Security breaches are serious on any website, but particularly so on financial services websites.
Not only can they interrupt your digital marketing efforts (e.g. shutting down your Google AdWords campaigns), they can seriously undermine your clients’ trust in your brand as they try to access online portals and resources linked to/hosted on your website.
We’ve seen it happen to financial advisers and planners, as well as investment managers and other financial firms. Quite often, these incidents occur due to a failure to put adequate preventative measures in place well ahead of time.
In this article, we are therefore going to look at some of the ways you can protect your financial website and marketing from hackers and other malicious online threats.
Let’s start by outlining some of the main digital threats facing financial planners and other firms:
Common hacks used against IFA & financial websites
#1 DoS & DDoS
DoS refers to denial of service. It is a type of attack used by hackers to overwhelm the resources of a financial services website so that it can no longer function. DDoS works in a similar way (distributed denial of service), but the hacker uses multiple machines which host the malicious software.
Sometimes these attacks are intended simply to disrupt the user experience by shutting the website down. Other times, the aim is to overwhelm the website so that it is vulnerable to a more vicious attack.
#2 MitM attack
The way web browsing works, on a very simple level, goes a bit like this: You (the client) request information from a website by typing the name into your search browser.
This information is “served up” from a server (or computer) which hosts the website’s information, and communicated back to you via your browser.
A MitM attack (man in the middle attack) therefore involves a hacker “stepping in between” this communication process and serves incorrect or malicious info to the client and server, who believe they are still communicating with each other.
#3 Phishing & Spear Phishing
You almost certainly will have witnessed this at some point in your life. Phishing involves a hacker sending an email to you, pretending to be a legitimate company (e.g. your bank), in order to steal personal information from you such as credit card details.
There have been some real horror stories of financial advisers whose email accounts have been hacked, and clients have been tricked into sending hundreds of thousands of pounds to the hacker.
#4 Drive-by
Quite simply, a drive-by occurs when a hacker spots a weakness in the code of a financial services website and places a malicious script there. If someone then visits the website, this might place malware onto the visitor’s computer or re-direct them to another website controlled by the hacker(s).
How to prevent hacks/attacks on websites & marketing for financial services
If Google detects that there is malware on your financial website, then it will switch off your Google AdWords campaigns and potentially you could also lose valuable search engine rankings. As mentioned above, your website visitors (e.g. clients) are also put at risk.
So, it is vital that you resolve the issue as quickly as possible if it occurs, and that you take every reasonable measure to prevent such attacks in the future.
Here are some ways financial services websites can shield themselves from common security threats:
#1 Use security plugins
If your financial website is built on a platform like WordPress, then there a lot of useful plugins available to you which can help prevent cyber attacks. Many of them are also free.
For instance, using a “Captcha” plugin can help prevent brute force attacks. This requires users to resolve a mathematical equation or identify the contents of an image, prior to logging into the WordPress admin area or comments section of your blog.
At CreativeAdviser, we also like to use Cloudflare to protect our clients’ websites from DDoS attacks.
#2 Place your website on HTTPS
If you are a customer visiting an online shop, you probably know to look out for the green https symbol at the beginning of the website’s URL in the browser bar.
In 2018, Google Chrome has taken the extra step of warning people that a website is “insecure” if it does not have an https prefix. Financials services websites, therefore, need to urgently get onto https if they have not already done so, to avoid haemorrhaging client/prospect confidence in their online brand.
#3 Keep everything up to date
If your financial website is sitting on an old version of WordPress or using outdated software/coding, then you really need to consider investing in either updating your existing site or investing in a new design. Online threats are constantly evolving, and keeping your website up to date will help ensure that you are keeping up your online defences.
How to tell if you’ve been hacked
If you suspect that your financial website has been subjected to malicious activity, then it isn’t actually too hard to find out if there’s a problem.
First of all, access your Google Search Console account and check out the Manual Actions and Security Issues areas. If any of your URLs have been hacked, then Google should list them here.
Sometimes, however, your website can be hacked without Google realising it. This type of attack is called “cloaking”, and it involves serving up different information from your website to different users. For instance, you might visit your homepage and see a completely blank page. Another user might visit it, however, and see spammy code everywhere.
To be sure that you have not experienced a cloaking attack on your financial website, follow this useful troubleshooter by Google. It takes you through a useful step-by-step checking process.
