Periodic insights from our Investment and Private Client Teams on a broad range of investment and advice-related topics
Published by the Private Client Team at KJ Harrison Investors
Given the global reliance on digital technologies, KJ Harrison is committed to continuously investing in its information technology platforms, developing processes to strengthen our cyber risk management practices, and taking proactive steps to inform and protect our clients and the firm from data loss, fraud, identity theft, and other bad actor effects. With October being Cybersecurity Awareness Month, here are further details on the most common cyberattacks and how you can carry out simple security measures to protect yourself and mitigate potential security risks.
Vigilance and Awareness Are Key Protection Tools
Cyber attackers and fraudsters seek to cause harm to firms and their clients by using fraudulently obtained information to conduct unauthorized transactions or steal information to be used for other illicit purposes. Keeping prevention top of mind, here are some common types of attacks for you to be aware of:
Social Engineering Attacks
Bad actors will attempt to deceive staff at financial firms into sharing sensitive client information or conducting unauthorized transactions, such as the transfer of funds, by presenting themselves as a client or someone authorized to act on behalf of a client. These attacks usually involve the use of email. It is essential to have a multi-factor authentication mechanism to validate and restrict access to a limited group of authorized users, protecting your sensitive data.
Carry out simple security measures to protect yourself and mitigate potential security risks.
Many people tend to use the same combination of username and passwords across different websites and applications. This often results in credentials being stolen from a data breach. This can result in cyberattacks to your important financial services.
Protection and Detection Tools
KJ Harrison’s collaboration with our clients is our strongest defence against cyber and fraud risk. Financial service companies should implement control measures and policies and procedures that may include independent, verbal verification of your requests, holding your request until they hear from you, taking extra vigilance with requests pertaining to the transfer of assets out of an account, and monitoring accounts for anomalous behaviour.
Cyberattacks and fraud risk are increasing and becoming more sophisticated, yet there are many defences and preparedness that you and your wealth manager can implement that will create an effective risk mitigation strategy.
Strengthen Your Cyber and Fraud Defences
- Do not share login credentials or personal identification information with anyone or any application or website unless you have personally and independently verified the request
- Do not using public wireless networks
- Do not use the same username and password for more than one online service
- Use strong passwords or, better, passphrases that contain 12+ mixed digits and special characters
- Notify your service providers immediately if you suspect your credentials or email have been compromised
- Ensure your devices have all updates installed and your anti-virus product is current
- Use social media carefully and responsibly to minimize impersonation
- Use GPS trackers and location services carefully
- Take advantage of enhanced security features, such as fingerprint readers or facial recognition, on newer devices
- Ensure that your wealth manager uses rigorously tested and secure platforms that meet the industry’s most stringent requirements for data security and privacy, system penetration testing and disaster recovery technology.
Cybersecurity is a Regulatory Priority
While there are steps that we can take personally to protect ourselves, you can also take comfort in the fact that the investment management industry’s
primary regulator, the Investment Industry Regulatory Organization of Canada or IIROC, enhanced their initiatives to support member firms with their cybersecurity preparedness. It is mandatory for investment managers to report any cybersecurity incidents to regulators so the industry can better understand cyber trends, cross-cutting issues, weaknesses in the financial services sector, and facilitate information sharing as an essential tool for mitigating cyber threats, particularly in a rapidly evolving threat landscape. We took part in a self-assessment survey, reviewed best practices guides, and disseminated information on COVID-19-related cybersecurity topics such as ransomware, fraud, and remote access to help the industry protect clients’ wealth. We will also participate in industry-wide testing and table-top exercises to help strengthen the industry.
For more information about cybersecurity, please contact a member of the Private Client Team.