Financial Advisor IQ – Think Like a Hacker, Protect Like a Bodyguard
December 2016
By Grace Williams
December 1, 2016
You wouldn’t intentionally leave your wallet on a table and walk away, yet when it comes to sensitive client information, advisors run the risk of committing similar acts. According to a newly-released study by RIA software developer RightSize Solutions, businesses looking to join the 21st century face very real cybersecurity threats.
The survey presents 10 tips for financial advisors that run the gamut of what to do to protect your clients and your business, from password protocol to cybersecurity training and frequent IT protocol handbook refresher courses at a time when the need to step up security efforts could not be more pressing.
From a regulatory standpoint, the need to ensure that sensitive client information is safe is about to intensify with advisors doing more of the heavy lifting. Right Size Solutions reports that financial regulators are working to switch cybersecurity accountability to financial advisors. Further, “Advisors have the opportunity to be proactive and be ahead of the game rather than being reactive when new regulation comes down.”
One easy step firms can take right away, according to Steven Grossman, VP of strategy and enablement for Bay Dynamics, a maker of security software and platforms, is to search for existing vulnerabilities firm wide.
“A lot of the new regulations coming out [are helped by] encryption, backing up data, creating new passwords,” he says in an interview with FA-IQ. “But the key is to make it automated, easy, and to make sure that everyone is operating in an informed, secure way.”
One additional measure Grossman advises is controlling what websites employees use on company time. In addition, looking for easier ways to provide encryption and security measures can go a long way. But one key component is ensuring protocol is in place.
“It can take up to six months to set up a server and a business doesn’t want to wait,” he says. “[It comes down to] everyone working together to secure the environment.”
Security is more than a gesture of good faith to your clients: it’s a necessity. Right Size Solutions reports that in 2015 there were 22 known cybersecurity breaches every second, which translates to 1.8 million breaches daily. Further daunting information comes from EY, which reports in its Global Information Security Survey that nine out of 10 organizations don’t believe their cybersecurity measures fully meet their firms’ needs.
The bad news is that fraudsters have become more sophisticated in the quest to root out sensitive information. The good news is that protecting information is not super complicated. For example, this past September, Charles Schwab unveiled a suite of resources and tools for its RIAs that help them stay ahead of and potentially thwart ongoing cyberthreats.
Schwab said it had developed “action-oriented tools” that would “guide advisors through the cybersecurity planning process, available through a new online Cybersecurity Resource Center.”
Representatives for Charles Schwab were unavailable to comment on the initiative.
John Sims serves as CFO and has executive responsibility for technology and security at Snowden Lane Partners, a New York-based firm with total client assets of $2.5 billion. In an interview with FA-IQ, Sims says cybersecurity is top-of-mind firm wide. Articles that shed light on the subject are often shared and discussed among staffers and security. While the firm allows employees to use their own devices at work, it also uses firewalls such as the use of secondary verification, like requiring a PIN to access certain apps.
Firms want to make sure they have the latest technology, but Sims argues that it’s important to be smart about it.
“This is something we regularly revisit,” he says. “We sit down and say ‘What is the risk now?’”
Part of knowing the risk is staying abreast of available knowledge so that firms know not only about the latest technology, but also the latest threats it faces.
“We share with each other about the topics, make sure we’re informed and educated,” he says. “This is something a lot of people are concerned about.”