Getting the basics right: Five cybersecurity best practice tips for advisers

Article

While BT has multiple layers of security protocols to guard against cyber attacks, its important advisers follow best practice as well. We know that finding the time to implement cybersecurity protocols, especially if you don’t have an IT person on your team, can be challenging. Here are five best practice tips for financial advisers to help get you started:

1. Complete software updates ASAP

Modern organisations of all kinds are powered by software across laptops, desktops, tablets and phones. When software update notifications arrive, it’s often at an inconvenient time, sometimes in the middle of your
working day. 

But software updates are urgent – they’re often resolving security vulnerabilities which could expose your systems and data to attack. So try to ensure you complete software updates within a day or two of the initial notification, perhaps as you shut down at the end of the day.  

2. Protect log-in details

Don’t reuse passwords. Attackers love trying known username/password combinations across multiple sites, so use a different password for every site.

For the devices and services that you use all the time – like your mobile phone – biometrics are both very convenient and offer a good level of security. On the BT Panorama mobile app, advisers and clients can log in by using face ID, fingerprint verification or a passcode.

3. Review how information is stored

Check you have a robust process for collecting information from clients and protecting that information. If details must be sent via email, the files should be encrypted and if forms are filled in manually in your office, ensure they are completed in a private space where no-one can overhear or see.

Have a system where old or expired data is regularly reviewed and purged and create guidelines for your staff about what customer details can be shared, and with whom.

4. Segregate access and authorisation

Ideally client data should be stored in a separate system that can only be accessed by those who really need to know. Use individual passwords to ensure that everyone only has access to the information they really need, and that you can later track who accessed what.

It’s also a good idea to segregate duties for sensitive processes so more than one person is needed to authorise transactions, in addition to the client. Advisers must not direct client two-factor authentication codes to their own phones or emails; these should go to the client only.

5. Check who you are really talking to

Criminals will go to great lengths to convince you that they’re someone else, particularly a trusted person like a client or business partner. Be alert for irregularities in ID documents such as different fonts, spelling errors, different or missing middle names, random lines or uneven photos. Multiple changes to a client’s profile within a short period can also be a red flag.

email icon

Business email compromise: 

Criminals attempt to impersonate you, a customer, or a staff member in an email to steal data or funds. In the more extreme cases, they’ll either break into the real person’s email inbox to further the scam, or set up similar-sounding email domains to send emails from.

person icon

Identity theft:

The most common type of fraud in the super sector, this involves acquiring and using personal information for financial gain.

lock icon

Malware:

Software designed to gain access to or damage a system, often unknowingly downloaded from the internet – this can affect mobile devices, too. Ransomware is a type of malware where files are hidden or locked unless the user pays an extortion demand to regain access.

shield icon

Hacking: 

This is unauthorised access to a system or device in an attempt to steal information or change behaviour (e.g., the destination of confirmation emails or authorisation codes).

At the first sign of anything suspicious, contact your BT Relationship Manager or Customer Relations team on 1300 784 207 and confirm activity on your account. We also constantly monitor transactions and will proactively reach out to you if we see anything unusual. For more information, please visit our cyber and financial crime hub or request a call back.

Important information

Information current as at 6 December 2024. This paper has been prepared by BT, a part of Westpac Banking Corporation ABN 33 007 457 141 AFSL & Australian Credit Licence 233714 (Westpac).

This communication has been prepared for use by advisers only.  It must not be made available to any client and any information in it must not be communicated to any client.  
The information contained in this paper provides an overview or summary only and it should not be considered a comprehensive statement on any matter nor relied upon as such.
This information does not take into account your personal objectives, financial situation or needs and so you should consider its appropriateness, having regard to these factors before acting on it.

© BT - Part of Westpac Banking Corporation 2024