Diamonds in the Digital Age: Safeguarding Your Practice's Most Valuable Asset

In our recent interview with cybersecurity expert Fraser Jack, we explored the critical aspects of data security for financial advice practices. Best practices include proper due diligence when selecting technology partners, implementing cyber insurance, training team members, and having response plans in place for potential data breaches.

Safeguarding Your Practice's Most Valuable Asset

When it comes to the security of your practice's data, few understand the landscape better than Fraser Jack.

With an extensive background in financial advice and advice tech, Fraser now specialises in helping professional service firms navigate the increasingly complex world of cybersecurity.

Our conversation with Fraser revealed insights that every advice practice should consider, regardless of size or stage.

Your Clients' Data: Worth More Than Gold

"I like to use the analogy of a diamond," Fraser shared during our interview. "That data is very precious, and the lifetime value of a client is often that of gold or a diamond. We should be treating that data like we're looking after that client's gold or diamonds."

This perspective shifts how we think about data protection. Fraser asked us to consider: if you were physically holding your clients' diamonds, how would you protect them? You certainly wouldn't leave them in your mailbox, send them through standard post, or leave them sitting around unattended.

He encourages practices to think about data in two states:

• Data at rest - stored securely in your "vault"
• Data in transit - being moved between locations

"How long is it in transit for, and are we leaving it in transit? Are we leaving it in that place of limbo all the time?" Fraser questioned, highlighting the importance of securely moving client information and ensuring it reaches a protected destination.

Beyond the Tech: Security as a Human Challenge

Perhaps the most significant "blind spot" Fraser identified is assuming cybersecurity is purely a technology problem.

"If the technology is safe, then I'm safe. I think that's probably the biggest blind spot we see," he noted. "The assumption that 'my IT team have got this under control' and that concept of not knowing what they don't know at this point."

The reality? "95 percent or 19 out of 20 incidents all involve a human," Fraser explained. "We spend 95 percent of the budget on technology, and 95 percent of the issues are team members not being trained."

This isn't about blaming staff, but recognising that security requires a cultural shift in how everyone in your practice approaches technology and data handling.

Due Diligence for Technology Partners

With the proliferation of third-party platforms and services available to advisers, conducting proper due diligence has never been more important.

Fraser recommends approaching technology evaluation the way a bank would:

1. Look for security standards and trust centres on providers' websites
2. Ask specific questions about data retention, encryption, and security protocols
3. Understand how client data flows through the system
4. Document your decision-making process

"I would say to businesses that you should be looking on their website for their trust centre or looking on their website for their security standards that they adhere to," Fraser advised. "If they're not there, ask about the security standards as part of the process before making that decision."

He also suggests maintaining an "approved product list" for technology—similar to an investment APL—based on thorough security assessments.

The AI Security Equation

The rapid advancement of AI creates both opportunities and challenges in the cybersecurity landscape. "The artificial intelligence space is coming up with new ways of hacking you all the time. And then automating it," Fraser warned. "There is a hugely increased level of risk in the cybersecurity space that AI has generated."

These risks include more sophisticated phishing attempts, deepfakes, and AI-generated voice scams—all of which can target financial advisers and their clients. However, AI also plays a critical role in defence.

The key is ensuring your practice partners with technology providers who prioritise security in their AI implementations.

When (Not If) a Data Breach Occurs

Fraser is direct about the reality of data breaches: "It's going to happen to every advice firm. It's not if, it's when."

When a breach occurs, a practice faces a chaotic, emotional situation where logical thinking can be difficult.

Having a prepared response plan is critical, including:

• Immediate contact with your cyber insurance provider
• Engagement with experienced cyber lawyers
• Communication plans for clients, team members, and potential media
• Reporting to regulatory bodies within required timeframes

"Because there are so many different things going on at the same time, it's very difficult for a business owner to manage that process logically," Fraser explained.

Fraser's Top Three Security Tips

1. Take action - "Just because you know something doesn't mean you actually apply it."
2. Security is more than just technology - Budget for insurance, team training, and compliance documentation, not just tech solutions.
3. Tech expertise ≠ security expertise - "Just because somebody is in tech doesn't mean that they're looking at security. They're different mindsets."

Securing Your Practice's Future with Claras

At Claras, we've built our platform with these security principles at its core.

As an Australian company with local support, we understand the unique needs of financial advice practices here. Our approach to security includes:

• Australia-based data storage - Your client data remains hosted on servers within Australia
• PII anonymisation - Sensitive client information is automatically redacted before AI processing, so it doesn't get shared
• Multi-factor authentication - Supporting your practice's security policies
• Encryption - All data encrypted at rest and in transit using industry-standard protocols

Like Fraser's diamond analogy, we treat your clients' information as the precious asset it is, providing you with the tools to create detailed file notes while maintaining the highest security standards.

Whether you're looking to streamline your compliance documentation, improve team productivity, or enhance client communication, Claras offers the security foundation that allows your practice to thrive in today's digital landscape.

• Visit our Trust Centre
• Our commitment to data security and privacy
• Sign up for a free trial