutions and Redact software means that your firm can access the best of breed when it comes to optimising your advisory firm.