Developing your advice business

How to protect your advice practice from cybercriminals

Cybercriminals are becoming more sophisticated in the methods they deploy to extract data and sensitive information from us. Presenting via Zoom webinar, Werner Lunow, IT Security manager at Allan Gray, and cybersecurity expert and KnowB4 managing director, Anna Collard, unpacked some of the current trends, red flags to watch out for, and tips to safeguard your clients and advice practice from cybercriminals. 

As we adjust to the realities of working from home, cybercriminals are stepping up their game to engineer new ways of gaining access to data, with the end goal of stealing money from you and your clients. They seem to be taking advantage of this period of “business unusual” and the preoccupied state we find ourselves in trying to juggle children, homeschooling and work obligations simultaneously.

According to Collard, when we are more stressed or distracted, it makes it easier for criminals to hook us and trick us into not using our critical thinking.

Mitigating the risks

Every business, to an extent, faces external and internal risks that leave them vulnerable to cyber attacks and whether yours is a small or bigger practice, it is important to conduct a risk assessment to understand where your vulnerabilities lie. For many advice practices, third-party transactions pose the biggest external risk. Over the years, we’ve witnessed a number of global data breaches that have occurred as a result of compromised third parties and the lesson to draw from them, is the importance of knowing where your data is going.  

Your employees, wittingly or unwittingly, also pose a risk, so it’s vital to keep your staff members educated on the potential risks out there, have an information security policy in place and conduct annual criminal and credit checks, as ways of limiting your business’s risk to exposure.  

Red flags to be aware of

Phishing remains the most common way cybercriminals are preying on people and the best way to protect yourself against it remains not clicking on a link in an email before verifying the authenticity of the link. To determine the authenticity of a link, hover over it and review the URL. Phishing emails will divert you to an unrelated website.

These days, cybercriminals have added voice phishing (vishing) scams to their repertoire and make use of deepfake technology to create manipulated videos which appear to be from high profile individuals, and intend to dupe unsuspecting victims.

Look out for communications that contain requests to act quickly, or those that elicit a degree of fearmongering. A simple way to defend against being taken for a ride is to apply common sense and interrogate communications you receive. If you haven’t entered a competition or applied to receive COVID-related funding relief, ask yourself: why am I getting this correspondence? Take the time to stop, think and verify before you respond.

Tips for protecting yourself and your clients

For more cybercrime insights, review the webinar recording below.

The financial services, products or investments referred to on this website are not available to persons resident in jurisdictions where their availability or distribution would contravene local laws or regulations and the information on this website is not intended for use by these persons. This website is for information only and does not in any way constitute a solicitation or offer by Allan Gray Proprietary Limited or any of its associates or subsidiaries (collectively “Allan Gray”) to buy or sell any financial instruments or to provide any investment advice or service.

By selecting one of the countries below I confirm that I have read and understood the above and that:

(a) I am not a South African citizen; or 
(b) I do not reside in the Republic of South Africa; or 
(c) I am not otherwise a person to whom the communication of the information contained in this website is prohibited by the laws of my home jurisdiction; and 
(d) I am not acting for the benefit of any such persons mentioned in (a),(b) and (c) and 
(e) I confirm that any investment with Allan Gray is based on my own initiative and not due to any offer or solicitation by Allan Gray.