In a white paper released by the Financial Planning Association and TD Ameritrade Institutional found that 81 percent of advisers say cybersecurity is high or very high among their firm’s priority list.
But there is a gap when it comes to providing mandatory training for staff. The white paper, titled “Cybersecurity: Is Your Team Prepared?” reported that 11 percent of firm CEOs “completely agree” that their team is fully aware of what would be required to adhere to guidelines set out by the Office of Compliance Inspections and Examinations (OCIE). And only 44 percent of firms with more than one team member provide mandatory training for employees.
But finding the right training for you and your staff is the ticket to closing that gap and safeguarding and preparing your firm for cyber attacks.
The white paper reported that the average team member receives less than two hours of cybersecurity training per year. But it offered some steps to take action on training.
- Define clear goals when it comes to cybersecurity. Keep the OCIE requirements as well as the goals of your team in mind during training.
- Define team expectations in relation to those goals. Be clear and concise in communicating your expectations.
- Gather input from the team. What questions or concerns do your team members have when it comes to cybersecurity?
- Conduct anonymous internal assessment. Find out what your team knows and understands regarding OCIE requirements and cybersecurity.
- Identify gaps. Focus your training on closing these gaps.
- Create training process. Determine how often, whether its mandatory and how you will deliver training, among other things.
- Summarize training process. Summarize the process on a single page so you can tell your clients what you are doing.
For a full sample assessment recommended in step No. 4, download the full white paper here.
Journal of Financial Planning