Subscribe
|

Advisors’ Ultimate Defense Against Cyberattacks: Humans

Well-intentioned employees can easily fall into digital scammers’ traps.

Photo of a hacker looking at code on several monitors
Photo by Curated Lifestyle via Unsplash

Sign up for market insights, wealth management practice essentials and industry updates.

Griffin Kelly The Daily Upside

Griffin Kelly

Click clack, clack, clickety-clack. We’re in.

When you think of cybersecurity breaches, you probably imagine tech-savvy hackers bypassing firewalls and breaking into mainframes. But in reality, many breaches result from simple human error with employees getting conned by phishing scams. In wealth management, where employees rush to serve clients, it’s easy to fall into a scammer’s trap. 

“We focus so much on external hacks and hardening our systems, but internal employees can be just as damaging,” said Ryan Beach, CEO of consultancy F2 Strategy.

Who’s Up for Some Stratego?

While tech tools like multi-factor authentication are essential, firm employees often serve as the last line of defense. As with a fire drill, Beach recommends practicing for security breaches by having a game plan and running through “table-top exercises” or “war games” once or twice a year. “It not only prepares you for the actual event should it ever happen, but more importantly, it also gets your entire team to think through what the actual vulnerabilities are and where you have risk and exposure,” he told Advisor Upside. “Cybersecurity can’t be owned just by compliance and IT.”

AI Phish-Bait. As technology and artificial intelligence evolve, benefitting advisors and clients, so do cyber threats. Phishing scams now mimic emails, voices, and even faces with startling accuracy. These deceptions can have severe consequences for advisors and clients alike:

  • Americans 60 and older, the typical age of a client, suffered the most reported losses due to internet phishing, extortion, and personal data breaches in 2024 at nearly $5 billion, according to an FBI report released last month. 
  • Meanwhile, 43% of global family offices experienced a cyberattack in the past two years, with more than half occurring in North America, per a 2024 Deloitte report.

“This is a trust business,” Beach said. “Once the trust is gone — and you’ve been required by regulations to explicitly notify your clients that their data (and life savings) weren’t protected with you, even if there was no actual harm — it’s hard to come back from that.”

Smart, actionable news trusted by millions.

Our flagship newsletter delivers smart news and analysis on finance, and investing — all for free

Recent News

Sign Up for Advisor Upside to Unlock This Article
Market insights, practice essentials, and industry updates.