Getting the basics right: Five cybersecurity best practice tips for advisers


While BT has multiple layers of security protocols to guard against cyber attacks, it’s important advisers follow best practice as well. Finding the time to implement cybersecurity protocols, especially if you don’t have an IT person on your team, can be challenging. Here are five best practice tips for financial advisers:

1. Complete software updates ASAP

Modern organisations of all kinds are powered by software across laptops, desktops, tablets and phones. When software update notifications arrive, it’s often at an inconvenient time, sometimes in the middle of your
working day. 

But software updates are urgent – they’re often resolving security vulnerabilities which could expose your systems and data to attack. So try to ensure you complete software updates within a day or two of the initial notification, perhaps as you shut down at the end of the day.  

2. Protect log-in details

Don’t reuse passwords. Attackers love trying known username/password combinations across multiple sites, so use a different password for every site. Don’t bother trying to invent or memorise them though. Instead use a password manager to track them for you. And never write them down.

For the devices and services that you use all the time – like your mobile phone – biometrics are both very convenient and offer a good level of security. On the BT Panorama mobile app, advisers and clients can log in by using face ID, fingerprint verification or a passcode.

3. Review how information is stored

Check you have a robust process for collecting information from clients and protecting that information. If details must be sent via email, the files should be encrypted and if forms are filled in manually in your office, ensure they are completed in a private space where no-one can overhear or see.

Have a system where old or expired data is regularly reviewed and purged and create guidelines for your staff about what customer details can be shared, and with whom.

4. Segregate access and authorisation

Ideally client data should be stored in a separate system that can only be accessed by those who really need to know. Use individual passwords to ensure that everyone only has access to the information they really need, and that you can later track who accessed what.

It’s also a good idea to segregate duties for sensitive processes so more than one person is needed to authorise transactions, in addition to the client. Advisers must not direct client two-factor authentication codes to their own phones or emails; these should go to the client only.

5. Check who you are really talking to

Criminals will go to great lengths to convince you that they’re someone else, particularly a trusted person like a client or business partner. Be alert for irregularities in ID documents such as different fonts, spelling errors, different or missing middle names, random lines or uneven photos. Multiple changes to a client’s profile within a short period can also be a red flag.

email icon

Business email compromise: 

Criminals attempt to impersonate you, a customer, or a staff member in an email to steal data or funds. In the more extreme cases, they’ll either break into the real person’s email inbox to further the scam, or set up similar-sounding email domains to send emails from.

person icon

Identity theft:

The most common type of fraud in the super sector, this involves acquiring and using personal information for financial gain.

lock icon


Software designed to gain access to or damage a system, often unknowingly downloaded from the internet – this can affect mobile devices, too. Ransomware is a type of malware where files are hidden or locked unless the user pays an extortion demand to regain access.

shield icon


This is unauthorised access to a system or device in an attempt to steal information or change behaviour (e.g., the destination of confirmation emails or authorisation codes).

At the first sign of anything suspicious, contact your BT Relationship Manager or Customer Relations team on 1300 784 207 and confirm activity on your account. We also constantly monitor transactions and will proactively reach out to you if we see anything unusual. For more information, please visit our cyber and financial crime hub or request a call back.


Important information

Information current as at 28 November 2023. This paper has been prepared by BT, a part of Westpac Banking Corporation ABN 33 007 457 141 AFSL & Australian Credit Licence 233714 (Westpac). The views expressed in this paper are those of the individuals alone unless otherwise quoted, and do not reflect the views or policy of any company in the Westpac Group It has been prepared for the information of licensees and financial advisers only. The information contained in this paper provides an overview or summary only and it should not be considered a comprehensive statement on any matter nor relied upon as such. The paper does not contain, and should not be taken to contain, any financial product advice, and has been prepared without taking into account any personal objectives, financial situation or needs, and you should consider its appropriateness with regard to these factors before acting on it. © BT - Part of Westpac Banking Corporation 2023