Today’s cyber environment has cultivated a perfect storm for financial planners. The timing and velocity of cyberattacks combined with an increase in regulation requires more than just a defensive posture. To be successful in 2019, financial planners need to be proactive, not reactive by default. It all starts by implementing basic cybersecurity tools and protocol, then architecting a modern cybersecurity framework around it—one that satisfies current laws and provides clear, documented evidence of enforcement.
At the time we began managing cybersecurity in 1995, cyber incidents looked a lot different. Today cyber threats come from all areas of the globe and a host of bad actors. One cyber incident can bring down an enterprise. The reputational risk alone creates a negative multiplier effect of losing clients, licenses and the cooperation from regulators when a firm is ill-prepared.
The good news is playing the cyber offensive is relatively easy with these five tips for success:
1.) Use multi-factor authentication (MFA)
Financial services firms that adopt MFA require a user to provide more than just a password to access a network. An example of MFA is logging into a website that sends a numeric code to your phone, which then grants access to your account. The technology is simple and does not require one to be a computer genius to use.
2.) Employ data loss prevention tools and settings
Data Loss Prevention (DLP) tools and settings are critical for regulatory compliance and safeguarding your client’s data. Firms should already be using antivirus protection, encryption and screen locks. Antivirus subscriptions protect multiple devices.
Furthermore, encryption and lock screens on a cell phone are simple to use, inexpensive and easy to enforce.
3.) Printed cybersecurity policy and practice drills.
Most firms have a cybersecurity policy, but only a small percentage print them and run cyber practice drills. A hard copy of the cybersecurity policy enables immediate access should a firm’s network become compromised or inaccessible. Running practice drills ensures everyone understands their role and responsibility for the firm’s cybersecurity policy.
4.) Build a cyber dream team.
On a previous FPA Coaches Corner webcast, we explained how to build a cyber dream team, roles and responsibilities. An ideal team, for example, is comprised of your firm’s chief information security officer (CISO) and a cyber expert. A cyber expert is formally trained in cybersecurity and incidence response planning and should have a deep understanding of the regulations.
5.) Documented cybersecurity evidence.
One of the most important functions is generating proof and evidence for the regulators, without it, no one (including the cyber insurance company) will believe a firm is in good order. Various cyber documents, such as a Written Information Security Policy (WISP) and Cyber Asset Audit Report, create the body of proof. These documents should also be printed in case the system is compromised.
Playing the cyber offensive will position advisers operating under a fiduciary standard for success, whereby acting in a client’s best interest forms the basis of the client relationship.
Editor’s note: This is an excerpt from the FPA Coaches Corner whitepaper titled “Make 2019 Your Year: Business and Career Tips to Get the Most Out of 2019.” Read the full whitepaper here.