Cyber criminals fleeced Aussies to the tune of more than $3 billion dollars last year – and that’s just the scams that were reported. This cyber expert can help you prepare for the worst
Over 90% of successful cyber attacks start with a phishing email – and that’s just one of many risks you need to manage as a financial planner, warns one leading expert.
Scammers stole over $3bn from Australians in 2022. That’s just the scams we know about, according to Scamwatch, with many, many more going unreported.
With billions of dollars swindled from unsuspecting people every year – and the number and types of scams rising significantly each year – you can’t afford to be complacent about your own risk mitigation strategies.
In fact, it’s crucial that financial planners pay attention to the risk these scams present to both your business and your clients, says Fraser Jack, founder of The Cyber Collective. He’s on a mission to make sure Australians can trust that their financial professionals are safely protecting their confidential information, and he says it begins with a proactive approach.
“Leaked information can make phishing emails even more targeted now… there was a massive 135% increase in social engineering attacks reported in the last year,” Jack says.
“There is always risk, so being proactive and being able to demonstrate that you’ve been proactive in the past is your best defense. Leaders within each financial planning business need to play a role in educating the whole of their team, so they can then educate their clients and their kids and their communities.”
How to manage cyber risks on a daily basis
Jack says “taking a leadership position” is important for two reasons.
Firstly, it helps you understand the nature of the evolving risks that scams and cyber criminals present to your business, so you know what to look out for.
“It’s a good idea on so many levels. Your scam policy could look at things like how you interact with clients using XERO, how you use LinkedIn, your policies around emails and how you send invoices. It could include information like: you’ll only ever send an email from these legit email accounts and if a client receives an email that seems to come from us, but isn’t of these accounts, it’s a scam,” he explains.
“We call this an anti-spoof policy, and yours should deal with these different elements. Then, proactively display it on your website. Sometimes it doesn’t hurt to even have a link to it in your email signature, too.”
Secondly, Jack says taking a leadership position on cyber security also allows you to demonstrate trust with your clients.
If, as an adviser, you get hacked, you’ll need to go into offensive mode when you liaise with your clients and ultimately encourage them to stay with you.
“If your business is seen as secure and someone who invests in cyber security, it means clients are less likely to leave,” Jack says.
Being proactive is absolutely crucial when it comes to managing your cyber risks, and the first step is to ensure your business adheres to the relevant legislation related to the Privacy Act, which was created in 1988 and is undergoing an update at the moment.
“After two years of consultation, they are finally bringing it into the digital age, with legislation due in 2024,” Jack says.
“More importantly, there is a lot of regulatory guidance and best practice. ASIC have had their guidance out since 2017 and that’s a good place to start, as all advisers should be following this as a matter of practice.”
Advisely Team
Advisely Partner