Retire Well

How to vet your financial advisor's cybersecurity savvy

How to protect your personal data
How to protect your personal data

You might trust your financial advisor with your money, but what about your personal information? A breach of the latter can be damaging for your financial future.

Only four in 10 financial advisors say they fully understand the issues and risks around cybersecurity, and 29 percent say they are fully prepared to manage and mitigate those risks, according to a report from the Financial Planning Association's Research and Practice Institute. The survey polled 1,015 financial advisors nationwide during July 2016, with a margin of error of plus or minus 3.07 percentage points.

Questions to ask

To find out how he or she protects your data, ask your financial advisor these pertinent questions.

Where will my data be stored — and who will have access to it? The more places your data is stored and the more people who have access to it, the more potential points of access an attacker has, Hitesh Sheth, president and CEO of security software provider Vectra Networks, told last month. Encrypted databases don't mean much if the advisor takes work home on an unencrypted thumb drive or an assistant in the office falls for a phishing email.

Keep in mind that the threat may be physical rather than digital when, for example, the advisor prints copies of your documents or takes paper notes during your meetings and phone calls.

What happens to my data after our relationship ends? It's a good idea to know what will happen to your data after you're no longer a client, Kurt Roemer, chief security strategist at software company Citrix, told The firm should have policies for safely disposing a former client's data, as well as a succession plan if the advisor retires, switches firms or passes away.

Having email passwords cracked is a fairly common issue for all of us. We don't want to put our financial lives in jeopardy because we didn't make some commonsense decisions up front.
Matt Rodgers
head of product for E8 Security

Proactive steps

It's smart for you to take steps to secure your data, too.

Don't overshare. Depending on why you hired an advisor — creating a financial plan versus managing your portfolio — sharing info such as your Social Security or account numbers might not be necessary. If you're sending account statements or tax returns, black out such personal information, said Matt Rodgers, head of product for E8 Security, a cybersecurity analytics firm. Don't be afraid to question the need for such data.

"Ask, 'Why do you need this? What are you going to use it for?'" he said.

Secure data transmissions. "As much as can be kept off of email, the better," said Mike Patterson, vice president of strategy for consulting firm Rook Security.

More from Retire Well:
Preparing for the unexpected: Give yourself an insurance checkup
Is an annuity right for you?
Nearly retired? Ask 3 questions to keep your money safe

Either party's email could be the target of an attack, multiplying the risk of sensitive personal information falling into the wrong hands, he said. Use a secure file-transfer service, or if the firm has one, a secure client-access portal.

Set up communication protocols. Agree up front with your advisor on how you'll handle any important communication or account instruction, said Rodgers. (He and his advisor, for example, have agreed that his advisor will email, asking Rodgers to call the office.) That kind of setup prevents an attacker with access to either party's email from gaining access to more financial information — or cash.

"Having email passwords cracked is a fairly common issue for all of us," he said. "We don't want to put our financial lives in jeopardy because we didn't make some commonsense decisions up front."