Your Industry  

How advisers can become targets of cyber crime

How advisers can become targets of cyber crime

For one adviser, who wished to remain anonymous, the problem came in the form of an innocuous looking email.

The result was a hacking attack that penetrated the Microsoft 365 system he uses, and was then able to email all of the contacts in his system. However, no harm was done and the adviser was able to end the issue.

He says: "The danger is that clients and other people get an email that looks like it came from me, and I think some people might have done, but they contacted me directly about it as well." 

David Fleming, chief technology officer at Mitigo, a cyber security company that has many clients in the financial services sector, says an attempt to access an adviser's client and business data via the Microsoft 365 system is “one of the most common forms” of cyber attack.

He explains: “The issue is advisers and financial services professionals tend to use that system, which is fine, but [they] plug it into off-the-shelf products which may not be very secure.

"The system itself has got the tools, but people don’t have them, because they use free plug-ins or off-the-shelf products alongside the system." 

He adds: "The other issue is with mobile phones. Obviously they are increasingly indispensable to people’s working lives, and the barrier between a phone for work and one for personal use is breaking down.

"So you might get someone who posts something on their personal social media account, and that can be enough to get a cyber criminal into the phone, and to access the work contacts.”

Covid's impact

The pandemic has also had a profound impact on the data security of many businesses.

Paul Holland, chief executive of cyber security company Beyond Encryption, says: “Decades worth of change happened in days,” as companies endeavoured to work remotely. 

He says a major issue for advice companies is that individuals may have enabled remote access to company facilities to allow people to work from home better, but this has also created the challenge of ensuring they can access the systems they need securely.

Fleming says many company's IT departments “focused on productivity in the early days of the pandemic, they focused on making sure staff were set up to work from home, but perhaps they didn’t focus on doing it safely.”

He says this has led to an increase in “ransomware” attacks, whereby data is stolen from workplaces, with the hackers then trying to sell it back to the company concerned. 

There have also been incidents where hackers threaten to publicly release data that could embarrass the clients of the company, and in this way, attempt to extort money twice for the same hacking activity.