From Target to Home Depot, Staples, Anthem and, more recently, the U.S. government, data breaches have been dominating the news cycle. This has left financial advisors wondering: "Are my clients protected, and am I doing enough to keep their sensitive data secure?"
This question has become even more important given the rise of technology. Cloud computing, emails, virtual advising - all of these elements have proven to simplify the advisor-client relationship, but with the potential for added risk.
It is up to financial advisors to ensure their clients' data remains safe and secure. Here is what you need to know:
The cost of a breach can be steep
There is a significant price attached to data breaches, from lost client trust to disrupted business practices. Of course, the actual monetary cost is high as well. Over the past decade, the research firm Ponemon Institute has compiled an annual report detailing the financial impact of data breaches.
In 2015, the average total cost of these breaches - covering 350 companies in 11 countries - reached a new high at $3.8 million. That is up 23 percent over the past two years. On a more granular level, the average cost for each lost or stolen record ticked up 6 percent to $154.
According to Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, there are three reasons why the costs keep increasing:
1. More frequent cyber attacks
2. Greater financial cost for lost customers
3. More expensive cyber forensics and investigations
Right now, the research showed that the greatest risk is from hackers and criminal insiders, while one of the most significant costs is lost business.
Know your data risks
So then, what can you do to protect your clients? The first step is to assess your risks. Here are the most common in the financial services industry:
Malware is still a incredibly popular cyber attack tool. Hackers will find ways to install malware in your systems, from a friendly looking link on a webpage to a phishing email. In fact, phishing has become more targeted than in years past. Instead of mass emails, hackers will hone in on a few people who have what they need and make the emails look incredibly legitimate.
Similar to malware, many cyber criminals will use basic hacking skills to break into your systems. Sadly, many firms make this easy on them by having lax password protections and other identification methods. Sometimes, hackers find it is just like walking through the door.
- Internet of Things
Insecure cloud computing is a common concern for financial advisors. The cloud is one part of the Internet of Things, or the vast array of Internet-connected devices we have today. The IoT introduces a variety of new elements, which makes security more challenging - and prone to errors.
- Employee/customer mistakes
Sometimes, the greatest threat of all is an honest mistake. Employees often leave laptops, USB drives and other tech on public transit or in the parking lot. A client could leave their account logged on in their public library. All it takes is one slip-up to expose your business.
How to protect your clients
Understanding your risks is the first part of protecting your clients. Once that is complete, you'll be able to take more tangible steps forward. Here is how you can protect your clients' sensitive data:
1. Think simple
Sometimes, the best course of action is to just avoid storing private data online. If there's no actual reward to hacking into your systems, you won't be a target. Of course, this is easier said than done (you do have to store something on computers, after all), but you have options. For starters, consider keeping the bare minimum online, like contact information. The rest can be filed in an office. If you do need to have data online, consider keeping it in different servers, on different accounts or computers and in different files.
2. Better authentication
Passwords are there for a reason. Even so, many firms have poor password protection - like "Password1234." These are easy for hackers to figure out. Instead, come up with better, multi-faceted authentication. Stronger passwords are a must, but you can add in a security question, a computer ID (you can only access the account from your computer, for example) or even biometrics, like a fingerprint or eye scan. Most importantly, don't write your passwords down on a piece of paper and tape it to your computer monitor.
3. Improved training
If you work with other financial advisors or employees in the same office, you should focus on improved training to beef up your cybersecurity. As noted previously, many breaches are the direct result of employee errors. So, train your team to have strong password protection, common sense online and an understanding of cybersecurity.
4. Detailed policies
The next step you can take is to revamp your existing policies and procedures. How your firm responds to suspicious emails, how you manage third-party vendors and even your social media policy can all affect cybersecurity.
One great example came from financial planner Stacy Francis. Francis explained to CNBC how her firm's policy protected one client from identity theft. Francis received an email supposedly from the client asking for a wire transfer.
"It said she was jumping on a plane now and that she needed the money wired to a specific bank, with a routing number, for when she landed," she told the media outlet. "After we didn't respond to the first email, the second one immediately after said, 'Are you not in the office?' - which is every advisor's fear, that their client thinks they're out on the golf course."
Thankfully, Francis' policy - that requires a notarized letter and a personal phone call before transferring money to a third party - ensured that this email went ignored.
Emphasize security, build trust
These four tips will help you improve cybersecurity, but the process doesn't end there. You will always have to focus on security, especially over time. Constantly review your polices and procedures and ensure the best technology is in place to protect clients.
Best of all, a more secure firm will breed client trust, which is exactly what is needed in this industry.
Copyright ©2015 Cannon Financial Institute - All Rights Reserved