In May 2017, the "WannaCry" ransomware cyber attack infected more than 200,000 computers in over 150 countries, including multinational companies like FedEx and government organizations like Britain’s National Health Service, over the course of just five days. Despite its effectiveness, security researchers warn that WannaCry was likely the work of an amateur using code leaked from the National Security Agency earlier this year by a mysterious group calling themselves The Shadow Brokers.
These kinds of cyber attacks may be especially worrisome for financial advisors and their clients. An investigation by the Securities and Exchange Commission found that only 15% of broker-dealers and 9% of registered investment advisors offered security guarantees to protect their clients against cyber-related losses. (For more, see: What You Don’t Know About Cybersecurity Can Hurt You.)
It’s easy to preach the mantra of prevention - regular updating, security protocols, and such - but what should a financial advisor do after they have already been hacked?
1. Pull the Plug and Fix the Issue
The first step is to address the problem from a technological standpoint to safeguard client data and ensure no future losses. This means disconnecting compromised computers or servers from the Internet, professionally removing the infected files, patching the vulnerability, and changing passwords before reconnecting the device. In the case of ransomware that encrypts data, it’s rarely a good idea to pay off criminals for access to the data.
These processes are best accomplished with the help of specialized information technology security personnel or consulting firms.
2. Proactively Contact Clients
The second step is to proactively reach out to clients that were impacted by the security breach and tell them to change their passwords, PIN numbers, and other credentials for online banking and investment accounts. These clients should also request alerts from credit bureaus and credit card companies and consider a credit monitoring service as an added precaution, as well as notify the Social Security Administration to prevent any possible tax refund theft. (For more, see: 7 Cybersecurity Tips for Advisors.)
This is probably the most difficult step in the process, but properly handling a security breach and being proactive can make all the difference. A more reactive approach, where advisors might confirm the hack after clients realize their accounts are compromised, could further damage client relations.
3. Resolve Compliance Issues
The third step is to report the security breach to the chief compliance officer and compliance team to take the appropriate actions. In addition, it may be necessary to contact third parties - such as custodians - that may have been impacted. It’s also a good idea to discuss the breach with an attorney and alert regulatory authorities, such as the SEC, FINRA and law enforcement to ensure that the firm remains fully compliant and that the perpetrators may be investigated.
Financial advisors should also document the data breach, including their responses, to inform future security measures and deal with any legal and regulatory repercussions.
4. Prevent Future Cyber Attacks
The final step is to reassure clients and implement measures to prevent future problems. This may involve implementing new security protocols or hiring IT security personnel. It’s also a good idea to consider adding cybersecurity insurance for client accounts to further reassure existing clients. The addition of insurance could also become a long-term tool to differentiate from other advisors that tend not to provide such coverage.
These preventative actions should be clearly communicated to both clients and employees to help avoid future incidents.
The Bottom Line
Cyber attacks have been on the rise over the past several years. With the NSA leaks, these attacks are likely to become more effective and commonplace than ever. Financial advisors should take precautions to secure their networks and prevent these problems from occurring in the first place. But when they do occur, it’s important to immediately address the problem, be proactive with clients, make the appropriate reports, and improve security for the future.
By following these steps, financial advisors can mitigate the impact that a security breach has on their client base and even improve their future abilities to attract clients. (For related reading, see: Educating Clients About Cybersecurity.)