HackTalk is a long-running monthly podcast with Horsesmouth Editor-in-Chief Sean Bailey and Associate Editor Devin Kropp, co-authors of Hack-Proof Your Life Now!, which covers the latest cybersecurity threats and issues advisors need to know to protect themselves and their clients. Here are highlights from a recent HackTalk conversation.
Key takeaways from the article:
- While most users view software updates as annoying interruptions, cybersecurity experts consistently rank regular software updates as their top security practice.
- A recent Microsoft security patch addressed over 100 different vulnerabilities, demonstrating the scale of potential security risks in unpatched software.
- Hackers actively exploit known vulnerabilities in the period between when updates are released and when users install them, making delayed updates particularly dangerous.
- Financial advisory firms face unique risks from unpatched systems, as vulnerabilities can expose sensitive client financial information and potentially violate regulatory requirements.
- Automatic updates, scheduled during off-hours, represent the best practice for maintaining security while minimizing business disruption.
- Every firm should maintain a complete inventory of all software requiring updates, including operating systems, financial planning software, client relationship management systems, and mobile devices.
- Regular data backups are essential before performing major software updates, and these backup systems should be tested regularly.
- Staff training on update procedures and verification protocols is crucial for maintaining consistent security practices across the organization.
- Proactive client communication about security measures, including software update policies, can build trust and demonstrate professional diligence.
- The cybersecurity threat landscape continues to evolve, with new challenges emerging from AI and other advancing technologies, making regular updates increasingly critical.
Why software updates are needed
When was the last time you clicked “Remind Me Later” on a software update notification? If you’re like most financial advisors, probably within the last 24 hours. That decision—to postpone what seems like a routine maintenance task—could be the biggest security risk your practice faces today.
For financial advisors managing millions in client assets, cybersecurity often brings to mind sophisticated firewalls, encryption protocols, and artificial intelligence defenses. Yet according to cybersecurity experts, one of the most critical security measures is something most people routinely dismiss: software updates.
The disconnect between what security professionals recommend and what typical users actually do is striking, says Devin. When she and Sean worked on their book, they talked to security experts about what they do to protect themselves. Regularly the answer: Keep my software up to date.
Devin: “That is the most important thing people should do to keep themselves safe, which I think is just so ironic because most people don’t even look at the software update as an aspect of cybersecurity.”
The critical security layer
What appears as a routine update notification often masks crucial security patches.
Devin: “While there may be some design updates in it or new features added when we update our software, things like our browser, our operating system, Microsoft, the real reason those companies are issuing these updates is because of some security vulnerability that they’ve identified or that might even be being exploited actively by hackers and they release these patches so we can patch that software up and keep our devices safe from these kinds of hacks that people will take advantage of to get into that software and then into your device, into your network.”
The scope of these security patches can be substantial. Recent evidence demonstrates the scale of the threat.
Devin: “Microsoft this past month had a security patch that closed over a hundred different vulnerabilities across its software... Where I think this month in Microsoft for example, in an Internet Explorer, there was a vulnerability that was actually being exploited actively where hackers could, once they tricked you into viewing malicious websites on your browser, it looked real, got you to click on links, and then malware was being installed on your machine behind the scenes.”
An evolving threat landscape
For financial advisory firms, where client data protection is paramount, understanding the dynamic nature of cyber threats is crucial.
Devin: “We see this all the time with cybersecurity as kind of like this game where we come up with a security, but at the same time the hackers are trying to figure out a way to exploit that new security level that we’ve placed. And so, there’s always evolving threats that are working and the software is doing its best to keep you protected. But there’s always going to be someone who figures out, especially now with how efficient hackers can be at testing software.”
For financial advisors, treating software updates as a fundamental security measure rather than an inconvenience is crucial. With client trust and assets at stake, maintaining updated systems isn’t just good practice—it’s an essential component of fiduciary responsibility.
Remember: Every postponed update represents a known vulnerability in your firm’s cybersecurity defense. In an era where cyber threats continue to evolve, staying current with software updates is one of your most effective protections against potential breaches.
Best practices for financial advisory firms
- Implement automatic updates
- Enable automatic updates for all critical systems
- Schedule updates during off-hours
- Create verification protocols for successful updates
- Establish update policies
- Document update procedures
- Create response protocols for emergency patches
- Maintain update logs for compliance purposes
- Protect your data
- Implement robust backup systems
- Test backups regularly
- Maintain redundant systems for critical operations
- Train your staff
- Create update awareness programs
- Establish clear update procedures
- Monitor compliance with update policies
- Communicate with your clients
- Document security measures for clients
- Communicate security protocols proactively
- Provide guidance on personal cybersecurity
- Include software update policies in security documentation