"I don't think there's a single greater threat to your organizations outside of email," Moseley said. "We don't hesitate to click a link, to open an attachment."
Ransomware, malicious links, social engineering and other common scams all come in via email, he explained.
One smart thing a financial advisor can do is hire an outside firm to send employees test spam, to see what they are opening or clicking when they shouldn't, he said. It helps firms see how to focus their efforts educating employees.
Be suspicious of any links or attachments in an email, Moseley said. If the email seems to be from a legit source, call the sender to make sure it's legit before clicking.
It also helps to rethink that information you're sending in emails, he said. Try to keep personal and sensitive data out of email altogether; if you must send it, look for a more secure method. For example, if you're reaching out to your financial advisor, many have secure client-access portals where you could submit that tax return or account statement.