November 3rd, 2020 · 3 min read
Understanding the importance of cybersecurity as a Financial Advisor is extremely important because data breaches are attempted all day, every day. According to Fa-Mag.com, in 2019, there were 4.1 billion personal records exposed, 3,800 publicly disclosed record breaches; that’s an increase of 54% reported in the first six months of 2018. This type of deception affects all industries. The financial sector is highly targeted due to the kind of data that they store. In 2019 Capital One got hit hard and the result was 106 million records being accessed. As a financial advisor, it is crucial to be aware of and prepared for cybersecurity attacks.
According to the FBI, in 2018, $2.7 billion dollars were lost due to cybercrime. It’s not just about the money because clients lose their sense of security and trust as well. This type of loss is generally not something a financial company can recover.
The Securities and Exchange Commission and U.S. state securities regulators are starting to pressure financial advisors’ cybersecurity practices. Along with regular inspections, the SEC is performing cybersecurity examinations. Firms are getting fined if they don’t keep client data safe. In 2017 the SEC fined Voya Financial Advisors $1 million due to a data breach that allowed their customers personal information to be compromised.
The Security Industry and Financial Markets Association offers financial firms and government regulators the ability to have simulations of real cyber type attacks. There are Cybersecurity certifications in the works for firms and advisors. The Systems and Organization Controls certificate that the American Institute of Certified Public Accounts has developed a cybersecurity certification that validates a firm’s administration, technical, and physical controls as they pertain to cybersecurity.
Building Cybersecurity Strategies
Cybersecurity is not a one and done type of purchase. The cost is ongoing as the technology and regulations continue to change, so do clients and firms’ security needs.
Continue to Train and Develop Procedures
Your staff is your first line of defense. Cybersecurity prevention is best done by educating your employees to recognize incoming threats and know what to do about them. Aside from the apparent general cybersecurity certifications, continue to educate in-house on best practices and how to spot a cyberattack or wire fraud attempt. Hackers rely on human error and laziness to get through, so make your team strong, arm them with knowledge and procedures. Staff training is as necessary if not more important than the technological solutions themselves. Continue to update firm guidelines and processes to cover the latest technologies.
__Review Vendors Often __
According to the SEC, 63% of data breaches begin because of third-party vendors’ vulnerability. These vendors are often overlooked as potential cybersecurity threats. Only 52% of firms have any formalized security practice in place for vendors. It would be best if you asked your vendors about their cybersecurity plans, vulnerability testing, and protocols for data breaches. Your technology vendors should have completely separate hosted environments across many data centers, use the best encryption and data masking on the market, and be able to explain how they regularly test or audit these practices. Know your vendor’s physical security controls such as 24/7 video surveillance, backup power that complies with standards like Tier IV, SOC 2, or ISO 27001.
Have Electronic Communication Rules Established
When a hacker emails a target from a known sender, uses personal information they found on public profiles or websites, and trick the victim into giving sensitive information or money, this is called Phishing. These are the most common type of cybersecurity breaches, as well as the easiest type to prevent. It is crucial to have protocols for protecting client records, such as social media guidelines, remote access rules, or customer information best practices. The SEC has recorded many instances of employees storing customer information on personal laptops with hardly any security. Use two-factor authentication anytime it is available, especially when a client is trying to access funds. Cloud and account hacking is the end game for most of these hackers. Cybersecurity is a huge concern since most businesses are using mobile devices, home offices, and public WIFI options. The type of internet access a company would typically purchase has many more security features than someone’s home WIFI. It’s no secret the financial sector is a target for phishing scams and man-in-the-middle attacks (traffic getting intercepted and altered through risky hotspots or public Wi-Fi networks). According to fa-mag.com Wandera stated that 57% more phishing attacks target the financial sector than the 42% cross-industry total.
Perform Vulnerability Tests
Make sure to test any written procedures quarterly to check for breaches or weaknesses. The SEC provides tests you can use, but it is highly recommended to perform your own testing and use those offered by the SEC. Make sure to use as many realistic scenarios as possible. Engage employees in the process so that they can alert the company if they come across vulnerabilities.