How to protect clients’ personal and financial data
With all the news items and updates that financial professionals must keep abreast of to serve their clients effectively — market conditions, tax changes, estate planning issues, and continuing education requirements, to name just a few — it would be understandable if staying on top of the latest cybersecurity news slipped through the cracks.
The problem is that it doesn’t matter to criminals who seek access to sensitive financial data that there are other things to worry about. The incidence of cybercrime is on the rise in Canada, and most cases go unsolved. With that in mind, Home Trust is offering some tips to smaller businesses based on the lessons we’ve learned from implementing a robust cybersecurity architecture.
Why financial professionals should care about cybercrime
According to Statistics Canada, 21% of businesses have been affected by a cybersecurity incident. Of those incidents, 23% involved an attempt to steal personal or financial information. Given the nature of the data collected by advisors and its attractiveness to cybercriminals, the need for rigorous cybercrime prevention measures is clear.
StatsCan reports that 21% of Canadian businesses have experienced a cyber incident
But how do outside parties gain access to company data, despite all that we think we know about staying safe online? There are numerous types of cybercrime, but these are some of the most common:
Ransomware: A malicious software that encrypts system files until the victim pays a ransom to restore it. Often, ransomware starts with an email that looks like an official notice from a reputable company (see: “Phishing”) and includes an attachment or a link that, once opened, allows the virus to attach itself to the hard drive. As the perpetrators of ransomware are often overseas, and request digital currency, like Bitcoin, as payment, there is little local law enforcement agents can do to help.
Phishing: Forged emails that may appear to be from a reputable source asking for a credit card number or other private data. An example of phishing is a notice one might receive from Canada Post requesting online payment for customs and duty for a package. If one falls victim to this scam, it only becomes apparent that there is no package once a credit card number has been entered. Phishing emails can also be used to obtain login details for sites like online banking or investment accounts. As in the case of ransomware, the police are often unable to assist.
Identity theft: Involves the collection of an individual’s personal information — social insurance number, driver’s licence number, name and date of birth, etc. — for criminal purposes. Once identity theft has occurred, the stolen information can be used to fraudulently open accounts, get credit cards, and even take out mortgages or change title registration. Cases of identity theft are difficult to prove, and even more difficult to prosecute.
Common cybercrimes include ransomware, phishing and identity theft
It is something of an understatement to say that the internet has revolutionized the way business is conducted, and nobody would advocate going back to an analog world. An understanding of common types of cybercrime is important, but knowledge alone is not enough to formulate a concrete plan to protect client data.
The information, materials and opinions contained in this Blog are provided for your information only. This Blog does not constitute legal, financial or other professional advice and you should not rely on it as an alternative to specific advice based on your particular circumstance. This Blog contains links to third party websites. These links are provided for information and convenience; Home Trust does not endorse the content of any third party website, and it makes no representation or warranty as to the information on such third party sites. By clicking on any link to a third party site, you leave the Home Trust website and do so at your own risk. Home Trust disclaims all liability for any damage or loss that results from your access to or reliance on information contained in this Blog or any third party site.