The role technology plays in the typical advice business has expanded over the past decade, but alongside the opportunities for greater efficiency comes the enhanced threat from a cyber attack damaging both the operations and the reputation of a financial adviser.
The scale of the threat from cyber criminals is starkly illustrated from data showing that 44 per cent of advisers have had some experience of cyber attack, with just over three quarters of those (77 per cent) attacks being 'phishing' via fraudulent email.
The options available to an advice business seeking to develop a robust IT infrastructure are to deploy in-house servers or to use a cloud computing product.
Using in house servers requires physical space in a specific location, and is likely to incur significant installation and maintenance costs.
A cloud computing solution is not necessarily new, but it does offer the chance to store data remotely, and externally, which should deliver savings and efficiency for advisers. Many cloud computing options come without the bells and whistles of a traditional server, but a lot advice businesses will feel they do not need the full suite of extras offered by the old 'server room' approach.
Many institutions rely on the same model of security controls, but as the risks have changed, so should the approach. While everyone is shelving added cybersecurity risks, malware, and other malicious attacks under 'just what happens in the new normal', I prefer to label it as the inevitable normal.
Independent financial advisers, accounting companies and other financial organisations that manage mass amounts of sensitive client data on an everyday basis should already be ahead of the cybersecurity curve. This is true pandemic or no pandemic, and whether digitalisation has slowed or picked up pace in your business.
In my own experience, IFAs choosing a cloud solution is not a matter of if, but when. Cloud computing is already a well-regarded, innovative way to leverage powerful systems to instantly address known threats and predict threats that seek to overwhelm security. The misconception that moving to the cloud will simply put more IFAs in harm’s way as compared with sending regular emails containing spreadsheets is false.
Cloud computing and accounting ensures no copies of data are kept locally on any device, and that all are stored in encrypted environments. Only those with permissions have access. It is also normal for cloud-based solution providers to employ teams of penetration testers, which work directly with your cloud provider’s development team to ensure no hidden loopholes are available in the system allowing hackers to take advantage.
Penetration testers, also sometimes known as ethical hackers, effectively try to disrupt the IT systems of a company in a bid to identify where the weaknesses are, then tell the company about these weaknesses in order that they can be remedied. Penetration testers work for the cloud provider and test the security of each of the cloud provider's clients, allowing the advice company to benefit from the scale of the cloud computing business.