A consistent rise in the number of cybersecurity breaches taking place in the investment industry has many financial advisors asking if they are doing all they can to keep their firms safe from risk.
To better deal with these threats, many advisors are re-assessing their internal systems and procedures to make sure they are up to snuff. Changes being made include the setting up of new verifications codes for business functions such as money requests, the initiating of newer, safer passwords, and the implementation of a ban on placing client data on laptops. Many financial advisors are also putting in place cybersecurity audits to help ensure that their company information, as well as their clients’ information is well protected from criminals lurking online. (For related reading, see: 6 Ways to Protect Yourself From Cybercrime.)
One firm that has already taken such steps is Heron Financial Group. The firm is also working toward better securing its customer relationship management systems. Heron along with many other financial advisors is taking the added step of purchasing cybersecurity insurance. This type of insurance is now regularly being sold to advisors from firms that also sell errors and omissions policies. (For related reading, see: Does Your Portfolio Need a Dose of Cybersecurity?)
The move by Heron to increase its protection against cyber attacks comes in the wake of two attacks the firm faced earlier this year. In one, a hacker took over one of Heron’s client's personal e-mail accounts and sent e-mails to Heron that seemed to be from the client, requesting that the client’s funds be wired to a fraudulent account. Luckly, the staff at Heron recognized that the emails were not legitimate and contacted their clients, putting an end to the scam. (For related reading, see: The Underground Internet Economy of Cybercrime.)
Still, with attacks against financial service firms increasing, cybersecurity continues to be a major focus for most financial advisers. So much so that the Securities and Exchange Commission (SEC) has also implemented new initiatives to combat the threat. The agency recently issued a series of spot check exams that it is asking some advisory firms to take, the results of which should provide the SEC with a better sense of how well prepared these firms really are for another attack.
Compliance professionals are also taking the issue seriously. In fact, according to a survey by the Investment Adviser Association, ACA Compliance Group and Old Mutual Asset Management, three-quarters of financial compliance professionals now cite cybersecurity as one of their firm's top issues, and they say they are focusing on ways to address it. The figure is quite an increase from even last year when only 14% of compliance officers named cybersecurity as an issue of major concern. (For related reading, see: 3 Ways Cybercrime Impacts Business.)
Today, by contrast, most compliance officers are busy assessing the efficacy of their cybersecurity programs and putting in place the protocols necessary to route out and respond to new cyber threats. They are also becoming more aggressive in their implementation of policies and procedures that will aid in the protection of client data.
Identity theft programs are now also being instated at many firms to combat widespread phishing scams. Financial advisers are also starting to educate their employees more about dealing with the threat of cybersecurity, as no employee wants to be the one that allowed an insecure email or phone call to be hacked. (For more, see: Tips for Keeping Your Financial Data Safe Online.)
The Bottom Line
Financial advisors are now taking cyber security threats more seriously than ever before. They are implementing new programs and procedures to ensure that their firms’ data and client information is well protected from the next lurking cyber attack. (For more, see: Investment Scams: An Introduction.)