Mobile devices have made it possible for financial advisors, and professionals in a wide variety of other industries, to seamlessly conduct business and engage with clients in any location, and at any time, outside the office. But while laptops, iPads, and smartphones have enabled advisors to complete work and collaborate with colleagues and clients from home and on the road, these mobile devices can also increase the risk of security breaches if they are not properly secured and monitored.
One misplaced or stolen mobile device, or password, is all it takes for hackers to access clients’ sensitive financial information. Advisory practices whose data is compromised can not only face regulatory scrutiny and fines, but also permanent damage to their reputations which could put their very survival in the industry in jeopardy.
However, advisors don’t need to sacrifice convenience for effective cybersecurity. Below are tips that advisors can follow to make sure all data, documents, and emails on their firm-approved mobile devices are secured against hackers.
1. Implement Multi-Factor Authentication & Other Security Controls on All Mobile Devices
Cyber-criminals, along with the technology systems they seek to infiltrate, are becoming more and more sophisticated. So, needless to say, it shouldn’t be easy for them to figure out a mobile device’s password. Unfortunately, hackers are quite crafty, so advisors need to add an extra layer of protection to their firms’ mobile devices by implementing two-factor authentication. This authentication process requires users to enter a standard password in addition to a one-time code that can’t be entered again when they connect from unrecognizable devices.
Advisors can further secure their firm’s mobile devices by rolling out security controls that enable certain authorized users, as opposed to all practice employees, to access client data. These controls ensure that only select employees can download, copy, forward, or print sensitive information from their devices.
2. Develop a Firm-Wide Cybersecurity Policy with Clearly Defined Roles for Employees
No wealth management practice can adequately protect client data if its employees are unaware of the measures they need to take. Advisors need to draft a firm-wide cybersecurity policy outlining how both mobile and desktop devices are to be secured, and the roles that each employee and division must take on in order to ensure all data, documents, applications, and systems are safeguarded.
To be effective, cybersecurity policies must be written in plain English as opposed to legalese, and should be updated as new cybersecurity threats and regulations emerge. Advisors should hold regular company meetings to review firm cybersecurity protocols with employees, and also discuss any updates so that employees understand them clearly.
Cybersecurity policies should also include crisis response plans for advisory practices to execute in the event of a successful cyber-attack. Like cybersecurity protocols for mobile and desktop devices, these plans should be reviewed with some frequency so that employees and teams fully understand the role they must play in all crisis response processes. Company-wide crisis response rehearsals should be held at least twice a year so that wealth management firms and their employees can seamlessly spring into action if a breach occurs.
3. Identify Security Vulnerabilities in IT Infrastructure & Update Legacy Systems Accordingly
After drafting a firm-wide cybersecurity policy, advisors should sit down with their internal management and IT teams to identify vulnerabilities within their existing IT infrastructure that would prevent security protocols from being effective, especially when it comes to securing mobile devices. Advisors can also bring in an outside IT and/or cybersecurity consultant to assess the adequacy of their current software and systems to protect against cyber-attacks.
Any security vulnerabilities that advisors identify should be addressed as quickly as possible given the irreparable damage that a breach can bring. This may involve making updates to legacy systems that advisory firms have relied upon for decades. Some advisors may be reluctant to make changes to legacy systems because of the amount of time they’ve used them, but at a time when cyber-attacks continue to generate headlines, it is absolutely necessary.
4. Consider an Outsourced, Streamlined IT Solution that specializes in RIAs
On the other hand, advisors may find an outsourced IT solution consolidating all data, applications, and documents across their practices into a single, secure, and compliant cloud-based hub to be a safer and more efficient alternative over the long term. By using a consolidated digital hub, advisors can access their company resources securely from any mobile device. They would also be able to track all of their activities, and where their data is being used and downloaded. These solutions are designed by experts in technology, cybersecurity, and financial services, so cybersecurity updates can be rolled out quickly as new cyber-threats and regulations surface.
In some cases, the management teams at advisory firms spend half of their time dealing with IT and cybersecurity issues. If they had the peace of mind that comes from knowing that an outside IT expert is monitoring mobile devices to ensure they are secure, they could devote much more time to their core responsibilities—servicing clients and helping them achieve their financial goals.