Risky Business: The Largest Cyber-Risk for Financial Advisors

May 12, 2016 |
Decorative image of padlocks over computing

There is no way to completely protect against sophisticated cybercriminals. That said, the more aware consumers are, the better. The same is true for big businesses. As cybercrime takes a bigger bite from the pockets of U.S. consumers and businesses each year, people are beginning to pay more attention and increase defenses. These are positive trends, but more needs to be done.

To discuss these issues, Preston Connell at Delaware Investments recently spoke with us after some branch office visits with wealth managers. He realized that advisors could never be too educated about cybersecurity and how to protect against cybercrime. We sat down to take a deeper look inside cybercrime and how it’s impacted the wealth management industry in particular. Here are some of the questions Mr. Connell asked during a Q&A published in a two part series.

PC: Is it true the financial services industry suffers the greatest losses from cybercrime annually?

LT: It’s hard to measure cybercrime losses because there is no central repository for these crime statistics. The lack of information is made worse by the fact that many cybercrimes go unreported. Believe it or not, even many big companies often do not contact law enforcement when they have been victimized. This prevents the FBI and other agencies from seeing the full picture.

From all the data available, it’s clear that financial firms are a primary target of sophisticated criminal groups. These groups’ tactics can range from developing malware, to launching social engineering attacks (which are designed to trick people into skirting their normal security procedures), to presenting insider threats.

PC: What do you see as the largest cyber-risk confronting financial advisors?

LT: The fastest growing trend in cybercrime is what is known as the business email compromise, or BEC. These are emails meant to convince businesses to wire money out of the country to accounts controlled by criminals. According to the FBI, cybercriminals are increasing their attacks against businesses working with foreign suppliers or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business email accounts through “social engineering” or computer-intrusion techniques to conduct unauthorized transfers of funds.

Financial advisors need to be on guard against highly sophisticated emails that request the transfer of funds to foreign accounts. Some of these emails may appears to include inside information, which can make them seem legitimate.

The FBI’s Internet Crime Complaint Center (IC3) has the following advice for businesses to protect against this type of scam:

  • Carefully scrutinize all email requests for transfer of funds to determine if the requests are out of the ordinary.
  • Verify changes in vendor payment location by adding additional two-factor authentication, such as having a secondary sign-off by company personnel.
  • Confirm requests for transfers of funds. When using phone verification as part of the two-factor authentication, use previously known numbers, not the numbers provided in the email request.
  • Know the habits of your customers, including the details of their payments and the reasons behind them.

PC: What steps should a financial advisor take if a client suspects they’ve been the victim of a cybercrime?

LT: Most firms have protocols for addressing cybercrime situations. First, check your firm’s guidelines. But generally speaking, if a victim has lost money in an email scam, one should contact the sending bank and the FBI immediately. It may be possible to intercept the transfer before it’s too late. You should also report stolen financial information or identities and other cybercrime to the IC3 and to your local law enforcement or state attorney general as appropriate.

PC: What are some good cyber-safe habits advisors should follow?

LT: I would suggest this list, which was developed by the Anti-Phishing Working Group:

  • Update your computer with the latest security software, web browser, and operating system.
  • Protect your personal information by asking your bank for additional ways you can verify who you are before you access that site. These can include tokens or one-time passwords sent to your cell phone.
  • Use strong passwords by combining capital and lowercase letters with numbers and symbols to create a more secure password. Make sure you use a unique password for every account.
  • When available, set the privacy and security settings on websites to your comfort level for information sharing. It’s OK to limit whom you share information with.
  • Be careful when connecting to the Internet. Links in email, tweets, posts, and online advertising are often how cybercriminals compromise someone’s computer. If something looks suspicious, even if you know the source, it’s best to delete, or if appropriate, mark as junk email.
  • Be wary of communications that implore you to act immediately, offer something that sounds too good to be true, or ask for personal information.
  • Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely.

Individualize Network Access to Only the Resources Each User is Authorized to Use. Learn How. Get the white paper.

Dynamic, Context-Aware Network, Application and Content Security Solutions for Financial Services

Wealth managers trade on their reputation. Poor governance and compliance, and the all too common breaches as a result of cyberattacks and insider threats jeopardize both the reputation and bottom line of any financial institution. Staying competitive, and ensuring customer privacy requires sound processes and secure financial systems.

Learn how Cryptzone helps wealth managers stay compliant with regulations, protect customer information and reduce the risk of cybercrime, privacy breaches and confidential information leaks.

Back to Blog Home

Leo Taddeo

Leo Taddeo
Chief Security Officer

Leo Taddeo is the Chief Security Officer (CSO) for Cryptzone, a provider of dynamic, context-aware network, application and content security solutions. Taddeo, former Special Agent in Charge of the Special Operations/Cyber Division of the FBI’s New York Office, is responsible for analyzing the cybersecurity market to help shape Cryptzone’s vision for security solutions. Taddeo provides deep domain insight into the techniques, tactics and procedures used by cybercriminals, to help Cryptzone continue to develop disruptive solutions that enable customers to defend against advanced threats and breaches.

Prior to Cryptzone, Taddeo led more than 400 agents and professional support staff in cyber investigations, surveillance operations, information technology support and crisis management for the FBI. He oversaw high profile cases, including Silk Road, Blackshades and JP Morgan.

Previously, Taddeo served as a Section Chief in the International Operations Division, where he managed FBI operations in Africa, Asia and the Middle East. Taddeo has held various roles of increasing responsibilities in the field, including supervising a joint FBI/New York City Police Department Joint Terrorism Task Force and serving as the Legal Attaché in Rome, Italy.

After receiving his degree in applied physics from Rensselaer Polytechnic Institute in 1987, Taddeo served as a tank officer in the U.S. Marine Corps. In 1991, he was awarded a Purple Heart and Bronze Star Medal for valor for service in the Gulf War. Taddeo then earned a Juris Doctor from St. John’s University and joined the New York law firm of Mound, Cotton & Wollan, where he practiced civil litigation until entering the FBI.

Taddeo is a graduate of the CISO Executive Program at Carnegie Mellon University. He also maintains the Certified Information Systems Security Professional (CISSP) and GIAC Certified Incident Handler certifications.

Leave a Reply

Your email address will not be published. Required fields are marked *