How to reassure customers about cybersecurity
You should be able to answer customers’ cybersecurity questions at any time, but you should also brief them on the topic during the onboarding process, said Ivo Wiens, senior director of security solutions architecture at CDW. Canada, a reseller and an IT services company.
This training process should include a user-friendly document that explains the security measures taken by your firm.
“Avoid technical jargon and use graphical examples of what a normal interaction will look like,” Wiens said. “The document should be clear and not long.”
This security guide should set out a checklist for you to follow when interacting with customers, Wiens advised. These checks can help clients and advisors avoid fraud in which criminals impersonate clients over email or phone, convincing advisors to release funds to fake accounts. Controls can also prevent fraudsters from tricking customers into divulging their own information.
“Clearly describe the methods of communication that will be used, the questions that will be asked, and the information that you will never request through insecure communication channels like email,” Wiens said, adding that prohibited information should include the words passwords and social insurance numbers.
“Outline the type of questions your business will and won’t ask,” and tell customers to consult the security guide when they feel uncomfortable about a transaction, he added.
Other guidelines include accepting a communication channel to verify client transaction requests, said Alexander Poizner, co-founder and CEO of Toronto-based cybersecurity advisory firm Parabellyx, which advises several hedge funds on the data security. Ideally, customers should be called at a specific number to confirm transactions, and this number should not be mentioned in other insecure channels such as email.
The document should also include a number customers can call if they’re concerned about a recent interaction, Wiens added. Consider reminding your team of advisors to refresh each quarter on the document guidelines.
Be prepared to respond to security issues
Clients may also raise their own security concerns, and advisors should be prepared to address them.
One of the biggest concerns will be data loss from hackers and ransomware. Many customers might not trust a small consulting practice to handle data securely, Poizner warned. So the answer may be to let someone else do it.
“The best way to approach it is to say that a company specialized in this field protects us, or that we do not store this information,” he suggested.
Poizner recommended cloud-based services for small advisers and wealth managers because the companies that manage them are familiar with data protection. This includes specialized services for advisors as well as more generic productivity suites like Microsoft’s Office 365.
Customers – especially wealthier ones – might not want their data stored in another country that their governments might have access to. Check out Canadian-based storage options, Poizner advised.
You can further build customer trust by letting customers know the extra steps you’re taking to protect their online accounts, Poizner added. This could include using two-factor authentication (usually through an authenticator app) to ward off phishing attacks and other password theft.
You should also have a business continuity plan to continue operating in the event of a cyberattack, Poizner said. Although clients don’t need to know the specifics, they will be reassured that you have measures in place to continue operating if an attacker temporarily takes your practice offline.
Using digital services to make things more convenient for customers can win you more business, but smarter practices also reassure customers that their data is secure. As headlines about data breaches continue to emerge, a little advance communication can go a long way.