Voices

Advisers defend against this cybersecurity nightmare

The stern words of a former FBI agent planted the idea for this month’s issue on cybersecurity. At last year’s FSI OneVoice conference, Clyde Langley, a former agent who’s now vice president of Schwab’s fraud prevention and investigations unit, told a room of worried executives that hackers were probably lurking in their firm’s systems.

“Criminals are sitting in compromised accounts, watching traffic and seeing what you and your clients are talking about,” Langley said.

“Use code words or phrases with each client,” says Financial Planning contributor Donald Jay Korn.

That thought has stayed with me ever since. But when I spoke with Financial Planning Managing Editor Suleman Din about probing this topic more deeply, he opened my eyes to an even more insidious — and lesser-known — digital threat.

Cause-of-data-breaches_Online

Well-intentioned advisers have been integrating as many new tech tools into their practice as they can, Din told me. But few realize that these programs, primarily built by third-party vendors, could come with glitches and bugs that allow client and firm data to be accessed by thieves, or just mistakenly disseminated by users.

IAG.TD.11017.0.png

From fiduciary to robos to marketing: A close look at advisers’ top concerns and how their budgets have changed year-over-year, from TD Ameritrade’s annual survey.

1 Min Read

Who’s responsible for the resulting data leaks? Advisers. Not vendors.

“It’s a regulatory and legal issue with real consequences for advisers, who shoulder the blame and fallout even if the firm didn’t cause the data breach through any action of their own,” Din says.

“Advisers have to take an invested, proactive approach to learning about the tech that they are using and the partners they choose,” Din adds. Stay on top of security inquiries, he warns, but expect a runaround. He says he was surprised by how “vendors can thwart diligence inquiries from advisers and still get business.”

Donald Jay Korn, who wrote a companion piece on cybersecurity, tells me his research revealed ways to stop thieves from using information from already-breached systems.

“Require a live phone call instead of an email, for instance,” he says. “Use code words or phrases with each client, and mandatory delay times to verify a cash request,” Korn adds, citing his source, Sanjiv Bawa, founder of Chi Networks.

Those are words that should stick with you, similar to the FBI agent’s warning that stuck with me.

For reprint and licensing requests for this article, click here.
Technology Cyber security Financial regulations Robo advisors Charles Schwab
MORE FROM FINANCIAL PLANNING