Arrow Icon
blog header pale blue image blog header abstract shape

Heart of Advice

Insights and best practices for successful financial planning engagement

left arrow Back to All Articles

IT Security Vigilance: Wealth Management Cybersecurity for Your Practice

Jason Novak March 24, 2022

Laptop with image demonstrating cybersecurity for wealth management firms

Technology is such a ubiquitous part of our lives that we often don’t give it a second thought. Yet it’s something that needs constant attention to ensure its vulnerabilities are not exploited. As volatility continues to dominate the news, there’s no time like the present for a refresher on steps you can take to keep you, your business, and your clients safe from cybercrime.

Why IT Security Is Important

The cost of cybercrime continues to rise. In their 2021 Cost of a Data Breach Report, IBM found that data breaches that occurred between May 2020 and March 2021 cost an average of $4.24 million. This is up 10 percent from the $3.86 million reported in the previous year’s report.1

Further, data from Proofpoint’s 2022 Cost of Insider Threats Global Report revealed that insider threats pose a growing risk area for organizations and that 56 percent of these events involved negligence.2

So, while stories of cyberattacks from malicious actors may be in the news, most of the things you can do to prevent, or at least minimize, direct damage to your business can be categorized as basic cyber hygiene—developing a routine of small, distinct activities to prevent or mitigate problems.

Implementation Is Imperative

Just like creating a financial plan and then ignoring it will not help your clients reach their financial goals, it is not enough to create cybersecurity measures if they are not fully implemented.

For financial services firms to be serious about keeping their users and clients safe, they need to go beyond the initial step of making sure written policies meet SEC and FINRA guidelines.

First and foremost, conduct a risk assessment of your entire enterprise to assess its vulnerabilities. All elements require close examination so pay attention to all components:

  • Hardware (including mobile and laptop devices), connected peripherals, and network infrastructure
  • Software platforms and solutions (including cloud-based Saas platforms) used to manage accounts and serve clients
  • Users themselves, as human error and human manipulation (social engineering), can be particularly hard to manage

Your information and data security leaders will need a full understanding of all vulnerabilities for any cyber defense system to be effective. Just one weak link is enough for malicious actors to find and exploit.

Once a firm knows its risks and vulnerabilities, it’s time to address them. This includes the continuous monitoring of devices, networks, and users to stay ahead of the ever-changing cyber threat landscape.

Security Beyond Policies and Procedures

Having a broad plan in place is only the first step in protecting your firm from cybercriminals. The best plan in the world is worthless without putting the infrastructure and solutions in place to implement it.

This includes simple measures that many of us often overlook, such as having a strong password and not clicking on suspicious links. Keep in mind, there are also ways bad actors can get onto a computer without the user doing anything wrong. So, preparing for a cyberattack also means doing everything possible to minimize potential damage if an attacker does get in.

Steps firms must take to strengthen their environment include:

  • Patching applications and operating systems on a routine basis and leaving automatic updates turned on unless patches are pushed through a centralized system.
  • Ensuring anti-virus protection remains up to date and considering the use of a second opinion malware scanner.
  • Using a password management utility or password safe to create randomized passwords and enabling a secondary authentication method.
  • Using care when opening attachments or clicking on links in emails from unverified senders.
  • Encrypting sensitive data via email services or encrypted archives and sharing the password through a different communications tool such as phone or through text message. Never attach files containing sensitive information directly to emails.
  • Creating policies and procedures for the organization’s employees and educating them regarding information security best practices.
  • Conducting phishing exercises to help employees identify unsafe situations.
  • Giving employees only the access they truly need to do their jobs.
  • Researching and performing due diligence on cloud-based services.
  • Ensuring business-critical information is routinely backed up and restores are tested.

I can’t emphasize this last point enough. Regularly backing up information is important but testing those backups to ensure they are working is crucial.

Help Your Clients Protect Themselves

Just as your business has become more and more dependent on the use of technology, so have the lives of your clients. Beyond the vulnerabilities clients may pose to the cybersecurity of your business, you also want to ensure they keep their own data safe from cybercriminals.

This is especially necessary when it comes to clients who may be less computer savvy. In 2020 many people who were not yet online began to embrace technology out of necessity. The over 75 and under 25 age groups have been found to be most vulnerable to fraud attacks. Challenges faced by the over 75 age group generally stem from this group’s unfamiliarity with the latest digital technologies which increases their susceptibility to scams and phishing attempts. For younger people, the risk comes from their tendency to be more relaxed when using technology and less concerned about sharing personal data.3

Many of the same tactics applied to keeping your business safe from cybercrime also apply to your clients, albeit on a smaller scale. These safety measures are important to follow for all online interactions and not just when it comes to their online financial activities.

  • Installing software that protects against malware and using a firewall program to prevent unauthorized computer access—also allowing for automatic updates.
  • Using the strongest authentication offered, especially for high-risk transactions, and enabling two-factor authentication wherever possible.
  • Understanding internet safety features like encryption and conveying the importance of logging out of financial accounts when transactions are complete.
  • Being suspicious of unsolicited emails asking to click on a link, download an attachment, or provide account information.
  • Being careful where and how they connect to the internet and only access it for financial or other activities that involve personal information through a known, trusted, and secure connection.
  • Being careful when using social networking sites.
  • Taking precautions with devices by opting for automatic updates to operating systems and apps when they become available to help reduce vulnerability to software problems.

Cybersecurity Is a Necessary Best Practice

There are times when the world is in a heightened state of security, but measures to keep you and your business safe from cybercrime aren’t just necessary during times of volatility. The time you take to build and implement a cybersecurity plan will be well spent when it contributes to the trust you gain from your clients. Consider developing a security statement to share proactively to allay any concerns before they even ask.

With ongoing vigilance and the application of best practices, you can rest assured—and communicate to your clients—that your firm can be trusted to help them manage their financial lives in the safest way possible.

DISCLAIMER: The eMoney Advisor Blog is meant as an educational and informative resource for financial professionals and individuals alike. It is not meant to be, and should not be taken as financial, legal, tax or other professional advice. Those seeking professional advice may do so by consulting with a professional advisor. eMoney Advisor will not be liable for any actions you may take based on the content of this blog.


1 “Cost of a Data Breach Report 2021.” IBM Security, 2021. July 1.

2 “2022 Cost of Insider Threats Global Report.” Proofpoint, Inc., 2022. n.d.

3 Germain, Jack M. “Young Adults, Seniors Over 75 Most Susceptible to Cyber Fraud: Report.” TechNewsWorld, 2021. March 18.

Image of Jason Novak
About the Author

Jason Novak is senior vice president of IT and Security at eMoney Advisor and has decades of information technology and security experience including vulnerability assessments, risk management, social engineering, compliance quality assurance, incident handling, business continuity and disaster recovery, and more. He is certified in Risk and Information Systems Control (CRISC) and is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), and Certified Information Security Manager (CISM).

You may also be interested in...

A financial professional works at his desk.

7 Skills You Need to Be a Successful Financial Advisor

Being a successful financial advisor goes beyond having wealth management knowledge and financial planning skills. As the scope of financial… Read More

generational wealth planning

Leveraging Technology for Generational Wealth Planning

The Great Wealth Transfer is on the horizon, with $84 trillion going to heirs and charities by 2045.1 Advisors who… Read More

Millennial woman shopping on her phone

7 Lessons for Financial Advisors from Millennial Shopping Habits

It’s hard to believe, but the oldest Millennials—people born between 1981 and 1996—are now in their early 40s. Despite the… Read More

eBook: The New Advisor Value Proposition

Download our latest eBook and learn how top advisors are combining Fintech and FinPsych for superior client outcomes.

Download Now

Sign up to have the most popular Heart of Advice posts delivered to your inbox monthly.

Heart of Advice by eMoney Advisors

Welcome to
Heart of Advice

a new source of expert insights for
financial professionals.

Get Started

Tips specific to the eMoney platform can be found in
the eMoney
application, under Help, eMoney Advisor Blog.