Warning: advisers sending ‘far too many’ emails to clients

Warning: advisers sending ‘far too many’ emails to clients
Photo by Torsten Dettlaff from Pexels

Advisers are still sending “far too many” emails to clients despite the cyber risks such a communication channel can entail, Moneyinfo’s founder Tessa Lee has warned.

Whilst some progress has been made by advice firms in identifying the data risks inherent in emails, Lee said there was still “more to be done” to shift the advice industry away from email to more secure messaging channels.

“There is more of a realisation amongst adviser firms around data security than there has been,” Lee told FTAdviser.

“But for us, one of the things we’re hot on is getting advice firms to move client information away from email, because we still see far too many advice firms sending out sensitive client information and reports via email.

“It remains and will remain by far the most likely way any business is going to get compromised today, because we're all getting phishing attacks every day and malware.”

Moneyinfo, a 25-person technology firm, works with companies ranging from two-person boutique financial planners to nationals firms such as Progeny. “It’s often not about the size of the firm, it’s more about their attitude to controls,” Lee explained.

Moneyinfo’s white-label apps allow advice firms to communicate with clients via a secured messaging service which has reporting functions rolled in.

In the first three months of the pandemic, Moneyinfo saw a 1,500 per cent increase in adviser use of secure messaging, and a 500 per cent increase in e-signature usage.

Some advice firms which approached Moneyinfo wanted to interact with clients through a portal with two-factor authentication and know it’s their clients who are logging in, Lee said. 

“We’ve had firms which have come to us and said ‘we’ve had to shut email down for client communications overnight because we’ve had a data breach and somebody [a client] has been compromised’,” she explained.

“I think there's more awareness of it, but I think there's still more we can do.”

Lee said depending on the size of a breach, there were big financial consequences for non-compliance with regulations such as GDPR. The UK GDPR and DPA 2018 set a maximum fine of £17.5m or 4 per cent of annual global turnover for infringements.

"Firms have a duty of care to protect client information – is sending client information and reports via email really demonstrating this?" she asked.

"But also, there's the cost of investigating and preventing the breach happening again. On top of this, things advisers need to consider include a loss of trust from their clients, reputational damage or perhaps downtime they may experience from having to shut down systems, and the restoration of data should they get hit by a malware attack."

At Moneyinfo, Lee runs webinars for advisers to teach them about the perils of email. But Lee acknowledged much of the advice industry still has some way to go with technology adoption.