The digital revolution has yielded fantastic improvements in efficiency and effectiveness for financial advisors, but the increased reliance on technology and online systems has left advisors increasingly vulnerable to cybersecurity threats. With cyber attacks becoming ever more pervasive and sophisticated, failure to implement an effective strategy to secure sensitive client information could pose an existential threat to any advisor’s business.
What can you do to protect your business and safeguard client information from cyber threats? Start by making sure you have a clearly defined strategy to address cybersecurity risks, including written policies and procedures as well as an action plan to test, monitor, and audit your firm’s practices regularly.
How you implement your cybersecurity strategy will depend on many factors, including the size of your practice and willingness either to devote substantial staff time and resources to managing cybersecurity in house or to rely on external vendors and/or platform providers for help. Whatever approach you choose, you don’t need to be a computer geek to take action to reduce the risk of becoming a victim of a data breach.
Here are seven practical steps you can take to protect your business and keep sensitive client information secure.
1. Train your staff to be the first line of defense.
The best way to guard against bad actors gaining access to your systems is by teaching yourself and your staff to recognize and thwart cyber threats. Make sure everyone on your team understands the importance of following your cybersecurity practices and knows how to spot suspicious emails and how to deal with them. A good way to stress the importance of cybersecurity is to include updates on it as part of your regular staff meetings.
2. Secure electronic communications.
Establish rules for your staff to follow when using electronic communications, such as encrypting all emails containing sensitive client information. With more people sending and receiving files from outside the office, special attention should be paid to mobile security. At a minimum, make sure employees use passwords to lock their laptops and mobile phones to render them less vulnerable if lost or stolen. It’s also a good idea to make sure your employees use secure Wi-Fi networks and avoid risky hotspots and public Wi-Fi. Better yet, require the use of a virtual private network (VPN) and antivirus software. And whenever possible, use multifactor authentication to add an extra layer of security to make it harder for bad actors to access sensitive information.
3. Don’t fall for phishing.
Phishing (when an email is sent with the purpose of tricking the recipient to click on a link or perform some action that will allow malware to be installed on your firm’s network) is probably the most common cybersecurity threat that advisors face. One click on a fraudulent link can expose your organization to a serious data breach. Phishing emails often look harmless and may appear to come from a known sender. Teach employees to be suspicious of emails that include links and to hover over a link before clicking on it to be sure the URL looks legitimate. When in doubt, contact the sender to confirm an email is safe. Also consider deploying an email threat detection tool.
4. Protect passwords.
Despite the surge in cyber theft, way too many people still use the same or similar passwords for multiple sites, jot down their passwords on Post-It notes, or store them on their computer. Use a password manager to create, retrieve, and keep track of passwords that are unique and secure – for your business and personal accounts.
5. Back up computers.
Ransomware attacks (in which cyber criminals steal your data and then demand a ransom for its return) are on the rise because they are lucrative and relatively easy to pull off. The best way to prevent a ransomware attack is by not clicking on fraudulent links in phishing emails, and the best way to limit the damage is by backing up your data and systems so you can restore information if its stolen or encrypted. Also be sure to enable automatic updates for your computer systems so you will have the latest security patches.
6. Monitor vendors.
Data breaches often stem from third-party service providers who fail to follow appropriate cybersecurity protocols. You can’t just give vendors access to your systems and then turn them loose. Make sure they have clearly defined cybersecurity policies and that they test and audit them regularly. And let your vendors know you expect them to facilitate your due diligence and network reviews.
7. Educate clients about information security.
As people become more familiar with cyber threats, expect your clients and prospects to start asking about your information security policies and procedures – if they aren’t already. Be sure to include cybersecurity as part of your onboarding process for new clients, and review it regularly with existing clients. It’s also a good idea to teach clients how to protect themselves against cybersecurity threats, including many of the best practices covered above.
The bottom line
Every advisor’s business is built on client trust, and keeping sensitive client information secure is critical to maintaining that trust. Don’t let a data breach undermine the reputation you’ve worked so hard to build. Make sure you’re doing all you can to protect your business and keep client information secure.