Map out cybersecurity processes

SMSF cyber-security

SMSF advisers and trustees must be clear about what cyber-security processes are in place and should not merely accept them on face value.

SMSF advisers must give greater consideration to the cyber-security of the systems they use to engage with clients, while trustees should ensure the methods they use to transact funds are also safe, according to an advice-focused cyber-security agency.

The Cyber Collective founder Fraser Jack said financial advisers already have obligations under law, but the prevalence of SMSF corporate trustees places the directors under the Corporations Act and so the security guidance provided by the Australian Securities and Investments Commission (ASIC) also applies to them.

“In regards to cyber-security, advisers can lean into this and have a statement around what they do and a policy around how they hold and process data,” Jack told selfmanagedsuper.

“The statement and policy can state ‘we the advice practice knows what it does with that information and the extra lengths it takes to protect client data’.

“It should also ask if clients are doing the same thing at their end because they can be sought after targets for cyber-criminals.”

He added trustees should be seeking similar assurances from third-party service providers.

“When it comes to trustees, they should be asking whoever is in their supply chain and doing work for them for any information or a statement outlining the steps they go to protect information,” he said.

He said trustees and directors should be seeking information to ask questions around cyber-security and also be aware that if they get hacked at home and members’ data is breached, they are obligated to report this and may be prosecuted by ASIC.

“The increase in cyber-security threats puts more risk on SMSF trustees around the transfer of funds and there has been a strong reliance on emails, but they should be aware of social engineering and phishing attacks, which can wait inside an email chain to access details such as bank accounts,” he said.

“As such, trustees should adopt things like two-factor authentication so if there is a transfer of money, it needs to be a layer of confirmation outside of email, which should be considered as an unsecured network.”

Jack, who was previously a financial adviser and most recently host of the XY Adviser financial advice podcast, launched The Cyber Collective two months ago in an effort to provide cyber-protection solutions usually available to larger firms to small and medium advice practices.

He said advice practitioners, offering financial planning, accounting and mortgage broking services, will be able to create their own security package dependent on their needs and then have that package implemented via The Cyber Collective.

“A financial advice business is around 300 times more likely to be targeted than any other business and they keep way more information on record — from bank accounts and medical records to superannuation and tax returns — than your average business,” he said.

Copyright © SMS Magazine 2024

ABN 43 564 725 109

Benchmark Media

Site design Red Cloud Digital