The ever-present threat of cyberattack is climbing the priority ranks for wealth managers. They need to be robust gatekeepers to fend off would be attackers.
But where do the threats come from in the first place? What is the best way build and maintain a cybersecurity-enabled business environment? Can the challenge of cybersecurity be turned into a value add for wealth managers?
Ali Qureshi, Chief Revenue Officer & Co-Founder of SideDrawer comments: “There is greater awareness of the problem - we are seeing and hearing this from clients and in the news. We know that it’s moving up the list. But what is lacking is the knowledge and education around when and how to take action. What is the cost of doing this now vs not doing it?”
The backdrop to this is interesting. The financial sector has always been a target in terms of the assets under management as well as the vast amounts of valuable personal data that can be stolen then sold on.
Terry Wilson, Global Partnership Director at Global Cyber Alliance, describes the specific cyber threat to the wealth management community. “The wealth sector is more of a niche sector it’s harder to attack as they aren’t transacting using banking portals. But at the same the motivation to attack is greater due to the amounts involved and the sensitivity of the personal data. Ransomware attacks, in particular, are a temptation because wealthy individuals have the means to pay a ransom as do the wealth management firms – protection of sensitive data and reputational risk are very real in this industry.”
Indeed, for would- be criminals it is easy to find out how to hack into something and to practice hacking as well. Very advanced tooling is also available and this further lowers the barrier to having a go! Cyber criminals are also getting more and better organised and starting to deliver their capabilities as a service to a less skilled set of criminals- they will hack on someone’s behalf. And crypto has enabled a way to get paid from anyone- combine this with the accessibility of hacking then it is all much less hard work and thus a growing issue. The industry has not helped itself either. Technology adoption; SaaS, the cloud, digitalisation; the pace of change is so rapid and misconfigurations are rife. It is hard to defend a complex ecosystem if it has gaps. In addition, the sheer volume of data now being produced, flowed and stored makes it easier for cyber criminals to hide in plain sight.
But as well as adopting new technologies people are not realising the risks in using the old ones.
David Atkinson, Founder & CEO of SenseOn concludes. “Ther are three common attacks; emails, passwords - get a password manager and two-factor authentication solve this, Misconfigured remote access is the third. Looking after these elements is a very good starting point.”
Sharing information via email as attachments or file sharing is particularly problematic.
Qureshi comments: “E-mail is a long-standing form of communication but it is so easy to make a mistake and send out information to the wrong person or be the victim of a phishing attack. There has been an increase in mailbox server attacks, many of which are not detected until well after the event. Email has to be eliminated – services that give you secure immutable access are really a standard requirement now,” he says.
This is all the more pressing given the emergence of the post Covid hybrid model where face to face meetings is fewer and the need to work collaboratively, involving wider family members for multiple planning assessments and relevant, specialist financial professionals is important. People need access to information but it needs to be shared and stored securely.
To this point many wealth managers use security-based platforms as a selling point, as something that allows for greater levels of engagement within a secure environment.
“Security is not only a reputational and operational risk but also a huge differentiator. You need to be able to show that you are safeguarding the client’s information and position yourself as someone who is promoting that . Our feedback is that when our SaaS users onboard their client, they get better levels of conversation when they see the wealth manager cares about the security and will not take emails, for example. It gives a comfort level and makes the client feel like they are being taken care of,” says Qureshi.
The case for smaller wealth managers to employ a specialist third-party solution is strong.
Nino Vang Vojvodic, Co-Founder & CTO of ALT/AVE comments: “Wealth managers are coming to see it as a value add. outsourcing and moving that risk to a third party increases the security and outsources it to someone who specialises in it so the quality and the focus is there.”
With any outsourcing however it is Important to go into the detail of what the third party is actually providing and whether that is fit for purpose. At the Board level you need to understand what the solution actually does and which risks it does and does not mitigate.
The industry is great at telling people what they should do but not as good as telling them how and why and the means to do so. So many are solutions on offer and it’s hard to make sense of it all. This is why an initial risk assessment is so valuable. Vojvodic comments: “Wealth managers take custody of both money and information so both need to be risk assessed. Where does data come in and what do you do with it in terms of storage, transport and processing. Is data taken care of as well as the actual assets? Can you identify the path of the data and thus drill into apps and process and ensure there is an auditable process that is followed every time,” he asks?
Qureshi says that to make best use of a third-party solution there needs to be a good internal board-level understanding of what the risks actually are and what the firm is looking to achieve. “With wealth management not just the end client it’s the other family members and professionals and the net needs to be cast far and wide to eliminate the risk of the weakest link,”
Wilson concludes that the wealth industry should apply the same focus to data security as it does to privacy and asset management. “ If it can transfer this skill strategically to have the right policies and procedures in place for everyone to follow then you not only mitigate risk but you also have a strong positive differentiator,” he says.
SideDrawer is an API-based document management platform that improves the client experience around collaboration and organization for businesses of all sizes. Our SaaS product is used by advisors, planners, executors and other professionals to securely collect and share sensitive client data and documents. Our infrastructure agnostic APIs are truly scalable, allowing fintechs and enterprises to save significant development resources on non-core, but critical document management workflows. For more information, please visit: www.sidedrawer.com or download our mobile apps on the Apple App Store or Google Play Store, or sign-up at my.sidedrawer.com.