Email Phishing

Cyber Risk Series - Article 1

24 Feb Email Phishing

Posted at 12:46h in Risk Tips by

We get them every day. Phishing emails are nearly impossible to prevent from coming in, and alas, we are all human. Recently, an advisor at one of our insured’s email accounts was compromised after responding to a phishing message. The attacker used the account to send fraudulent emails to dozens of clients. While no funds or securities were lost, the incident led to painful, costly, and yet an unfortunately necessary chain of events. In cases like this, below are the commonly required immediate courses of action:

  1. Secure the compromised email account: reset passwords, revoke sessions, re-enable MFA, Etc.
  2. Notify the cyber insurer of the event (If insured)
  3. Hire forensic professionals to assess whether attackers accessed sensitive client data.
  4. Hire an attorney to determine what communication is necessary with affected clients, including whether credit monitoring is necessary.  Qualified attorneys will also make sure to consider regulatory requirements and documentation.
  5. Properly notify affected clients and offer credit monitoring where necessary. Keeping in mind that there are state-by-state rules that vary concerning this subject

Once the initial wave of response activity has subsided.  A review of the overall event and systems is critical.  Below are some key practices to consider implementing to avoid repeating the incident or ever having an event such as this occur with your firm:

  1. Review email security controls, including MFA and domain authentication. Mandate MFA for all email accounts.
  2. Strengthen phishing-awareness training and escalation procedures. Quarterly phishing simulations are recommended.
  3. Run vulnerability scans and penetration tests (at least annually).
  4. Conduct dark‑web monitoring for exposed credentials.
  5. Implement technical controls to protect email systems, such as advanced threat protection (ATP) for phishing/malware, conditional access rules (blocking risky geographies), and other encryption techniques.

At the risk of oversimplifying, if there is one thing to take away from this RiskTip, it is to mandate multifactor authentication (MFA) for all advisor email accounts (or anywhere that private client information is stored). This single action would have prevented over 90% of the cyber data breach claims that have come through our office.

By Brian Francetich – President & Partner

Golsan Scruggs is an insurance brokerage firm operating throughout the United States specializing in investment advisor E&O errors & omissions insurance (aka professional liability insurance) for RIA registered investment advisors. As one of the largest insurers of RIA firms in the U.S., we have a dedicated staff that understands the risks of the financial services industry and delivers superior results.  We make the underwriting process painless.

At Golsan Scruggs, we believe it is incumbent upon us to earn the right to be appointed as your insurance and risk-management agent. Our RIASURE process exists to serve that purpose.

Our RIASURE Review will analyze your fiduciary exposures, provide rate details and comparisons, and provide a contract comparison. No application required.

To obtain your complimentary RIASURE Review, please provide the following information or contact us at (800)273-5883. Fields marked with * are required.