As the financial industry advances in technology to increase efficiency and enhance client service, firms face a daunting risk of increased exposure to cybersecurity threats and attacks. The changes in how firms and clients use and interact through technology create a variety of new avenues for intrusion that must be proactively addressed.
Earlier this year FINRA issued its Report on Cybersecurity Practices, which suggests using a risk management method to cybersecurity, while noting there isn’t a one-size-fits-all method. The report reviews the results of an industry-wide cybersecurity examination and emphasizes the importance of protecting both investor and firm data. In addition, FINRA outlines effective practices to assist firms with their cybersecurity efforts by determining vulnerabilities in existing systems and analyzing and creating processes to manage risk.
Due to a consistent rise in the number of cybersecurity breaches taking place, advisors need to incorporate security management into their daily practice and ensure everything is being done to protect client and firm data. FINRA’s report provides a list of principles and best practices to guide advisors on cybersecurity and highlights eight key areas:
Senior-level management and board of director engagement and knowledge regarding cybersecurity issues is essential to the framework and success of your firm’s cybersecurity process. Involvement and commitment from leadership is critical for firms to achieve cybersecurity goals.
Every firm faces cybersecurity risk, no matter the size or business model. To understand your risk, be proactive by completing regularly scheduled risk assessments to identify both external and internal areas of vulnerability. If you don’t know if your system is flawless, a risk assessment is crucial.
Multiple security controls need to be implemented to protect software and hardware that stores and processes data. Select controls that are appropriate to your technology platform through identity and access management, data encryption, and penetration testing.
FINRA recommends that firms establish policies and procedures, assign roles and responsibilities, and test incident plans for responding to cybersecurity occurrences. FINRA also notes that while it is impossible to address every type of attack, a response plan should outline processes for several different scenarios.
Vendor Relationship Management
Cybersecurity risk that could arise from third-party service providers must be managed by performing due diligence throughout the relationship cycle. Utilize contractual agreements to establish processes for vendors who have access to sensitive data, client information, or firm systems. In addition, develop terms based on the sensitivity level of information the vendor has access.
Define cybersecurity training needs, training cycles, and deliver training to all team members based on your firm’s specific points of exposure. Each employee should have a full understanding of your risk assessment process, threat intelligence research, and the proper incident reporting procedures in the event a device is compromised or infected.
Increase Cyber Threat Intelligence
Assign responsibility for cybersecurity intelligence gathering and analysis. The collected data should then be utilized to recognize, discover, and respond to cybersecurity threats. Your firm should also implement an information sharing process to proactively secure measures that reduce security weaknesses and improve their ability to protect data.
Evaluate insurance coverage for cybersecurity-related events and pay close attention to policy coverages and exclusions. If you hold a cyber-insurance policy, conduct a periodic analysis to review the adequacy of coverage and the ability to reduce the potential impact to your financial statement in the event of an attack.
The Bottom Line
FINRA stated that the report does not create new legal requirements and included the following statement:
“FINRA expects firms to consider the principles and effective practices presented in this report as they develop or enhance their cybersecurity programs. FINRA will assess the adequacy of firms’ cybersecurity programs in light of the risks they face. This report is not intended to express any legal position, and does not create any new legal requirements or change any existing regulatory obligations.”
Financial advisors are taking cybersecurity seriously by implementing programs and procedures and analyzing systems to ensure that client and firm data is secure and well protected from lurking hackers.
Finding Your Niche in Two Steps
How to Deepen Relationships with Centers of Influence
How To Earn More Cake (And Fewer Crumbs) With Authority
5 Tips to Plan for Retirement in 10 Years or Less
How to Get Your Clients to Root for You
A Plastic Fork for a Planet: The Hard Truth of Disruptive Marketing
Trust Planning: It’s Not What You Leave Behind; It’s How
6 Ways to Branch Out as a Business
How to Get to the Core of Your Company’s Brand
Why Play Defense in Rising Emerging Markets?
High-Conviction Investing19 hours ago
Why Play Defense in Rising Emerging Markets?
Research20 hours ago
This Ultimate Formula Will Help You Avoid Dividend Cutters
Markets20 hours ago
What’s Going on with the Uber IPO, Anyway?
Strategies2 days ago
The Passive Bubble: Buybacks and ETFs
Development2 days ago
How Advisors Can Keep Their Motivation Going Long Term
Forward-Looking Investing2 days ago
When Did You Own Facebook?
Equities3 days ago
Development3 days ago
How to Get Your Network Working For You