Cybersecurity Is Now the Biggest Risk Facing Independent RIAs

If it is not yet apparent, cybersecurity is the biggest risk facing independent RIAs.

When the fraud protector becomes the weakest link, it is time to take notice.

From mid-May through July 2017, the personal information of approximately 143 million consumers was exposed during a long running data breach at Equifax (one of the nation’s three major credit reporting agencies).

The personal information that was accessed during the breach included:

  • Names
  • Social Security numbers
  • Birth dates
  • Addresses
  • Driver’s license numbers
  • Credit card numbers for about 209,000 people
  • Credit dispute documents for about 182,000 people
  • In response to the breach, Equifax published a press release late on Thursday (9/7) announcing the breach and the availability of resources on the Equifax website, www.equifaxsecurity2017.com to protect individuals from identity theft. The site will verify who has been affected by this breach. If an individual’s information was exposed, they can receive a year of free credit monitoring and other identity theft protection services. Once they enter their name, the site will give them a date when they can come back to enroll. Affected individuals must remember to write down the date and come back to the site and click “Enroll” on that date. The deadline to enroll is November 21, 2017 .

    Initially, by agreeing to the terms and conditions for Equifax's monitoring, individuals were waiving key consumer rights, such as agreeing to settle disputes through arbitration and waiving the right to participate in class-action lawsuits. After the waiver of rights was exposed by the news media (see the CNBC articles linked here and here ), Equifax amended its terms and conditions and issued the following FAQ: “the free credit file monitoring and identity theft protection that we are offering as part of this cybersecurity incident does not waive any rights to take legal action. We removed that language from the Terms of Use on the website, www.equifaxsecurity2017.com .”

    The fact that Equifax attempted to bury arbitration clauses and class action waivers into the terms of use of the free credit file monitoring and identity theft protection creates concerns about whether their actions are about fixing the issue or purely an attempt to limit their liability. However, the free credit file monitoring and identity theft protection may make sense as a measure to mitigate some of the negative effects of the breach.

    Related: SEC Risk Alert: Cybersecurity

    To assist your clients in protecting themselves from identity theft due to this data breach, AdvisorAssist recommends that you, as the Advisor, consider the following best practices:

  • Read through the consumer notice and related documents found at: https://www.equifaxsecurity2017.com/consumer-notice/ to determine if it makes sense for your clients to enroll in the free credit file monitoring and identity theft protection offering.
  • Monitor the accounts and financial statements that you advise on for your clients. Report to the client any potentially unusual activity.
  • Recommend that your clients change their passwords on all financial accounts.
  • Have your clients request a free credit report from all three credit bureaus at www.annualcreditreport.com .
  • Assist your client with setting up fraud alerts with the three major credit bureaus.
  • Work with the client to address any accounts that were fraudulently opened in their name.
  • If appropriate, assist your client with installing a security freeze on their credit. Please note the credit bureaus typically charge for a credit freeze. However, some states require that the fee be waived if the consumer provides a police report to the credit bureau.