Following another year of brisk – not in a good way – activity increases in cybersecurity terms, advisors are reminded about the importance of safeguarding client data.
Remembering the old saying about it taking years to build trust and only a moment to destroy it, the importance of robust cybersecurity protocols to an advisory practice grows. That relevance is only increasing as the sophistication of cyber criminals and the amount fraud perpetrated increases.
As a result, advisors face new technological burdens by way of federal and state regulations when it comes to safeguarding client data and preventing identity theft. Remember what cyber crooks are after: Data and money. Underscoring the importance of strong cybersecurity protocols, an advisory practice can be targeted in the any number ways, including but not limited to malicious software, phising and vishing.
Bottom line: Advisors already have a lot on their plates when it comes to starting and nurturing client relationships. Cybersecurity shouldn’t be in the way, but it needs to be a priority. Here’s what advisors need to know to stay atop cybersecurity needs in 2023.
Advisors Need to Know Their Cyber Responsibilities
As noted above, federal and state regulators are increasing scrutiny of companies, regardless of size and industry, that come into direct content with customer data. However, financial services is particularly data-intensive and as Fidelity recently noted, there are elements in the Fair Credit Reporting Act that highlight the importance of advisors upping their cybersecurity games.
“The ‘Identity Theft Red Flags Rule,’ known as Regulation S-ID, was issued jointly by the Securities and Exchange Commission (SEC) and the U.S. Commodity Futures Trading Commission (CFTC) and became effective in 2013. It requires any SEC or CFTC-registered financial entity that directly or indirectly holds transaction accounts for its clients to develop and implement an identity theft protection program (ITPP),” according to Fidelity.
Translation: Advisors, broker-dealers and other financial firms must reach compliance by developing and maintaining sturdy protocols to guard against identity theft. Looked at differently, advisory firms that don’t prioritize cybersecurity today risk potential legal and regulatory headaches down the road.
One way for advisors to reduce cybersecurity burdens is to work with the right technology partners that can maximize efficiencies while minimizing downtime and learning curves. There are good reasons to consider that approach.
“Investment advisors, broker-dealers, and many other financial institutions are generally required to be in compliance by developing and implementing an identity theft protection program consisting of reasonable, board-approved compliance programs, with policies and supporting procedures to prevent, detect, and respond to any possible identity theft situations,” add Fidelity.
More Steps for Advisors to Take
Fortunately, some of the avenues through which advisors can enhance cybersecurity measures are easy to implement and cost-effective, perhaps free. Those include regular monitoring of transactions in client accounts, limiting the number of employees with access to sensitive data, regular device updates and password protection, among others.
Education is also part of the equation and this goes for both staff and clients and advisors can get to work on cyber education of employees right away, often with low costs.
“Maintain a strong cybersecurity education program to keep all firm personnel abreast of the latest trends in cybersecurity and firm policies and procedures. You may also want to make cybersecurity a regular agenda topic for team meetings and have a plan in place to train new employees. Keep the threats associated with phishing top of mind, and ensure that employees have a mechanism to report suspicious emails, phone calls, and text messages,” concludes Fidelity.
Related: Dividends Were Dynamic in 2022