Unfortunately, concern about cybersecurity has become commonplace. Electronic safety is rightfully on everyone’s minds.
Almost two-thirds of consumers worry about the data security practices of companies to which they provide personal and financial information.
Think about it. If your clients and prospects worry about shopping at major retailers, how do you think some may feel about giving their hard-earned dollars to a financial professional, who manages millions, if not billions, of dollars every day? While they may not be telling you, it is likely they worry your firm could be considered a prime target for cyber hacking, whether you work for a large firm or are a sole proprietor.
Who Initiates the Conversation?
So how do you handle the topic with your clients and prospects? Who initiates this important conversation? Do you wait for them to bring the topic up or do you address the topic of electronic safety head on? The latter is likely your best approach. This conversation should be just as important as other conversations you have with your clients, as well as prospects.
Research from the Financial Planning Association’s Research and Practice Institute shows that even though 80 percent of advisors say cybersecurity is a high priority for them, only 29 percent agree they are fully prepared to manage and mitigate the risks associated with cybersecurity.
Do you feel prepared and as though you fully understand the issues, as well as the risks, that are associated with cybersecurity?
While there are certainly regulatory fines for a lack of cybersecurity policies and procedures, any kind of cyber breach can be detrimental to your firm, the trust of your clients and prospects, not to mention extremely expensive.
As an advisor, you may have “errors and omissions” insurance to cover different forms of liability. Most of these policies, however, do not cover any form of cyber breaches.
As a result, more and more advisors are opting to purchase a cybersecurity rider on their errors and omissions policy to help cover items such as regulatory fines, lawsuits, credit monitoring and other expenses associated with a cybersecurity attack.
Clients and prospects entrust you with a lot of personal and financial information, not to mention their hard earned money. It’s extremely important to be strong protectors of their private information and their assets. Considering adding cybersecurity to your policy is a sound investment for both your clients and your practice.
Large and Small Firms are Both at Risk
Although you may work for a large firm that invests heavily in data security, larger firms also have more clients and, therefore, more assets. This can possibly increase the chance of a cyber attack.
On the other hand, smaller firms and sole proprietors may not have a dedicated team or person focused on data security. For this reason, a smaller firm may want to hire a network security firm that protects the office system around the clock with a strong firewall so they are not exposed either.
You should not only follow your broker-dealer’s requirements when it comes to cybersecurity process and procedures, but also review the SEC’s requirements from the Cybersecurity Examination Initiative and FINRA’s Cybersecurity Checklist to be sure you and your team members are meeting the necessary guidelines.
Additional Ways to Protect Your Clients and Practice
Keep in mind that even a simple email between you and your client or prospect can be vulnerable to a cyber attack. Since your email and your clients’ email accounts could potentially be hacked, if and when possible, minimize email.
Consider sending encrypted emails that contain any private or sensitive client information. While it does add an additional step for clients to open the email or attachments, the added layer of protection will likely be greatly appreciated.
Be aware of any out of the ordinary activities like multiple login failures. You should confirm all trade transactions verbally on the phone and always contact clients to check any suspicious activity. In addition, don’t ever use public Wi-Fi to conduct business.
If you do become victim to a cyber attack, be sure you contact both FINRA and your broker-dealer immediately.
When you do initiate the conversation with your clients about cybersecurity, explain to them the policies and procedures your firm, as well as the regulatory agencies, have in place.
Describe how you will protect their private information, where their sensitive data is stored, and who has access to their account information. You should also assure them that there are procedures in place so they will be quickly informed if there is any kind of breach. Be sure to answer any other questions they have for you to provide them with peace of mind.
The Bottom Line
With the heightened number of cyber attacks occurring so frequently, cyber threats are definitely an increased risk to an advisor’s business.
Even with the regulatory agencies continuing to focus on security threats, as cyber criminals get more creative, it is difficult for them to anticipate what threats lay ahead in the future.
In the meantime, your clients may become more concerned. Doing all you can to protect your clients from these potential threats should be of utmost importance. If you haven’t had this crucial discussion with your clients yet, there’s no time like the present.