Advisers should stop using email as their primary communication method with clients and start using client portals as the preferred alternative.
Cybersecurity has been in focus this year due to ASIC’s penalty against RI Advice which has seen other cyber experts noting flaws with how the industry is dealing with security.
Firefly Wealth director Adele Martin told Professional Planner there are several flaws when it comes to using email as a communication vehicle.
“If a client requests a withdrawal, how do you know if it’s coming from the client? It’s so open to being hacked and there have been numerous examples of where emails have been hacked for advisers.”
Martin added that advisers often don’t have insurance that covers email hacking.
“This is going to be an area advisers are increasingly going to look at more for security reasons and client benefits.”
Moran Partners Financial Planning principal Paul Moran says people are sending all sorts of stuff through email without thinking about it.
“Once you get into someone’s emails it’s pretty easy to access what you want to access. Cyber risk is becoming much bigger than ever before.”
Portal to the unknown
The most likely solution to deal with client engagement will be through secure portals but in the advice space, Martin says client portals are still new and the take up hasn’t been significant.
“Accountants have been doing this for years; my accountant did this 10 years ago.”
Moran had a similar finding, although it is with a caveat.
“It’s something everybody should be using but very few people are using them because a lot of them are a bit ordinary,” he says.
Moran says a lot of client portals are attached to existing advice software and are not user friendly. “Having a portal that’s been built as a portal for clients to log into but also receives advice documents backwards and forwards is the way of the future, along with other cyber security measures.”
Martin says the challenge for the advice industry will be positioning the benefits to clients because it is something new.
“Explain to the client the reason you’re doing it is to protect them. They’d be a lot more comfortable with understanding why you’re doing that,” she says.
Martin says in addition to security, client portals will overall improve the client experience.
“So often when a new client comes on board – or with an existing client – there’s always so much repetition. I’m big on the education piece, the piece we’re doing all the time, so why can’t we turn that into videos for clients to watch.”
Martin says this will help the onboarding experience for clients allowing advisers to focus on other priorities.
“This is good for a couple of reasons, it means the client meetings aren’t rushed because they can watch things in their own time and understand it better and it saves the adviser a lot of time because you’re not repeating yourself and they’re getting your best version.”
Feeling secure
Client portals won’t be the only solution to cyber risks and Moran says for advice practices cyber security policy needs to be signed off every quarter, antivirus software updated, and password protectors like LastPass and two-factor authentication (2FA) utilised.
“[2FA] is a pest to use and it’s something that slows the process down because you often have three to four pieces of software open at the same through the day and they time out. It’s a painful thing to do and it’s easy for staff to get sick of it,” Moran says.
However, he adds, from a client point of view having 2FA is important and it shows advice practices prioritise security.
“When clients understand we’re taking it seriously enough to do this, if they don’t want to do it then that’s their call but that’s not the advisers call.”
At the risk of betraying my vintage, and sounding like a Luddite:
It is only a matter of time before the portal gets hacked, and
It is only a matter of time before the password manager gets hacked.
I have clients who struggle to use email – they are literally incapable of using 2FA and are seriously disempowered by our use of complex technologies for everything.
At Financial Mappers we recently had a Financial Planning group request this service. As a result, we have created a portal where clients must log in and documents, plans, and questions are all shared within the encrypted portal. The product should be live by next week.