1 Comment

5 Tips to Prepare for Cyber Threats in the New Year

Today’s cyber environment has cultivated a perfect storm for financial planners. The timing and velocity of cyberattacks combined with an increase in regulation requires more than just a defensive posture. To be successful in 2019, financial planners need to be proactive, not reactive by default. It all starts by implementing basic cybersecurity tools and protocol, then architecting a modern cybersecurity framework around it—one that satisfies current laws and provides clear, documented evidence of enforcement.

At the time we began managing cybersecurity in 1995, cyber incidents looked a lot different. Today cyber threats come from all areas of the globe and a host of bad actors. One cyber incident can bring down an enterprise. The reputational risk alone creates a negative multiplier effect of losing clients, licenses and the cooperation from regulators when a firm is ill-prepared.

The good news is playing the cyber offensive is relatively easy with these five tips for success:

1.) Use multi-factor authentication (MFA)

Financial services firms that adopt MFA require a user to provide more than just a password to access a network. An example of MFA is logging into a website that sends a numeric code to your phone, which then grants access to your account. The technology is simple and does not require one to be a computer genius to use.

2.) Employ data loss prevention tools and settings

Data Loss Prevention (DLP) tools and settings are critical for regulatory compliance and safeguarding your client’s data. Firms should already be using antivirus protection, encryption and screen locks. Antivirus subscriptions protect multiple devices.

Furthermore, encryption and lock screens on a cell phone are simple to use, inexpensive and easy to enforce.

3.) Printed cybersecurity policy and practice drills.

Most firms have a cybersecurity policy, but only a small percentage print them and run cyber practice drills. A hard copy of the cybersecurity policy enables immediate access should a firm’s network become compromised or inaccessible. Running practice drills ensures everyone understands their role and responsibility for the firm’s cybersecurity policy.

4.) Build a cyber dream team.

On a previous FPA Coaches Corner webcast, we explained how to build a cyber dream team, roles and responsibilities. An ideal team, for example, is comprised of your firm’s chief information security officer (CISO) and a cyber expert. A cyber expert is formally trained in cybersecurity and incidence response planning and should have a deep understanding of the regulations.

5.) Documented cybersecurity evidence.

One of the most important functions is generating proof and evidence for the regulators, without it, no one (including the cyber insurance company) will believe a firm is in good order. Various cyber documents, such as a Written Information Security Policy (WISP) and Cyber Asset Audit Report, create the body of proof. These documents should also be printed in case the system is compromised.

Playing the cyber offensive will position advisers operating under a fiduciary standard for success, whereby acting in a client’s best interest forms the basis of the client relationship.

Editor’s note: This is an excerpt from the FPA Coaches Corner whitepaper titled “Make 2019 Your Year: Business and Career Tips to Get the Most Out of 2019.” Read the full whitepaper here.


Brian Edelman, CEO of FCI, is a nationally recognized cybersecurity expert specialized in the financial services industry. He is the FPA Coaches Corner coach for cybersecurity.

Leave a comment

What Good Planners Need to Do in the Digital Age

The future of finance is a mixture of robo advice and human advice, according to Charles Schwab’s 2018 Consumer Digital Demands survey.

Forty-five percent of those surveyed said they believe robo-advisers will have the biggest impact on the future of finance. The survey also found that Americans say financial planning is as hard as training for a marathon.

Clients will use technology, but they still need you to help them “train” in this digital age.

The Forbes article, “What You Should Expect from Your Financial Advisor in The Digital Age,” gave consumers tips on what their advisers should do for them when it comes to technology. It boils down to this: simplify their understanding of money by using and better explaining tech tools. If your clients are reading articles like the one in Forbes, they may expect you to provide the following:

Tech tools that easily do it all and have fewer steps. The Forbes article noted that advisers should offer technology that allows clients to check portfolios and their savings and checking accounts all in one spot.

Customizable technology. The Forbes article noted that clients should be able to customize their experience. “Don’t merely expect the proper customization—demand it,” wrote Forbes author Alex Chalekian, founder and CEO of Lake Avenue Financial.

A view of the big picture. Clients in the digital age will expect a picture of their total net worth and their progress toward retirement. This ties into having all their information, including all retirement, savings and checking information, easily accessible on a one-stop piece of technology.

Education on how to use the technology. Clients will expect you to show them how to use the software you provide. Take the time to ensure they understand how to use it and all the ins and outs and extra features.

“What a great adviser will do is use technology to be more connected to your life, to be able to comprehensively simplify your financial life and then interact at your convenience when you’re ready,” Joe Duran, founder and CEO of United Capital said in the CNBC article, “Here’s Why Robo-Advisors Won’t Replace Human Financial Advisors.”

Ana TL Headshot_Cropped

Ana Trujillo Limón is senior editor of the Journal of Financial Planning and the editor of the FPA Practice Management Blog. Email her at alimon@onefpa.org. Follow her on Twitter at @AnaT_Edits.

Leave a comment

Digital Assets 101: How to Account for Digital Assets in Estate Plans

Digital assets are a popular topic and an ever-important aspect of estate planning with today’s digital age. Even simple accounts such as Facebook and Twitter have tremendous transferable value to beneficiaries. However, beneficiaries and clients alike believe that merely sharing a password or access gives the beneficiaries the rights to the account. Ironically, this may constitute a violation of the law if this is how a digital asset is handled in an estate. It is important to understand the transferability, the value and how to provide instructions for transfer.

When planning for digital assets in an estate plan, it is important to help your clients identify their digital assets. Certainly, the best place to start is with an inventory. Try asking them if they have some of the popular digital assets and explaining the intrinsic value to the beneficiaries. Once they have a comprehension of the value, they are more likely to identify digital assets they own. While they may not initially see value in digital asset planning, photos, videos and stories go a long way in legacy planning. Helping clients realize the value of legacy planning can assist with digital asset planning.

After taking inventory, you will have to familiarize yourself with some of the policies of a particular digital asset. Digital assets can be transferred in similar ways to normal assets. Some will allow the account holder to appoint a legacy person and some need specific language in wills or trusts to transfer the digital asset. The only caveat is that some assets (unlike liquid and tangible assets) are not considered property and simply cannot be transferred. Most of this occurs in loyalty reward programs.

One of the most popular digital assets is Facebook. The reason for its popularity is because of the memories it holds. A user can appoint a legacy sponsor to handle the account once someone has passed. The user can also choose to delete the account. The challenge here is similar to that of a beneficiary designated account, someone must be chosen prior to death. Once someone dies and Facebook finds out they memorialize the account. This basically freezes the account and provides no access. Just like setting beneficiary designations (and revisiting them), digital assets that have legacy access should have those designations set and revisited periodically.

Loyalty reward programs are equally as popular. While most are not that friendly within an estate, some have clauses that can be accounted for in legal documents. Let’s take American Airlines. American Airlines has some language in its AAdvantage program terms and conditions which does not specifically allow transfer after death, but the airline gives itself a “loophole” to transfer the miles after approved legal documents have been submitted. Accounting for specific language in estate documents can be vital in transferring a specific digital asset with significant value. This is an excellent example accounting for digital assets within a will or trust document.

Digital assets can be tricky when accounting for them in an estate plan. The key is to take proper inventory, gather some familiarity or help and account for transfer. The great news is, this is an excellent conversation starter, a differentiator in practice and a way to provide great value to your clients. In the digital age we are in, digital assets are becoming more important in estate planning. Take the time to learn how to account for them in estate plans, it will be well worth it.


Scott Huff_Updated

Scott Huff is the CEO of Yourefolio.