3 Tips for Enhancing Your Firm’s Cybersecurity Readiness
After witnessing massive cybersecurity breaches at companies such as Adobe, Target, Home Depot, Sony, Experian and JPMorgan over the past four years, wealth management firms, like members of many other industries, have ramped up efforts to protect sensitive client information from hackers.
I work with financial advisors, family offices, broker-dealers and asset managers across the U.S. to create cybersecurity and IT solutions that meet their business and compliance needs, and based on what I have seen, many wealth managers do have solid cybersecurity measures in place.
The problem isn’t that they don’t have a cybersecurity plan—the problem is that not every staff member follows all the steps in the cybersecurity plan, or even knows to do so. This is important, because during SEC regulatory audits, the examiner doesn’t just want to see that you have all the necessary tools to protect sensitive financial information. They also want to make sure you and all your team members actually know how to use them, and regularly test them.
Below are three tips on best practices for enhancing your firm’s cybersecurity readiness to protect your clients’ sensitive financial data as the threat of cyber-attacks continues to increase.
1. Universal Adherence is Key
In this day and age, all it takes for your firm to experience a reputation-damaging and costly data breach is one employee losing a company mobile device that isn’t password-protected. To truly protect your clients and your firm, all cybersecurity procedures must be followed by every employee.
I can’t tell you how many times I’ve heard an advisory firm’s chief compliance officer or chief IT officer say, “Well, we tell people to do something, but so and so is a managing director and he doesn’t want to do it, and we can’t force him to do it.”
This excuse won’t pacify investors when their personal information is stolen by hackers. It won’t pacify SEC examiners during audits either.
Unfortunately, I’ve seen more than a few 40-person advisory firms where 38 employees utilize two-factor authentication to protect their devices. More often than not, the two holdouts who refuse to use two-factor authentication are senior advisors who wind up putting the entire company, and all its clients, in jeopardy, because they have access to everything in the system.
Cybersecurity processes need to be universally followed across your organization in order to be effective. Your cybersecurity protocols are rendered ineffective if even one person ignores them.
2. Make Sure Your Cybersecurity Policies are Easy to Understand, and Require Cybersecurity Training for All Employees
Drafting firm-wide cybersecurity policies is important, but in order for all employees to follow them, those policies need to be able to be understood by all team members. Don’t write your cybersecurity protocols in legalese; compile them in a handbook similar to the easy-to-understand employee handbook distributed by your human resources department.
Also, don’t just give out your cybersecurity handbook—you should hold regular security awareness and training sessions to ensure that all employees really understand what’s written in it.
Think of this as the cybersecurity equivalent of inside-trading awareness. If you don’t hold educational seminars about security on at least a quarterly basis, then you can’t make your employees aware of what constitutes a breach of cybersecurity protocol. Also, hackers are consistently developing new ways to thwart cybersecurity protections—and if your employees aren’t aware of these new threats, they may click on a link or open an attachment with the latest malware.
After all, no hacker is attacking companies by breaking through firewalls anymore. That’s only in the movies. Today, every cyber-attack is socially engineered—in other words, the hacker managed to trick the employee. This is why security awareness training is so important.
3. Embrace The Cloud
The cloud offers unlimited, secure storage for data and documents. But too many members of the wealth management industry are afraid to embrace cloud computing solutions. I often hear from wealth managers, “If I put my firm in a cloud, then that makes my firm a much bigger target and puts our clients at greater risk.”
This isn’t true. Even FINRA, one of the regulators that monitors RIAs and broker-dealers for compliance with cybersecurity requirements, utilizes cloud computing solutions to securely and efficiently process the innumerable daily transactions on its plate.
Wealth management firms that lack the financial and technological resources to implement and monitor cloud-based solutions can partner with an outside IT provider to do so. Such a partner should be able to consolidate all the apps, data and documents across your organization into a centralized digital portal, and make seamless updates to compliance and cybersecurity features as new regulations and threats develop.
Outside IT providers can also assist you with managing all mobile devices across your organization, ensuring that all activity is securely logged for audit trails and that all employees are following your cybersecurity protocols—and giving you more time to focus on running your business and servicing your clients.
Justin Kapahi is Vice President of Solutions and Security at External IT, which provides the workplace wealth_ solution, a secure digital hub designed to help financial services organizations operate more efficiently and manage all their compliance and cybersecurity needs as they grow.
Most Read IRIS Articles of the Week: Feb 19-23
Here’s a look at the Top 11 Most Viewed Articles of the Week on IRIS.xyz, Feb 19-23, 2018
Click the headline to read the full article. Enjoy!
I’d like to introduce you to Peggy. Born in 1956, Peggy will be 62 in 2018. She has worked in retail her whole life, the past twenty-five years spent in management. Peggy divorced from her husband 14 years ago, is still single and has no children. — Dana Anspach
This week the markets shrugged off last week’s fears and went back to the slow and steady melt up, despite economic news that looked likely to once again rock the boat. — Lenore Elle Hawkins
Themes established in 2017 across a wide range of markets and factors continued to resonate through the fourth quarter. Economic growth was strong and supportive of equity markets across the globe, a range of volatility measures reached all-time lows, and business and consumer sentiment remained elevated. — Yazann Romahi and Garrett Norman
Advisors and investors that feel they are hearing more and more about commodities and the corresponding exchange traded products in recent months are right. That is a natural result of dollar weakness and yes, the greenback is floundering again in 2018. — Tom Lydon
As the industry works to cope with new regulation, wades through an outpouring of new products, learns to satisfy investors’ shifting priorities and manages the active-passive debate, the viability of business units will be questioned, and at times radical measures will be taken. — Peter Hopkins
My hope is that this article points out some opportunities for you to make more money and serve your clients at a higher level and that you decide to do something about it. — Bill Bachrach
Whether the market is flying high or taunting your emotions with new lows and some bumpy volatility, here are four things every investor should keep in mind ... — Lauren Klein
Why financial advisors NEED to understand much more clearly the power of good digital market. With tools like AdvisorStream, it’s easier than ever to get the content you need to drive leads and referrals today! — Kirk Lowe and Matt Halloran
How do some firms and ideas go from nowhere to everywhere in a few short months? All of a sudden a restaurant becomes popular, a gas station gains a cult following, or a Broadway show becomes too popular to get a ticket for years. — Maribeth Kuzmeski
"Worldwide, $27.4 billion poured into fintech startups in 2017, Accenture reports, up 18% from 2016. With so much in play, it’s not surprising that 22 companies are new on this, the third edition of our list." — Chris Skinner
Many sensational headlines have been written the past few weeks about market declines, but two things have increased for sure: the viewership and the ad revenues of financial media organizations — Preston McSwain
- 1 of 2494