2017 saw a disturbing number of data breaches that deeply impacted a variety of industries, especially wealth management. The sheer volume of financial information that was put at risk from repeated breaches must remain a strong motivator for our entire industry to take real action to ensure better protections for clients’ data.
While it can be easy to let our memories lapse after the immediate outcry following a hacking event dies down, a commitment to strengthening cybersecurity capabilities must be a priority, especially as financial advisors ramp up their plans for how to better serve investors in this new year.
What’s at stake?
Put simply, advisors can be the gateway to millions of dollars -- and since they manage assets for so many individuals and families, hackers may find easy value in targeting their firms.
Moreover, advisors often use a number of digital tools and may work with several technology providers as part of their day-to-day routine, meaning they have multiple points of vulnerability that hackers could leverage to access confidential information.
Since financial advisors are such a prime target for hackers, it is critical they commit to an active approach to preventing a hacking incident this year and beyond. So, what can be done?
Implement basic best practices
Advisors don’t have to reinvent the wheel to block a hacker; even basic steps can be effective. In fact, a 2016 IBM study showed human error -- specifically errors made by individuals within the firm being targeted -- are responsible for 60% of successful cyberattacks. This was certainly the case in one of the biggest breaches of 2017 -- the Equifax hack, as the company’s security department overlooked weak points in software that needed patching.
It’s easy for us to forget that we have control over our software and devices, so it’s vital we are diligent about implementing (and maintaining) all security capabilities.
Addressing this issue can be as simple as ensuring passwords are complex and rotated regularly or establishing time-outs on devices with access to sensitive information, like computers and cell phones. But these measures will only be truly effective if they are implemented across an entire firm.
Advisors should look to create formal processes that make it easy for their colleagues to maintain security capabilities on their own devices and learn how to spot suspicious activity. For example, all staff should be trained on the basics of identifying phishing scams, which are hackers’ attempts to obtain sensitive information by sending emails disguised as messages from a trustworthy organization. While these practices and trainings can seem tedious, they are crucial for protecting a firm, and its clients, from dangerous security breaches.
With established processes to minimize human error, technology itself can also help advisors shore up their defenses against cyberattacks. For example, while implementing complex passwords is a great start for blocking potential breaches, technology that doesn’t require a password in the first place can be even more secure. The financial services and tech industries are continuously looking for new ways to replace passwords, and methods such as fingerprint or facial recognition are becoming increasingly common.
The cost for implementing these features on password-protected devices is generally not prohibitive, even for a small advisory firm, so it deserves serious consideration in this time when threats are growing in frequency and intensity.
As advisors work with technology providers to implement the tools needed to protect their clients’ information, they should also take the extra step of conducting due diligence and ask careful questions about the provider’s own security protocols and protective measures.
Investors know just how important cybersecurity is -- especially since many of them were affected by breaches that occurred last year. At AssetMark, we hear from advisors that their clients are still probing for more clarity as to how advisors guard their answers to security questions and protect their confidential financial information. It’s clear the wealth management industry cannot afford to let this issue fall by the wayside -- it is imperative we dedicate ourselves in the new year to taking every possible precaution to maximize security across the entire space.