How to keep your client communications secure
The COVID-19 lockdown has seen widespread evidence of increased activity from fraudsters. Here are some simple steps you can take to protect your business and your clients.
Protect your client meetings
When using virtual meeting software you should make full use of all the available security features. Many systems can set a password for the meeting so only those you invite can join. You can also use lobby features to approve people before they join the meeting.
Links to join the meeting should never be posted online and only shared directly with participants. If you have a virtual meeting system available within your firm’s client portal, sticking to this can offer a further level of security.
Use a secure client portal
Fraudsters imitating an adviser firm’s email address and attempting to interrupt client communications is a major cyber risk. To reduce this risk, wherever possible, conduct all client communications via secure portals.
It is good cyber security practice to only accept instructions involving financial transfers from clients via your secure client portal. I have come across many firms who have stopped identity fraud involving tens or even hundreds of thousands of pounds in this way.
Ensure your emails are encrypted
Some clients will not use a client portal so encrypted email should also be essential to use with them. Sending an email that is unencrypted is like putting a postcard in the mail. Anyone who can find it can read it.
Financial criminals have highly sophisticated programs that search out unencrypted email. These programs recognise the structures of account information details and other financial information necessary to commit fraud.
Sending sensitive client information, either financial or medical, in an unencrypted email is a serious breach of GDPR; it is essential that any email with sensitive data is encrypted. Historically, this has proven difficult as not all platforms and insurance companies have accepted encrypted email. Recently Origo, a fintech company, has adopted an industry solution to meet this need, Unipass Mailock.
Over 35,000 advisers working in our industry already use Unipass Identity to log onto websites and other electronic services, so adopting Unipass Mailock is a natural step and a great way to ensure that all your email communications can be suitably protected.
Having one system across the industry will make it far easier for advisers as they can be confident that all insurers and platforms will accept the same encrypted email format. That said, not everyone is moving to embrace this change as quickly as they should do and I believe it is urgent that they do so.
Don’t use webmail providers
There is another important step to email security that all advisers should take. I’m frequently surprised to see about one in five IFA firms using a webmail address (ie. Gmail, MSN and Hotmail) for professional email communications.
As long ago as 2008, the FCA Data Security in Financial Services report explicitly stated that webmail systems are not sufficiently secure for client communications and should not be used for such purposes. At the time, the FCA warned that they would revisit this subject and take action against firms who have not followed their guidance.
With over 50% of the FCA‘s 2019/20 business plan focused on the impact of technology, and especially cybersecurity, it is a “when” not an “if” this action will be taken. Any firm still using any of the above for client communication is leaving themselves open to a significant regulatory fine, so it must be time for firms to implement their own email addresses. This is relatively easy to do and your usual IT support company should be able to assist.
While it may seem that implementing the above practices will make client communications slightly more complicated, it will also make them far safer. I’m a strong believer that businesses should highlight their cybersecurity practices to clients. The vast majority of people will respect and value an advice firm that goes that extra mile to ensure their financial security. After all it is their money you are protecting.
Ian McKenna is the Managing Director of FTRC.
The views expressed in this article are that of the author and do not necessarily reflect the views and opinions of Aviva.
For more information on ways to spot and prevent fraud, visit our Fraud Hub. You can also find out more about online scams at the National Cyber Security Centre and Action Fraud sites.