Previously, we talked about how the wealth management sector, particularly in the UK, has a complacence problem when it comes to cyber security. In a time of never-before-seen risk, a startling 69% of UK-based providers did not believe their clients to be increasingly concerned about data breaches and 20% were ‘not worried about the impact of a breach on their reputation’. We then detailed a number of cyber-threats that wealth management firms face, and some of the available solutions. This second part will detail some additional threats not previously mentioned, as well as the means of mitigating them that a firm has available to it.
‘High net worth clients are required to submit a greater number of documents than ever before as evidence of good practice and compliance’, writes Lewis Henderson in SC Magazine, with the result that ‘more innovative institutions are building sophisticated client-facing portals to manage this, as well as many other aspects of the relationship’. These portals represent an attractive target to attackers, who may attempt to create malicious Web sites that mimic them in order in order to better fool your clients, who may be directed there as part of a phishing campaign.
Mitigate can be far more than just a complete internal cyber security solution. You can also extend its GCHQ-certified e-learning training and real-time risk analysis to your clientele, and with modules ranging from detecting social engineering and phishing attacks to using secure authentication methods you can be sure that your clients have the awareness required to help keep their accounts safe and secure.
Henderson identifies that is is vital to ‘know your digital enemy…or at least the methods they use’. Whilst much of this training is provided by the Mitigate suite of modules, Mitigate also offer our Educate range of training services, for everyone from new to board-level employees, to ensure that you don’t just know your enemy, but how to frustrate their efforts.
There is often a valid place in a business’ cyber security posture for automated tools, and Henderson points to document sanitisation—the filtering of all documents transferred within and without the firm for potentially malicious elements—as one such place. In addition, the importance of defence in depth is stressed along with the need to reduce one’s risk surface as much as possible.
Finally, compliance issues are perhaps more pertinent in the financial sector than in any other. From the GDPR and California Consumer Privacy Act 2018 to the reams of Know Your Customer and Anti-Money Laundering regulations, ‘wealth managers are facing increasing levels of scrutiny by regulators’. Moreso than in many other sectors, wealth managers rely on the trust of their clients who, despite what that 69% of providers think, are growing increasingly aware of the need for cyber security. Achieving certifications like Cyber Essentials can be a valuable way of demonstrating how seriously you take your clients’ security.