Experts weigh in on cyber risk for advisers

BT said keeping client data safe from hackers, verifying identification, whether to use password managers and the risks of using public Wi-Fi were among the top subjects at its Cyber Security and Financial Crime Masterclass.

During the BT webcast, members of BT’s Fraud and Financial Crime team, Merryl Tidyman and Vicki Misitano, gave their cyber security tips to help advisers identify and prevent fraud-related financial crime.

1. Train advice teams to be vigilant about risks, especially fraudulent activity

BT said that conducting regular reviews of their risks and processes are key for advice businesses, adding that the Australian Cyber Security Centre’s ‘Exercise in a Box’ is a helpful resource that includes tutorials and simulation exercises.

Even the best processes can be undone by human error, so BT strongly recommended training advice staff on IT security and fraud awareness, including running simulations of phishing scams to familiarise advice teams with the telltale signs.

2. Have robust processes in place for checking identification documents

According to the Attorney-General's Department, identity crime costs Australia upwards of $1.6 billion per year. It is also the most common type of fraud in the superannuation sector.

When verifying clients’ identification, BT said advisers need to ensure they are capturing accurate customer details – for example, their name should match the ID document exactly, including middle names.

Advisers should be on the lookout for multiple changes to a client’s profile within a short period, as well as irregularities in ID documents and checking photos do not look out of place.

3. Use biometrics to log into apps on your mobile and other devices

BT encouraged the use of biometrics across all devices if possible, using the example of the BT Panorama mobile app, which allows advisers and clients to log in by using face ID or fingerprint verification or a passcode.

BT Panorama also requires two-factor authentication (2FA) for important steps such as to: register to use the platform, use the forgotten password process view, update personal details, add billers, link bank accounts, and pay anyone.

While the added steps involved in 2FA can seem cumbersome to some clients, it is important for advisers to explain how it can keep their account and identity more secure, compared with using a password alone.

4. Do not postpone system security updates

Whenever a new malware or a Trojan is discovered, security firms put out a patch that users need to download and install. Delaying this step can put your system in danger and should be completed as soon as possible.

5. Avoid connecting to public Wi-Fi – but if you must, use a VPN

BT warned that public Wi-Fi is a cyber security breach waiting to happen, suggesting the use of a virtual private network (VPN) to ensure that your browsing is protected and that nobody can see what you're doing.

6. A password manager is not a panacea

Password managers are targets for hackers, and there have been cases of them suffering data breaches in recent years. Remembering your passwords is the ideal method, with BT suggesting writing down clues rather than the actual password.

The firm stressed that it is important not to share your password, write it down, or capture it anywhere in your system.

Jason Brown, BT’s head of platforms distribution, said: “Businesses large and small have been impacted by cyber security breaches, and an increasing number of Australians have been victims of identity theft or know someone who has.

“It’s understandable that keeping client data protected is a priority for advisers. We share this concern at BT – cyber security is of utmost importance, and we are pleased to share the expertise of our dedicated team to help advisers navigate this fast-evolving area.”