Understanding what clients fear about identity theft, cybersecurity and hacking is essential in meeting their needs.
Clients are so bombarded with information about cybersecurity and hacking that some analysts are even suggesting methods to “bounce back from cyber fatigue.” The idea is that board members and executives are so exhausted from the constant deluge of information about cyber threats that they have reached a state of paralysis. When not alarmed on a regular basis by IT professionals and regulators at work, news of cyber threats is everywhere else, on the television concerning the ongoing effects of the Target data breach, in every new privacy update sent to their email address, it even seems to slip under the door like smoke and settle at their feet during dinner.
While analysts have been hearing about key points in
cybersecurity on data theft and in protecting loss of client data, clients are
focused on other topics. Oddly, the majority of hacking and hijacking that
happens to major companies comes in via email. One major healthcare provider in
the Philadelphia region, Mainline Health, is still feeling repercussions from a
data breach that occurred years ago where employee personnel files were hacked
via emails that were Trojan horses – appeared to be from a bank or service
company and were in fact from hackers.
The most discussed data hijacking of 2017, involving the
virus wannacry, slipped in through emails and older out dated computer
systems. While analysts may be most
concerned about new threats of hacking and the best methods of encrypting,
clients may be up to their elbows in the need to upgrade aging email systems or
audit old computer servers. Interestingly, ransomware attacks in the U.S. have
been declining over the last few years, but attention to them has been
increasing, potentially because of the breadth of their impact. While it may
not have impacted the U.S. in large measure, the wannacry virus hit 150 other
countries. Understanding that the cyber
fatigue your clients may be facing on specific topics might not be in alignment
with the actual threat level of those topics is crucial to responding to their
needs. So too is understanding the significant cost associated with upgrading
email systems.
As Trojan horses may still be a concern, it could be helpful
to remind clients and employees about what official emails from your firm will
look like. Years ago, firms sent out emails that reminded clients and employees
that they would never ask for personal information, passwords, or bank account
information via email. Those same informational emails may be helpful now.
Another basic element clients may be worried about involves
employee training. In an especially egregious episode in 2018, Twitter had to
warn users their passwords were possibly at risk to hacking as that computer
company had failed to encrypt the files keeping those records. Understanding where slip-ups in training and
supervision that allow for user error of that magnitude may also be enormously
costly to your clients. An audit of password protection policies, training, and
testing for a large company could be a significant expenditure. While it may be
beyond obvious to a financial advisor to follow every element of protection
required, reminding your clients of those protections and policies could
provide comfort to the client. This may be even more helpful if it was provided
before the client asks, and in advance of a board meeting.
Even more on top of mind for executives and board members
may be the data breaches at the end of 2017 that had no ascertainable cause.
Both Orbitz and Under Amour had significant data breaches that after scrutiny
by forensic experts remained unsolved. Executives may be under pressure to
audit and reinforce firewalls, encryption and other elements of cybersecurity.
This could include aspects of an employee benefit program, especially if
retirement benefits dashboards are accessible through intranet sites like
Sharepoint or other connections. Understanding your company’s safety programs
and the ability to express plans to stay in compliance with federal (and, where
needed, state) regulations will be necessary as companies evaluate any possible
area of access. Companies may start performing
yearly risk assessments on weak points in their data systems in light of these
unsolvable breaches. In fact, many cybersecurity analysts are pushing for
proactive threat assessments for large companies. Having your own assessments
and information at the ready can go far to showing your clients that you
understand their cybersecurity needs.
In short, understanding that boards of directors who were
formerly reluctant to spend company monies on cybersecurity may now be so
cyberfatigued that their decision making may be out of alignment with the
realities of employment benefits. Understanding that, and proactively preparing
for detailed questions about cybersecurity can help you meet your client’s
needs.
Before leaping into the unknown, we recommend a thorough examination of your plan. Because we are experts in the field, we know the marketplace and know what your existing vendor is capable of offering. Through this examination, we can help you optimize the service you receive.
get xpress proposal