Why Voya’s Cybersecurity Breach Settlement is a Cautionary Tale for All Advisors
When it comes to cybersecurity, financial advice firms should take their cue from Voya Financial Services' recent settlement with the SEC, InvestmentNews writes in an editorial.
Voya settled with the regulator last month for $1 million over alleged failures to guard its clients against identity theft, which was the regulator’s first enforcement action related to to its Identity Theft Red Flags Rule.
The rest of the industry should be ready for more such fines in the future, according to InvestmentNews. After all, many of them have similar procedures to the ones that were in place at Voya, which nonetheless allegedly failed to protect the firm against cybercriminals who posed as advisors to obtain advisors’ passwords and then get personal information on 5,600 Voya clients, the publication writes.
Voya’s lesson from the breach was that having policies and procedures in place isn’t enough, according to InvestmentNews. After all, one of the advisors targeted in the scheme informed the firm he had not requested a password reset, but fraudsters impersonated two more advisors after that, the publication writes.
It’s essential that advice firms therefore review and test their cybersecurity procedures regularly and ensure their advisors and staff are properly trained in following them, according to InvestmentNews.
In addition, companies need to work toward anticipating breaches by various means, since cybercriminals, when thwarted, will look for other ways to get private data, the publication writes. Therefore, it’s important that cybersecurity plans are constantly updated in accordance with cybersecurity developments, according to InvestmentNews.
And it’s not just regulatory scrutiny that advice firms need to be wary of when it comes to cybersecurity: clients may forgive one security breach, but if another occurs they’ll start looking at rivals with better security records, according to the publication.