Above page content

    Site map  Cookie policy


Akademia short: Essential cyber security tips to keeping you safe

Recently, I took part in an Akademia short video, where experts give top tips in 15 minutes.

Young businessman working on his laptop in the office, select the icon security on the virtual display.

John Harrison

in Features


Criminal hackers are exploiting the Covid-19 pandemic, as mass homeworking has increased existing some system vulnerabilities and created new threats. Heightened geopolitical tensions have also sparked an increase in state-sponsored threats from rogue nations such as Russia, China and North Korea.

Recently our Head of Information & Cyber Security took part in an Akademia short video, where experts give top tips inside 15 minutes.



Here are my seven essential things every advisor needs to know to protect themselves and their clients.

  1. Two-factor authentication (‘2FA’)

2FA uses two pieces of information to prove (authenticate) your identity. Your password, ‘something you know’ is the first factor. The second factor will typically be ‘something you have’, like your mobile phone. After entering your username and password, a code is required before the account can be accessed. This might be within a text message or an app on the device. 2FA greatly reduces the likelihood of your account being hacked. Receiving an unexpected 2FA code also indicates your password has been compromised, so you can immediately change it. 2FA is free and straightforward. Activate it for important accounts, starting with email and any cloud services.

  1. E-mail and cloud

An email account is an attractive target. Hacking it allows criminals to reset other online account passwords, impersonate you, amend emails, activate auto-forwarding (so they receive a copy of emails you send or receive), and phish your contacts. Your cloud service accounts, e.g. Office365, are a close second. Use 2FA for your email accounts and cloud services. Change each account password to something unique, long (>15 characters) strong (three random words with some numbers and symbols). Never reuse an email or cloud password; criminals have tools that automatically try one compromised password with other popular online accounts.

  1. Insecure email

The global internet is a public network. Standard email is insecure: it can be read or intercepted. Increasingly, financial services clients email accounts are being hacked. Consider offering clients a secure message portal to avoid the risks associated with email. Crucially, and unlike email, a secure message does not traverse the public internet. Alternatively, consider a secure email service, which encrypts (scrambles) an email so only the intended recipient, who has the decryption password, can read it. Another option is to place the information in a Word or Excel document, create a document password, and then attach the document to a blank email. Only share the password with the client using another method, e.g. in person.

  1. Robust operating procedures

Simple, strong procedures will protect your firm and your clients. Examples include always calling the client using a number on file in response to an email instruction. Train staff regularly and consider testing how well staff adhere to the procedures.

  1. Zero trust

People tend to trust unexpected emails, text messages and phone calls until their suspicions are aroused. Firms can protect themselves and their clients by instead adopting a zero-trust mindset, when emails, text messages or phone calls are not believed until proven genuine. Independently, verify the sender by, for example, contacting them using details obtained from a search engine or web site.

  1. Vigilance at home

It is understandable for staff to feel safe and secure when working at home, and to think cyberattacks will only happen back in the office. This is not true, with numerous recent reports of firms suffering attacks after staff succumbed to a phish. Bogus emails from senior staff (‘CEO fraud’), malicious conference call invitations, and Covid-19 phish are commonplace. Continually updated staff training – and examples of the latest criminal techniques – can reduce the likelihood, but the risk from phishing will never be eliminated. Subscribing to a simulated phishing service can maintain staff vigilance in every location, as they will know they might be tested anytime.

  1. Prioritise protection

Financial professionals naturally want to protect the client relationship. However, unusual requests, behaviour or transactions might indicate a compromised client. Avoid the desire for client goodwill overriding sound judgement. A client may initially react negatively to your persistence, but if that transaction transpires to be fraudulent, the client will quickly welcome your tenacity.

Get in touch

Find out more

Our focus on clients has endured since the foundation of Charles Stanley in 1792 and has helped make us one of the UK's leading wealth management firms. Your interests give shape to everything we do.

Please call us to talk about your circumstances or complete the enquiry form.

020 3797 1783

Make an enquiry

If you have some questions we'd be happy to help.

Get in touch

Coronavirus (COVID-19)

Our latest information

Stay updated

Subscribe to our weekly email newsletter.

Subscribe here

Local Office

Your local office

Your local Charles Stanley office can help advise you on a wide range of investment management services.

Select an office


Newsletter banner signup