Robert Howland on Cybersecurity in Client Advisory
Robert Howland on Cybersecurity in Client Advisory
Publish Date: 2026-06-10 00:00:00
Source Domain: www.investmentnews.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
Cybersecurity is often framed as a technology problem. In my experience, the biggest vulnerabilities rarely sit inside a server room
A single oversight can create exposure. Our firm employed a cybersecurity specialist who accidentally left a minor email setting unchecked and a bad actor spoofed one of our addresses.
No funds were lost, but the incident changed how I think about risk. A firm can follow nearly every best practice and still leave an opening. Most cybersecurity threats do not arrive as dramatic breaches but rather appear quietly inside ordinary business operations.
The weakest link is usually human behavior
Over time, a pattern became difficult to ignore. Nearly every cybersecurity issue in our office connected back to client behavior in some form.
Clients can click phishing links. Clients may download fraudulent applications. Clients might even respond to AI-generated voice scams that imitate family members.
One client received a phone call last week from AI software that perfectly replicated her son’s voice. Her “son” desperately needed money, saying he had been in a bad car accident and was at the hospital. Of course, none of this was true. And to add insult to injury, our client was already in the hospital with her own health issues when she received the fake call. Fortunately, her condition at the time and her unfamiliarity with Zelle delayed the transfer long enough for suspicion to emerge and the ruse to fall through without any real consequence.
The situation did not involve a traditional system failure. The experience revealed something broader: modern cybersecurity now depends as much on judgment as software protection.
Now I have changed how I approach cybersecurity inside the advisory relationship. Strong systems still matter, but client habits matter equally.
Onboarding is where security actually begins
The biggest operational change inside our firm involved onboarding and financial data collection. Early conversations with clients now include direct discussions about fraud and personal responsibility.
Many clients assume custodians automatically reimburse stolen funds. Many clients also underestimate how often fraud succeeds through emotional pressure rather than technical sophistication.
Verification procedures inside our office have also become more personal. Instead of relying entirely on identification methods, our team uses conversational checkpoints and personal references to help confirm identity.
Ongoing education has also become part of routine communication. Monthly portfolio updates frequently include short discussions about current scams or security concerns. We believe regular reminders create awareness long before a crisis occurs.
Convenience and security constantly compete
One of the hardest challenges in cybersecurity involves balancing protection with usability. Financial institutions continue adding passwords, authentication layers, and security restrictions. Additional safeguards often create new operational problems.
Adult children helping aging parents oftentimes lose account access because two-factor authentication remains tied to an inactive phone number or inaccessible device. Resolving the issue can take months during a time that already involves stress.
Situations like these require flexibility rather than blanket security policies. Reliable cybersecurity only works when designed around how clients actually behave.
Inside our practice, security procedures adapt to existing client habits whenever possible. If a client already uses a platform comfortably and safely, I prefer working within their environment instead of forcing an unfamiliar system. Security only works when clients can realistically follow the process.
When something goes wrong, the playbook changes
My first priority involves understanding the scope of the problem: where the issue originated, who may be affected, and whether additional exposure exists.
Immediately after my assessment, I contact the insurance provider, which may surprise some people, but cybersecurity insurers often possess broader experience than internal teams. Insurance carriers see patterns across thousands of incidents and are incentivized to resolve problems efficiently.
Cybersecurity incidents evolve quickly. The right response requires adaptability and clear communication rather than panic.
A new opportunity for advisors
Large financial institutions will continue investing heavily in infrastructure and cybersecurity technology. Many institutions, however, struggle to adapt security procedures to individual client behavior.
Independent advisors occupy a different position. We shape security practices around real client situations and communication patterns.
Helping a client securely transfer assets, structure access for aging parents, or recognize an impersonation scam no longer feels separate from financial advisory work. Cybersecurity conversations now sit directly beside portfolio management and estate planning.
