The stern words of a former FBI agent planted the idea for this month’s issue on cybersecurity. At last year’s FSI OneVoice conference, Clyde Langley, a former agent who’s now vice president of Schwab’s fraud prevention and investigations unit, told a room of worried executives that hackers were probably lurking in their firm’s systems.

“Criminals are sitting in compromised accounts, watching traffic and seeing what you and your clients are talking about,” Langley said.

Quote
“Use code words or phrases with each client,” says Financial Planning contributor Donald Jay Korn.

That thought has stayed with me ever since. But when I spoke with Financial Planning Managing Editor Suleman Din about probing this topic more deeply, he opened my eyes to an even more insidious — and lesser-known — digital threat.

Well-intentioned advisers have been integrating as many new tech tools into their practice as they can, Din told me. But few realize that these programs, primarily built by third-party vendors, could come with glitches and bugs that allow client and firm data to be accessed by thieves, or just mistakenly disseminated by users.

Slideshow
How RIAs plan to spend in 2017
From fiduciary to robos to marketing: A close look at advisers’ top concerns and how their budgets have changed year-over-year, from TD Ameritrade’s annual survey.

Who’s responsible for the resulting data leaks? Advisers. Not vendors.

“It’s a regulatory and legal issue with real consequences for advisers, who shoulder the blame and fallout even if the firm didn’t cause the data breach through any action of their own,” Din says.

“Advisers have to take an invested, proactive approach to learning about the tech that they are using and the partners they choose,” Din adds. Stay on top of security inquiries, he warns, but expect a runaround. He says he was surprised by how “vendors can thwart diligence inquiries from advisers and still get business.”

Donald Jay Korn, who wrote a companion piece on cybersecurity, tells me his research revealed ways to stop thieves from using information from already-breached systems.

“Require a live phone call instead of an email, for instance,” he says. “Use code words or phrases with each client, and mandatory delay times to verify a cash request,” Korn adds, citing his source, Sanjiv Bawa, founder of Chi Networks.

Those are words that should stick with you, similar to the FBI agent’s warning that stuck with me.

Register or login for access to this item and much more

All Financial Planning content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access

Chelsea Emery

Chelsea Emery

Chelsea Emery is Editor-in-Chief of Financial Planning, SourceMedia’s flagship brand covering wealth management.