Cybersecurity Guidance for Financial Advisors: Protecting Your Clients and Their Assets

Cybersecurity Guidance for Financial Advisors: Protecting Your Clients and Their Assets

In today’s digital age, financial advisors have more responsibilities than ever before. Beyond providing sound financial advice and investment strategies, modern financial advisors must also help their clients navigate the perilous waters of cybersecurity.

With cyber threats on the rise and increasingly sophisticated, it’s essential that financial advisors provide comprehensive cybersecurity guidance to help protect their clients and their money. This blog post will outline the key steps and best practices financial advisors should take to become trusted advisors in the realm of cybersecurity.

The Importance of Cybersecurity in Financial Advising

Cybersecurity is no longer just the concern of IT departments; it is a critical aspect of financial management. As a financial advisor, your clients trust you with their sensitive financial information and expect you to help safeguard their assets from cyber threats. By incorporating cybersecurity guidance into your advisory services, you can:

  • Build trust and deepen client relationships.
  • Enhance your reputation as a comprehensive and forward-thinking advisor.
  • Mitigate the risk of financial loss and identity theft for your clients.

Key Cybersecurity Practices for Financial Advisors to Promote

1. Use and Promote Strong Passwords

Many cybersecurity professionals promote the use of strong passwords. Passwords are the first line of defense against unauthorized access to accounts, yet many people still use weak or easily guessable passwords. Financial advisors should encourage or mandate the use of strong passwords for their clients’ investment and email accounts.

Best Practices for Passwords:

  • Use a combination of upper and lower case letters, numbers, and special characters.
  • Make passwords at least 12 characters long.
  • Use a password manager and password generator to create complex passwords.
  • Encourage clients to change their passwords regularly.

Strong passwords are best generated using a password generator included in every password manager. Password generators create random combinations of mixed case letters, numbers, and special characters. The largest benefit of password managers is that you can create complex passwords and simply save them to the password manager to use them in the future. I personally generate passwords of 25 characters.

Changing your password frequently is a best practice that cannot be understated. This is especially true given the massive recent data breaches at Comcast/xFinity (36 million), Ticketmaster (560 million) and Real Estate Wealth Network (1.5 billion). Best practice is to change your password at least quarterly. I typically recommend changing your password to your primary email account monthly. This is significantly easier to change when using a password manager.

2. Use and Promote Passphrases

Social engineering attacks often target the human element of security when the bad actor attempts to deceive your employee into believing that they are your client. A passphrase consists of a question-and-answer pair used to verify the identity of the person you are communicating with, making it significantly harder for attackers to deceive employees through social engineering attacks.

You can implement a passphrase by asking your client for a specific passphrase that is only known to them. You can store this in your Customer Relationship Management (CRM) system. Your employee can call the client to confirm account changes or transactions, such as money movements, when they receive these instructions via email. Your team can verify that they are speaking with the client by asking for and verifying their specific passphrase.

It is important to note that wealth management firms should seek and engage expert advice on implementing passphrases in your business to train employees and clients on the effective use of passphrases.

3. Implement Multifactor Authentication (MFA)

Multifactor authentication adds an additional layer of security by requiring two or more verification factors to gain access to an account. This significantly reduces the risk of unauthorized access, even if a password is compromised.

How to Encourage MFA:

  • Educate clients on the benefits and necessity of MFA.
  • Provide step-by-step guides on how to set up MFA on their investment and email accounts.
  • Offer support for clients who may need assistance in implementing MFA.

4. Educate Elderly Clients on Online and Phone Scams

Elderly clients are often prime targets for online and phone scams. Financial advisors should take extra care to educate their older clients on how to recognize and avoid these scams.

Tips for Protecting Elderly Clients:

  • Explain the common tactics used by scammers, such as phishing emails, fraudulent phone calls, and fake websites.
  • Advise clients to never share sensitive information over the phone or via email unless they are certain of the recipient’s identity.
  • Encourage clients to verify any suspicious communications by contacting the company or organization directly using a known and trusted phone number or email address.
  • Suggest the use of call-blocking tools and services to reduce the risk of phone scams.

5. Regularly Review and Update Security Measures

Cyber threats are constantly evolving, which means cybersecurity measures must be continually reviewed and updated. Financial advisors should stay informed about the latest cybersecurity threats and best practices and communicate these updates to their clients.

Actions to Take:

  • Schedule regular check-ins with clients to review their cybersecurity practices.
  • Provide clients with resources and updates on the latest cybersecurity threats and how to protect against them.
  • Encourage clients to invest in reputable cybersecurity software and tools, such as antivirus programs, local firewall technologies on their computers, and secure password managers.

6. Create a Cybersecurity Plan for Clients

Having a comprehensive cybersecurity plan in place can help clients respond quickly and effectively in the event of a cyber incident. Financial advisors should advise their clients to develop and implement a personalized cybersecurity plan.

Components of a Cybersecurity Plan:

  • A list of all online accounts and the corresponding security measures in place.
  • Contact information for relevant financial institutions and cybersecurity support.
  • Steps to take in the event of a suspected security breach, including how to secure accounts and report the incident.

Advisors can discuss the client’s cybersecurity readiness during their annual review and offer support literature or referrals to clients who need help establishing their personal cybersecurity plan.


As a financial advisor, your role extends beyond managing your clients’ investments; it also includes safeguarding their financial well-being in a digital world fraught with cyber threats. By offering basic cybersecurity advice and implementing best practices such as strong passwords, passphrases, multifactor authentication, and education on scams, you can help protect your clients and their hard-earned money.

This is particularly important if you intend to transcend from the role of an investment manager to a trusted financial advisor. You not only enhance your value as a trusted advisor but also contribute to a safer financial environment for all by taking a proactive approach to your client’s cybersecurity. Encourage your clients to embrace these cybersecurity measures and work together to secure their financial future.

For more comprehensive guides and resources on cybersecurity for financial advisors, feel free to reach out or explore our latest offerings. Let’s make cybersecurity a priority and protect what matters most.

Subscribe to The Vantage Point Newsletter.

Join our newsletter to get topics like this delivered straight to your inbox every month!
Subscribe Now

Share this post