Cybersecurity Assessment is Key for Advisor Firms
The first step any financial advice firm needs to make to beef up cybersecurity is a proper risk assessment, John Paul Cunningham writes in Financial Advisor.
For wealth management firms a data breach doesn’t just risk potential monetary loss, according to Cunningham, CIO and chief information security officer of cybersecurity tech provider Docupace Technologies. The reputational damage from a cyberbreach is often too much for an advice practice to recover from, he writes.
To avoid cyberattacks, firms need to assess their vulnerabilities — starting with the admission that even small wealth management companies are potential targets, according to Cunningham.
Every firm has information hackers could exploit, so the next step is to determine which data are the most valuable, he writes.
The process alone may help advice firms identify small issues they may have overlooked otherwise, such as using repurposed technology that doesn’t stand up to attacks, according to Cunningham.
Cutting corners when it comes to data, he writes, isn’t a good idea. Advice firms also need to determine who can access the data they’re trying to secure and to consider how a hacker could use that to their advantage, according to Cunningham.
Too often wealth management outfits give administrative privileges to too many people. Such access should be reserved for as few people as possible, according to Cunningham.
The next step is to establish companywide policies on data access. Following best practices, such as those laid out by the NIST Framework for Cybersecurity, is a good place to start, writes Cunningham.
An advice practice’s IT personnel may not have adequate expertise to determine all the firm’s vulnerabilities, so Cunningham recommends hiring a third-party firm to do an outside assessment of the firm’s findings.