What will it take to scare firms into action? by Ian McKenna
Every time I meet Brian Edelman, chief executive of FCI Cyber, I am petrified by what he tells me. But I am also reassured by the knowledge he shares, as I can act on it. I want to share some of these lessons here.
I was privileged to introduce him on a stream I was leading at the latest T3 conference in the US and I would urge you to also read my summary of his presentation at the T3 event before that, which covered important issues still very much valid for advice firms today.
This year, Edelman stressed further key issues crucial to protecting customers. While the Financial Conduct Authority is not currently as demanding as the US Securities and Exchange Commission when it comes to an adviser’s cyber security, I think it is a matter of when, not if, this will change. The industry must prepare now for more stringent regulations.
Perhaps the most significant message is that cyber criminals now recognise what a good target advice firms are. They hold valuable data and, by their smaller nature, are more vulnerable than larger organisations. They are being explicitly targeted for attack.
Edelman stressed the importance of using the cyber security settings you already have. Most systems have strong protections but people do not use them. Have you configured and applied all you can in your email software, for example?
The end connection to the customer is a frequent vulnerability and if this endpoint (tech speak for where the data ends up) is not secure, it undermines all the good things you might have done up until then.
Advisers must use either secure client portals (probably the best option) or encrypted email for client communications.
I am amazed by the number of advisers still using webmail such as Yahoo and Gmail for their business email. As far back as 2008, the Financial Services Authority said in its Data Security in Financial Services paper that this was not secure enough.
Cyber is a community responsibility and, while the regulator will ultimately focus on what advisers do, platforms, asset managers, discretionary fund managers and insurers could do more to help them.
I have previously seen emails from providers responding to advisers using encrypted mail to send sensitive data asking them to submit the information unencrypted. This must stop.
There is also the problem of large corporates expecting all advisers to use the same encryption service as them. The price soon mounts up when obtaining licences for different systems at different organisations.
Aegon, Abrdn, HSBC, Lloyds (including Embark and Scottish Widows) and Royal London are some providers using Unipass Mailock, along with many smaller companies in the world of advice, such as SimplyBiz and Just. It’s important more look to join, as advisers will find working with this list of companies easier and less expensive.
Cyber security requires constant vigilance. A recent study found 70% of small businesses that suffer a large data loss close within a year and only 4% of advice firms have cyber insurance. It’s time to act.
Read the complete Money Marketing article: Ian McKenna: What will it take to scare firms into action? | Money Marketing
About Ian McKenna & FTRC
Ian founded Financial Technology Research Centre in 1995 nearly two decades before “FinTech” became part of the industry lexicon. A boutique consultancy the firm focuses on how personal finance organisations can communicate more effectively with their customers and help them take better financial decisions. As part of this work the firm work with many of the U.K.’s leading long-term savings institutions, financial advisers and technology providers to identify emerging technologies that can transform customer relationships. More recently the firm has added its own InsureTech and RegTech ventures to help advisers ensure they help consumers find the life insurance and workplace pensions solutions that best meet the needs…
