Fraser Jack

Less than half of financial advice practices currently educate their staff on cyber security and allocating a modest monthly budget for cyber training could prevent a potential disaster.

Speaking at the Professional Planner Advice Practitioner Summit on Wednesday, Cyber Collective founder Fraser Jack said allocating $15 a month per each employee is a realistic budgetary goal advice practices should aim for.

He noted research from CoreData that only 38 per cent of financial advice firms educate their staff on cyber security.

“If one firm gets hacked, and it makes it onto A Current Affair, we will get tarnished with it,” Jack said.

A man with a plan

Jack noted the National Institute of Standards and Technology has framework businesses can use to create a cybersecurity plan.

The framework identified ‘before’, ‘during’ and ‘after’ segments.

In the ‘before’ section, practices should identify potential threats and put in protection in place and train the team on the implemented policies and procedures.

For the ‘during’ phase, it’s having detection software in place to help staff pick up and respond to threats.

The last stage is using recovery and restore software to reclaim lost data and information.

Jack recommended any staff training should not be too technical. Otherwise, staff will potentially struggle to understand it. More importantly, it also should be regular and ongoing – not all at once.

Create strong passwords and update software

It may seem like obvious advice, but it often needs to be reiterated that creating long, strong passwords is essential and using a password manager can be beneficial.

“Also make sure every single product that contains client data has multi-factor authentication turned on,” Jack said.