Advisers should be on guard over hacking risk


By Sarah Kendell

Email Article Print Article

The increasing risk of major hacking events demanded advice licensees put cybersecurity at the heart of their business strategy, given the level of sensitive client information held on internal software systems, according to Midwinter.

Speaking to financialobserver as the software company announced its new cybersecurity service for advisers and accountants, Midwinter managing director Julian Plummer said licensees should consider recruiting independent directors with software and technology experience, given the catastrophic effect a major cybersecurity event could have on their business.

“I’ve been quizzing large advice practices about the make-up of their directors and typically they consist of finance professionals to direct on corporate management processes – cybersecurity professionals are sitting at the kids table, but the global security situation demands it is time for these guys to actually have a say in how the company is run,” Plummer said.

“If you had a choice between a negative compliance event and a negative cyber-event, the compliance event can typically be handled by contacting the client and remediating them, but if you have a one-off cyber-event, the consequences are much greater – it has an immediate impact on all clients and it could be a business-ending event.”

He referenced data from the United States’ National Cyber Security Alliance revealing 60 per cent of small businesses were unable to sustain their business six months after a cyberattack, while the average cost to repair such an attack was US$690,000.

“If you think about what sort of information accountants and advisers have on their clients, the better that adviser is, the more information they have on the client, so the more damage that can be done with a security breach,” he said.

He said the group’s cybersecurity service, Kamino, would be launched in the third quarter of 2017 and would involve an audit of licensees’ security processes and recommendations around how to incorporate those processes within their broader risk management framework.

“It is often pretty simple stuff, such as ensuring staff have their automatic updates on, are using strong passwords that are different for each website or platform and using a service like Password Manager that can store a series of complicated passwords so you don’t have to remember them,” he said.

“It’s all about gathering information about what software they are using, how they use it and what their vulnerabilities are.”

To head up the new service, the group had appointed Edward Li, a former information security manager for Commonwealth Bank of Australia and the Reserve Bank of Australia, he added.

« Back to Articles