Cybersecurity has been and continues to be one of the most vital issues advisors face today, particularly as AI becomes more prevalent. From phishing emails to social engineering scams, criminals are growing more sophisticated.

At the recent CFP® Connections Conference, I attended a breakout session hosted by Charles Schwab on Cybersecurity and Fraud Prevention, led by Adam Moseley, Director of Artificial Intelligence Consulting. The session focused on how advisory firms can strengthen their cybersecurity practices, as well as how advisors can help educate their clients, especially elderly or vulnerable investors, about protecting their personal and financial information.

The key message from the session was that a firm’s strongest defense isn’t just technology; it’s awareness, training, and a proactive security culture.

Here are the main takeaways from the session:

1.    Build a culture of cybersecurity awareness.

Advisors and their teams should view cybersecurity as part of the firm’s overall responsibility to clients, not just an IT task. Regular training, clear procedures for reporting suspicious activity, and ongoing communication with clients about safe online habits can make a significant difference.

2.    Verify everything, especially move-money requests.

One powerful reminder from the session was to “assume the disbursement request you just received is fraudulent, until you prove that it’s not.” Verbal confirmation of any transfer or withdrawal requests, especially from older clients, can prevent costly fraud. Encouraging clients to expect these verification calls also helps them understand it’s a protection measure, not a bother.

3.    Encourage strong passwords and authentication practices.

Helping clients set up password managers and use multi-factor authentication can dramatically reduce the risk of unauthorized access. Many elderly clients may not feel confident managing technology, so walking them through the process or providing a short guide can go a long way.

4.    Use secure methods for sharing data.

Advisors should always send sensitive information, such as account forms or tax documents, through encrypted email or a secure client portal. Encouraging clients and third-party vendors, such as lawyers and accountants, to use those same channels reinforces good habits and minimizes exposure to threats like email spoofing or phishing.

5.    Stay current on fraud trends.

Cyber threats evolve quickly. Advisors and their teams should make time to stay updated on common scams targeting investors. For older clients, scams often involve impersonating financial professionals or urgent “act now” messages. Knowing what’s out there allows you to warn and educate your clients proactively.

Bonus: Software Maintenance

This may seem like a simple and obvious course of action when incorporating cybersecurity best practices, but it doesn’t always happen. Software updates can take time, and when you log on to your computer, waiting an extra 15 to 30 minutes before starting work can feel inconvenient. However, according to Adam Moseley, most security incidents exploit vulnerabilities that are more than three months old. Keeping your systems up to date is one of the easiest and most effective ways to prevent security breaches.

Putting Best Practices into Action

To put the areas discussed during the session into action, you first need to have a cybersecurity policy that everyone is aware of and understands. Everyone who works at the firm has a part to play by following best practices, such as using secure systems, encrypted communication, and strong passwords.

During the session, one of the biggest culprits of violating the firm’s policy is when your clients and third-party vendors send you sensitive information through a non-secure email. When this happens, the best practice is to deny the email and have them send the data in accordance with your firm’s policy. This way, next time they send the data, they will send it in accordance with your firm’s policy, as they know that sensitive information will not be accepted next time.

This and other areas discussed during the session at the CFP® Connection Conference served as a great reminder that prevention begins with awareness, consistent habits, and effective communication.

When firms incorporate cybersecurity into their daily routines, from verifying client instructions to maintaining up-to-date software, they not only reduce risk but also strengthen client confidence. Taking these small, proactive steps helps ensure that both advisors and their clients can focus on what really matters: building and preserving financial well-being safely.