Leave a comment

8 Cybersecurity Best Practices

White Paper 3.jpgWhen it comes to cybersecurity breaches, there’s good news and bad news, according to the latest whitepaper from the FPA Research and Practice Institute™ and TD Ameritrade Institutional.

The good news is only 4 percent of firms surveyed experienced a security breach. The bad news is that while larger firms tend to experience more data breaches, smaller firms are increasingly being targeted.

But the whitepaper titled “Cybersecurity: Current Threats and Risk Management” offers readers a list of things to do to mitigate risk.

1.) Create a map of what should happen in the event of a security breach so that your entire team is on the same page.

2.) Update all email systems to limit potential for phishing attempts.

3.) Frequently scan for potential vulnerabilities. Scan more often than just quarterly or even annually to ensure your company and client data isn’t compromised. It may cost more now, but it will pay off in the long term.

4.) Brush up on your basics. Make sure you and your team both know what things make your data vulnerable and ensure that you’re not doing them. Read our last blog on for some tips on how to keep your firm safe.

5.) Ensure all your and your employees’ mobile devices have safeguards to protect any data that can be accessed on them. Ensure that sensitive data is erased form these devices should an employee leave or get a new device.

6.) Ensure only company-issued hardware and devices are accessing your company network.

7.) Identify what data must be encrypted and properly encrypt any sensitive data that is sent via email.

8.) Do not use personal email accounts for business. Create and enforce a policy that prohibits or limits employees from using personal email for work-related correspondence.

Download the full whitepaper here. Find the full cybersecurity research report, along with the other whitepapers on the topic here.

 


Leave a comment

There’s Work to Be Done, says Cybersecurity Report

FPA_2016Cybersecurity_Report_R7.inddA day doesn’t go by when there’s not some attempt to hack personal information, Bryan Baas, the managing director of risk oversight and control for TD Ameritrade Institutional said at press conference at FPA BE 2016.

Baas was speaking on the results of the “Is Your Data Safe? The 2016 Financial Adviser Cybersecurity Assessment” study conducted by the FPA Research and Practice Institute™ and sponsored by TD Ameritrade Institutional.

Advisers are well aware of the issue and 81 percent of those surveyed say it is a high priority for them. But despite this, less than half of the advisers surveyed don’t understand the risks and how to mitigate them.

“Cybersecurity is with us every, single day,” Dan Skiles, president of Shareholders Service Group and a member of the FPA Board of Directors said. “It is something advisers need to worry about today, tomorrow, 10 years from now.”

The report found that there are several areas where advisers can improve in terms of establishing and implementing documented policies and procedures.

When it came to governance and risk assessment, 57 percent of the 1,015 survey participants had documented policies and procedures in place; 59 percent had them in place for access rights and prevention; 58 percent had them for data loss prevention; 51 percent had them for vendor management; and 43 percent had them for incident response.

Simply becoming aware that there is work to be done is an important first step.

untitled-7041What Can Planners Do Now
It doesn’t have to be so complicated, said Brian Edelman, CEO of Financial Computer Services, Inc.

Become aware. Become aware of what components you need to be looking at. Take an inventory of your data and do some risk assessment, which is similar to what you do with your clients.

Know that if there is a breach, you are responsible for notification. It’s embarrassing and distracting to have to tell all your clients there has been a breach, but the rule is clear that you must be the one to notify the clients.

If you have plans in place, practice them once. Ensure that your team is aware of what to do in each type of event that could possibly occur.

Give your clients tips to stay safe. Oftentimes, a breach that happens to you happens because one of your clients was hacked. So give them tips to employ tools like dual-factor authentication on their Gmail accounts.

Vet your vendors. You’re trusting these third-party technology companies with your information, so ensure that they are safe themselves. Visit their offices and see how they work and ensure they’re doing all they need to do to keep you safe.

These things might be a pain, but they’re necessary steps to ensure yours and your clients safety.

“What is an inconvenience to you is most likely a roadblock to the bad guy,” Baas said.

Three upcoming whitepapers will be released by The FPA Research and Practice Institute™ and TD Ameritrade Institutional that will give advisers information on the following topics: how advisers are communicating with clients regarding cybersecurity; how advisers are training their teams on issues related to cybersecurity; and what tools and technology (and its associated costs) advisers are using to protect their business.

For the full study, visit www.onefpa.org/Cybersecurity.

AnaHeadshot

 

Ana Trujillo
Associate Editor
Journal of Financial Planning
Denver, Colo.


Leave a comment

Step Up Cybersecurity

As planners incorporate more technology into their offerings to clients, it’s imperative they stay on top of their cybersecurity measures.

“Cybersecurity is a major issue for financial planners in today’s highly technical, digital world,” writes Ben Lewis, FPA’s public relations team leader on an FPA Connect post calling for participants for a cybersecurity assessment that has since ended.

Anthony Stitch explains in the forthcoming August issue of the Journal of Financial Planning that planners who don’t provide the technology clients want these days may lose those clients to firms they like less but that offer the technology they prefer. This, he writes, is called digital attrition. Members, you’ll get to read the full article when it comes out. And if you’re not yet a member, maybe now is the time. Learn more here.

“As you incorporate more technology into the running of your firm, it’s important that you stay educated on best practices for cybersecurity,” Blane Warren, an industry leader in financial services marketing, compliance, and technology, writes on XY Planning Network’s website.

But planners this move toward providing more technology options means planners need to step up their cybersecurity game in order to keep their clients and themselves safe. Something they’re not currently doing very well, according to a report from External IT titled “Financial Services Firms Face Further Scrutiny of Their Cybersecurity Practices: Is Your Frim Ready?”

InvestmentNews reports that that report found three key areas were lacking in terms of financial cybersecurity: security policy, firms failing to audit their IT security; accountability when moving data, moving data to personal and home devices without tracking measures; and disaster recovery, not having emergency business continuity plans.

This isn’t to say that planners don’t want to address cybersecurity issues, rather they don’t know where to go to get their information, Brian Edelman, chief executive of Financial Computer Services told InvestmentNews.

Edelman recommends using a cybersecurity firm that understands financial services.

In a recent article, ThinkAdvisor recommended planners check out the following resources: National Institute of Standards and Technology (nist.gov) and the Financial Services Information Sharing and Analysis Center (fsisac.com).

AnaHeadshot

 

Ana Trujillo
Associate Editor
Journal of Financial Planning
Denver, Colo.