Opinion - Black hats fuel planning emergency


By Julian Plummer

Email Article Print Article

Related Articles: | |

The financial planning industry is brimming with a great deal of enthusiasm at the moment. While there may be some negativity brewing around legislation, technology seems to be coming up with innovative ways of delivering advice and engaging with clients, increased practice efficiencies and the ability to discover more about our clients than ever before.

Many of the breakthroughs we are seeing are through the increased digitisation of advice businesses. But with the increased push to digital comes risk levels that are off the charts, and may very well be the end of you.

Why am I so circumspect?

Because the ex-head of the Commonwealth Bank’s penetration testing team is my current desk buddy, and some of the potential risks he has revealed to me about our industry have made me very worried indeed (to the point where I’ve had to move seats).

To put it bluntly, your businesses are prime targets for hackers – and if I can be brutally honest, I’m not too sure that the financial planning industry is prepared.

Advisers are in a unique position. You have more information on your client’s life than any other counterparty, more financial records than an accountant, and probably as many medical records as a doctor’s system.

It is this meeting of the medical and financial that makes you such an interesting hit. Forget about a 100 point ID check, you have enough sensitive information to do a 1000 point ID check on your clients.

And let me be very clear. Your vulnerability isn’t your financial planning software, your customer relationship management system, or your client portals.

It’s your internal office networks, the ports you have open on your website and how you access your Microsoft Exchange server when on the road. It’s your employees reusing the same passwords to all your online platform portals and trading systems.

And once a black hat (a fancy name for a hacker) gains access to any single one of those systems, and uses that to slowly gain access to the rest, you’re going to have a very serious problem.

Imagine what could be gained by getting access to your Exchange system. Have you ever emailed a password as a reminder to yourself or someone else?

I’ve seen people gain access to a company’s Exchange server in less than the time it takes you to get a cup of coffee, using nothing but a bit of common sense, LinkedIn and a brute force password engine.

And I’m not the only one thinking this way. An eastern European crime gang called Business Club are currently targeting self-managed superannuation funds (SMSFs) and they are using financial planners, brokers and fund managers as a way into those SMSFs.

Cyber crime is big business. They have tools and systems that automate much of their attacks, and those tools have scientific rigour and methodologies that are world class.

Don’t think they’re not after you, because they are. Don’t think you’re too small, because you’re not.

Don’t think they don’t come for people in places like City Beach in Western Australia, because they do.

Big or small, you’re no different to any other financial planner - you’re connected to the internet, you have an IP address and your clients have money. That’s it, you tick all the boxes.

I’m not normally one to be alarmist, but once I saw all of this completed in front of my eyes so effortlessly, I quickly got the big picture. And the big picture isn’t good.

It’s time to declare a state of emergency for financial planners.

Why an emergency? Well as the old saying goes, a stitch in time saves nine. Don’t wait until you’ve been wounded (quite possibly fatally).

Build a shield wall, secure yourselves and challenge your infrastructure. Seek expert advice and undertake a vulnerability assessment of all your systems.

Ask an expert to come into your offices and observe what you do.

I’ve said it before and I’ll say it again - software is eating the world. Every company is becoming a software company, and that’s particularly true in our industry.

So with that in mind and as we move further into the digital age, financial planners must then look at risks the same way software companies do.

Be ready when they come for you.

Julian Plummer is managing director of Midwinter

« Back to Articles