(The writer is a Reuters contributor. The opinions expressed are her own.)
By Hilary Johnson
Aug 7 (Reuters) - Fraudulent emails from hackers used to be obvious, full of misspellings and bad grammar. Now cyber crooks are even sounding like their victims as they try to trick financial advisers into wiring money from clients’ accounts.
No one at Fort Pitt Capital in Pittsburgh has fallen for such schemes. But the firm, like many others, is beefing up cyber security education for employees. It is also boosting client outreach in the face of rampant identify theft, which the Federal Bureau of Investigation notes is the fastest growing crime in the United States, and cyber attacks, which exceed 100,000 per day.
Fort Pitt held its first cyber security seminar for clients last week, tapping expertise from True North Networks, a New Hampshire-based technology consulting firm it hired to provide network surveillance, employee training and client communication assistance. The seminar offered tips such as using a two-step process to log in to email, developing strong passwords, and evading email phishing attempts.
After a large turnout of more than 50 clients, Fort Pitt expects to hold more events, and is considering developing a webinar, said Todd Douds, Fort Pitt’s director of research and operations.
The need to educate clients about cyber security threats is “morphing the job,” Douds said. “Our role is to be trusted advisers, and that’s historically been around financial planning. But now it’s also about helping them protect their financial assets from criminal activity.”
Mitigating cyber threats fits in well with financial advisers’ mandates, said Karl Schimmeck, managing director of financial services operations at the Securities Industry and Financial Markets Association (SIFMA).
What is more, hacking incidents can land firms in hot water for running afoul of privacy rules and laws. One broker, for example, was recently barred after following a fraudster’s transfer instructions.
“The more people think about cyber security, the better it is for everyone,” Schimmeck said.
SIFMA holds its own cyber security webinars, including one for small firms on Aug. 12, and also works with The Financial Services - Information Sharing and Analysis Center (FS-ISAC), a forum for sharing information about cyber security threats.
Some larger firms have devoted specialized in-house resources to the problem. About a year ago, Raymond James Financial Inc set up a team, Threat Intelligence Analysis, to analyze breaches and hacks, and shape the firm’s response and communications for employees, advisers, and clients, said Andy Zolper, chief information security officer at Raymond James.
For example, the team taps into FS-ISAC, monitors events, and prepares Frequently Asked Questions (FAQs) for advisers when a notable breach occurs, Zolper said.
“Five years ago, the client question would have been, ‘Is my information safe?’” Zolper said. “Now they’re looking for more detail, and we’re definitely providing it.”
Advisers’ mindsets have also changed. “I don’t think the majority of advisers felt as though cyber security was their problem,” Zolper added. “Now they definitely get that.” (Reporting by Hilary Russ; Editing by Suzanne Barlyn and Richard Chang)