Twelve retail investment firms told the FCA they had been targeted by a cyber-attack between mid-2019 and the 30th July this year.
In its latest freedom of information response, the FCA said that it does not, and cannot, retrieve cyber-attack data from firms who have been targeted by online scammers. Instead, the regulator must rely on firms self-reporting.
‘People don’t like to be caught after they have had a cyber-attack on their business. Once that knowledge gets out into the public domain, it is not a good look. So they like to keep it within their own organisations. The cyber-attacks the FCA has seen, you could easily stick another zero at the end of that, and that number would probably be the accurate one.”
Graham Hooper, founder of consultancy Sextant Advisory Services.
We're not a fan of email.
The majority of cyber-attacks to adviser firms that were reported to the FCA last year were phishing attacks where credentials were compromised. Email is too easily hacked.
A new reporting service set up by the National Cyber Security Centre has received more than 1.7m reports of phishing since it was opened to the public in April this year.
The service has resulted in 6,501 scams being identified and 15,805 malicious websites being removed. This is still a tiny percentage of the phishing emails that are being sent to you and your clients every day.
Under the Data Protection Act 2018, incorporating the GDPR, all firms must ensure they are following all necessary steps, taking account of the state of the art, to ensure they are protecting their clients' personal data.
You are unlikely to be fulfilling your obligations to your client under the GDPR if you are sending sensitive financial information over email.
What's the alternative?
At moneyinfo, we're helping more than 140 adviser firms to move away from email completely. We enable them to deliver safe and secure client communications with document sharing and e-signatures all through their own branded app.
With secure messaging you and your client log into an encrypted database where the messages are stored. You can read them, respond to them but they never physically leave the encrypted system. They are not stored on your computer, your clients’ computers or their mobile phones. They are records in an encrypted database that can only be read by you and your client.
“Even excluding the significant cost of not having to print and post the newsletter, the speed of delivery and being able to see who’s opened it, often within minutes of its delivery is a huge operational bonus.” Andrew Platt, CEO, Callisto Wealth Management.
Our secure messaging is even easier to use than WhatsApp as it provides the ability to create template messages. The templates are automatically filled with key client data such as preferred name, operator etc.
Advisers and paraplanners can respond to clients in a pre-considered fashion ensuring consistency of your message across your organisation.
Seconds rather than minutes
There's nothing new in using templates, back-office systems have been able to do similar things via Word and merge fields for years. The key differentiators here are speed, security and mobility. The time to send a message compared to generating a letter through Word is seconds rather than minutes.
"Moneyinfo is so easy to use, I've got clients in their 80s who have been out and bought iPads just to use it. They love it." Paul Burton, CEO, Lifestyle Wealth Management.
We accept that old habits die hard but the evidence against email even so called 'secure email' is overwhelming. Your clients are scared of email, many will ignore it, it gets lost in spam and you leave yourself exposed to a fine under GDPR for not securing personal data.
Secure communications can speed up onboarding, client reviews and rebalancing from days to minutes leaving you more secure and efficient.
You owe it to your clients to protect their financial information.
Click here to arrange a personal demonstration.