Simulated phishing attacks can identify holes in advisors' security practices before real attacks are encountered.
As more financial applications and services move online, financial advisors manage an ever-increasing number of logins and passwords that are used to gain access to websites of all kinds. Hackers are well aware of this trend, so instead of attempting to break military-grade encryption or hack into well-defended servers, hackers are going after easier targets: people who type in their credentials online.
Hackers are using sophisticated techniques to fool unsuspecting users to turn over their login credentials in schemes commonly known as phishing attacks. Financial advisors likely aren't aware of how vulnerable their business is to a phishing attack until after the attack is committed and damage is done.
Fortunately, advisors can deploy simulated phishing attacks to determine their vulnerability to such events before they happen and make sure colleagues and employees adhere to good security practices.
Phishing for Billions
If you weren't watching the equity markets in real time on April 23, you may have missed five minutes of brief turmoil. At 1:07 PM Eastern Time, a tweet was posted from The Associated Press Twitter account declaring a bomb had exploded at the White House and President Barack Obama had been injured. The Dow quickly dropped nearly 150 points, but largely recovered just a few minutes later after The Associated Press reported its Twitter account had been hacked.
How did the Twitter account get hacked? According to The AP, the attack was preceded by phishing attempts on AP's corporate network. Several AP staff received "an impressively disguised phishing email" prior to the posting of the fake tweet.
While the attack may have been nefarious in nature, the consequences of the event were very real. The brief sell-off in the wake of the false tweet erased some $130 billion in value among companies included in the S&P 500 before equities rebounded shortly thereafter.
If this kind of attack can have such a significant impact on the equity markets, imagine what can happen if a financial advisor's login to his or her investment custodian website is compromised.
Prepare for the Real Thing
Financial advisors are required by law to routinely test their policies and procedures in a number of business areas, including disaster recovery and business continuity plans. Testing such policies and procedures ahead of a real emergency can reveal problems and weaknesses in the plans so that steps can be taken to improve the business's ability to respond when a true interruption occurs.