Cybersecurity: 10 best practices for advisers
October 10, 2014 10:38 AM
Cybersecurity: 10 Best Practices for Advisors
In the wake of recent high profile data breaches, cybersecurity is front and center for clients, advisors and regulators with an increased focus on adequate protections for client data.
In addition to concerns about the data breaches at large companies like JPMorgan Chase, Target and Home Depot, advisory firms are also facing pressure from Washington. In April the the SEC issued a risk alert warning advisors that it will be assessing their cybersecurity preparedness.
As advisors look to allay clients' as well as their own fears of a breach, we've compiled 10 best practices for advisors to better protect client data. You can read more about these tips in the full stories here and here.
Click here to view this list in a single-page version.
In addition to concerns about the data breaches at large companies like JPMorgan Chase, Target and Home Depot, advisory firms are also facing pressure from Washington. In April the the SEC issued a risk alert warning advisors that it will be assessing their cybersecurity preparedness.
As advisors look to allay clients' as well as their own fears of a breach, we've compiled 10 best practices for advisors to better protect client data. You can read more about these tips in the full stories here and here.
Click here to view this list in a single-page version.
1. Encrypt Emails
Justin Kam of National Compliance Services says Either dont send private information over email, or consider encrypting the information." Having a secure Web portal that encrypts and password-protects emails can help avoid information leaks.
2. Secure the Electronic Office
Protecting your office computer from cyberthreats can simply include throwing old emails away and keeping documents offline or behind a firewall, according to cybersecurity experts.
3. Secure Physical Documents
David Schneider, a principal at Schneider Wealth Strategies in New York urges advisors to lock up any paper files with client data when they aren't being used.
4. Use Multiple Sign-offs
A proactive cybersecurity step advisors can take is requiring that multiple people approve a dibursement. Roger Pine, a partner at Briaud Financial Advisors, says his firm caught a fraud attempt last year since any request for money gets looked at by multiple people.
5. Review Passwords
Frequently change passwords and make them long and hard to guess to reduce the risk that an intruder may gain access, says William Hines, communications technology manager at Portland, Ore.-based investment advisor FolioMetrix. Hines adds that it is also important that advisors not store lists of passwords on a computer or in a non-secure location.
6. Back Up Data
Having a comprehensive, dependable backup system in place is another proactive measure advisory firms should take. William Hines, communications technology manager at Portland, Ore.-based investment advisor FolioMetrix, says enterprise cloud file storage services can make securely archiving and storing data relatively easy.
7. Update Devices
Properly maintaining and updating all electronic devices will help reduce the risk of infection or intrusion. Kip Gregory, a principal at the Gregory Group, a Washington-based consulting firm, suggests that advisors utilize free security programs such as Malwarebytes and Microsoft Security Essentials.
8. Avoid Public Wi-Fi
"You dont ever want to use public Wi-Fi, since it can lead to "asset intrusion," says Kip Gregory, a principal at Washington-based consulting firm Gregory Group. He recommends instead that advisors access the Internet through their own personal "hotspots" available on most smartphones and devices.
9. Educate Clients About Cybersafety
Advisors should help their clients understand the threats that are out there, says William French of Fidelity Investments. Remind them that if they don't recognize an email, they shouldnt open it or click on an enclosed link.
10. Continually Review Cybersecurity Measures
John M. West III, an advisor with Spraker Wealth Management, says measures taken today won't always work since hackers are always honing their skills making it vital to "continuously" review internal measures to make sure they are up to speed. Advisors must do their best to keep up with evolving threats.
