Identity theft is a growing risk. Scammers are always looking for new ways to get your clients to part with their money and the rapid changes in technology are helping them. Find out how to keep them informed about the risks and what your business can do to protect them.
As a financial planning professional you are privy to something that many scammers want to get their hands on – your clients’ personal financial information.
Once they have it, they can access personal bank accounts and transfer funds out. They can bill goods and services and take out lines of credit or phone plans in your clients’ names. Some may even create new bank accounts in your clients’ name and use these for money laundering. And all this can happen without your clients even being aware of it.
As a professional holding this type of sensitive data, you have an important role to play in stopping these crimes from happening. You can do this by ensuring your systems are secure so clients’ information is safe. You can also support clients by letting them know about the risks and how they can better protect themselves.
What the numbers say
The Notifiable Data Breaches (NDB) scheme lays out the obligations for organisations covered by the Privacy Act 1988, including financial planners. These organisations should take reasonable steps to secure personal information and eligible data breaches must be promptly investigated and reported to the Office of the Australian Information Commissioner (OAIC). If serious harm is likely to result, you must notify affected clients so they can take action to address the possible results.
Worryingly, the latest NDB report shows that the number of data breaches reported to the OAIC between July and December 2019 jumped 19%, compared to the first half of the year. The report reveals that malicious or criminal attacks (including cyber incidents) remain the leading cause of data breaches, accounting for 64% of all notifications.
Finance is the second highest reporting sector (after the health sector), making up 14% of all breaches. And, almost a third of data breaches notified between July and December 2019 involved identity information – information used to confirm an individual’s identity, such as passport number, driver’s licence number or other government identifiers. Theft of paperwork or storage devices was also reported to be a significant source of malicious or criminal attacks.
The likely victims
Surprisingly, while Gen Z and Millennials may be more tech-savvy, many are defrauded through social engineering tricks or because they simply lost their wallet or purse, according to UK research company Global Data. It also found the oldest and youngest generations are more prone to being taken in by scams that rely on convincing them to part with information.
If your clients use social media, their risk of identity theft may be higher. A study by RSA, a global company that provides solutions for digital risks, revealed that social media fraud attacks increased 43% in 2018 as cybercriminals continued to find new ways to exploit social media platforms for gain.
RSA also says fraud on mobiles has also grown significantly over the past few years, with 70% of fraud transactions being initiated via a mobile device channel in 2018. It adds that the use of rogue mobile applications to defraud consumers is on the rise. In 2018, it identified an average of 82 rogue mobile applications a day across most popular app stores.
Protect your data
In their Ethics CPD unit on protecting data, Funds Management company GSFM says financial planning practices can expect to be a potential target for cyberattacks because they collect and manage lots of data and sensitive information. This makes it important to assess your business risk and prepare an appropriate defence. Failure to address security issues that could contribute to a data breach could be seen as a failure to act in your clients’ best interests in terms of FASEA’s ethical standards, says GSFM.
There are many resources to help you improve your cyber security. The Australian Cyber Security Centre (ACSC) provides plenty of advice and other useful websites include Scamwatch, Australian Federal Police, Stay Smart Online and AUSTRAC.
ACSC says cyber security doesn’t have to be difficult. By implementing simple measures, your business can go a long to way to ruling out, or reducing the impact of, the most common cyber security incidents. Strong password protection strategies and raising staff awareness about the importance of protecting credentials are two important priorities. The ACSC also recommends using multi-factor authentication for all remote access to business systems as well as patches and anti-virus software.
Data also needs to be protected wherever you do business – in your office, at home, and anywhere offsite that client data may be accessed or used.
Protect your clients
Cybercrimes usually make it into the headlines because of large breaches or because they involve well-known companies. As a result, many individuals believe an attack can’t happen to them. But it can and does – often with harsh financial outcomes.
GSFM suggest that planners can and should help their clients understand the threat of scams and identity theft. “After all, most scams seek to part individuals from their money, a poor outcome for both you and your client. Educating your clients about known scams and keeping them up to date when you hear of something new is acting in the clients’ best interests.”
With that in mind, this could be a good time to chat to your clients about the risk of identity theft and assess how well they understand the threat, especially given a rise in COVID-19 scams.
