10 Biggest Cyber Security Mistakes Financial Advisors and Planners Make…And How to Avoid Them
by Mark Dodds, Co‑owner at Compex IT
Financial advisors and planners increasingly rely on digital tools to manage client assets and streamline operations, but this reliance also introduces significant cybersecurity risks.
From my experience with our planning and advisory clients, I’ve seen a pattern of the cybersecurity mistakes they make that leave them and their clients vulnerable.
So, I’ve written down the 10 most common mistakes I see made and how to prevent them:
1. Underestimating the Threat: Small firms often think they’re too small to target, but cybercriminals see them as easy prey. Recognise that every financial firm is at risk, and proactive cybersecurity is essential.
2. Lacking Formal Security Policies: Without clear policies, employees may mishandle sensitive data or company devices. Establish and communicate policies covering password management, data handling, incident reporting, and remote work security.
3. Neglecting Employee Training: Human error is a major security risk. Train staff to recognise phishing attempts, create strong passwords, and identify social engineering tactics.
4. Ignoring Software Updates: Cybercriminals exploit outdated software vulnerabilities. Regularly update software, operating systems, and antivirus programs to patch security gaps.
5. Not Having a Data Backup Plan: Data loss can happen due to cyberattacks or human error. Regularly back up all critical data, including cloud-based data in platforms like Microsoft 365 (No….it’s not backed up!!), and test backups to ensure they’re restorable.
6. Using Weak Passwords: Weak, reused passwords can compromise sensitive information. Use strong, unique passwords and consider multi-factor authentication (MFA) for an added security layer.
7. Overlooking Mobile Security: With more work done on mobile devices, secure them using mobile device management (MDM) to enforce company security policies.
8. Failing to Secure Advisors’ Laptops: Many advisors use personal laptops with little oversight. Ensure these devices have up-to-date security software, the latest patches, and limit access to sensitive information.
9. Assuming IT is Monitoring Microsoft 365 Access: Firms assume IT monitors suspicious activity on Microsoft 365 accounts, but this isn’t always the case. Confirm your IT provider alerts you about unusual access, especially if employees are traveling.
10. No Incident Response Plan: Without a response plan, firms may panic during a cyber incident. Create a clear incident response plan with communication protocols, isolation steps, and designated roles.
By addressing these common gaps, financial advisors can better protect client data, strengthen overall security, and prevent costly breaches.