A day doesn’t go by when there’s not some attempt to hack personal information, Bryan Baas, the managing director of risk oversight and control for TD Ameritrade Institutional said at press conference at FPA BE 2016.
Baas was speaking on the results of the “Is Your Data Safe? The 2016 Financial Adviser Cybersecurity Assessment” study conducted by the FPA Research and Practice Institute™ and sponsored by TD Ameritrade Institutional.
Advisers are well aware of the issue and 81 percent of those surveyed say it is a high priority for them. But despite this, less than half of the advisers surveyed don’t understand the risks and how to mitigate them.
“Cybersecurity is with us every, single day,” Dan Skiles, president of Shareholders Service Group and a member of the FPA Board of Directors said. “It is something advisers need to worry about today, tomorrow, 10 years from now.”
The report found that there are several areas where advisers can improve in terms of establishing and implementing documented policies and procedures.
When it came to governance and risk assessment, 57 percent of the 1,015 survey participants had documented policies and procedures in place; 59 percent had them in place for access rights and prevention; 58 percent had them for data loss prevention; 51 percent had them for vendor management; and 43 percent had them for incident response.
Simply becoming aware that there is work to be done is an important first step.
What Can Planners Do Now
It doesn’t have to be so complicated, said Brian Edelman, CEO of Financial Computer Services, Inc.
Become aware. Become aware of what components you need to be looking at. Take an inventory of your data and do some risk assessment, which is similar to what you do with your clients.
Know that if there is a breach, you are responsible for notification. It’s embarrassing and distracting to have to tell all your clients there has been a breach, but the rule is clear that you must be the one to notify the clients.
If you have plans in place, practice them once. Ensure that your team is aware of what to do in each type of event that could possibly occur.
Give your clients tips to stay safe. Oftentimes, a breach that happens to you happens because one of your clients was hacked. So give them tips to employ tools like dual-factor authentication on their Gmail accounts.
Vet your vendors. You’re trusting these third-party technology companies with your information, so ensure that they are safe themselves. Visit their offices and see how they work and ensure they’re doing all they need to do to keep you safe.
These things might be a pain, but they’re necessary steps to ensure yours and your clients safety.
“What is an inconvenience to you is most likely a roadblock to the bad guy,” Baas said.
Three upcoming whitepapers will be released by The FPA Research and Practice Institute™ and TD Ameritrade Institutional that will give advisers information on the following topics: how advisers are communicating with clients regarding cybersecurity; how advisers are training their teams on issues related to cybersecurity; and what tools and technology (and its associated costs) advisers are using to protect their business.
For the full study, visit www.onefpa.org/Cybersecurity.
Journal of Financial Planning