Regulation and Compliance Cybersecurity

Are you ready for the cybersecurity talk?

May 22, 2015 at 12:22 PM
Share & Print

It's a rare day when consumers don't read about another cybersecurity breach afflicting a U.S. business. Anthem, a large health insurer, announced that hackers stole sensitive personal information from 80 million of its customers. Not surprisingly, consumers are on edge about future attacks, as are financial-services regulators. In fact, the North American Securities Administrators Association (NASAA), released an alert encouraging consumers to discuss cybersecurity with their advisors.

 "The increasing reliance on technology in our daily lives could leave our sensitive financial information more vulnerable to unwanted viewing or theft without proper safeguards in place," said William Beatty, NASAA President and Washington Securities Director.

In September 2014, NASAA reported that 62 percent of state-registered investment advisor firms participating in a NASAA pilot survey had undergone a cybersecurity risk assessment, and 77 percent had established policies and procedures related to technology or cybersecurity.

"Investors should think about the safety of their financial information, and talk with their investment professionals about what steps firms are taking to safeguard client information," Beatty said.

To help investors with that discussion, Beatty suggests asking the following questions:

    • Has the firm addressed which cybersecurity threats and vulnerabilities may impact its business?
    • Does the firm have written policies, procedures, or training programs in place regarding safeguarding client information?
    • Does the firm maintain insurance coverage for cybersecurity?
    • Has the firm engaged an outside consultant to provide cybersecurity services?
    • Does the firm have confidentiality agreements with any third-party service providers with access to the firm's information technology systems?
    • Has the firm ever experienced a cybersecurity incident where, directly or indirectly, theft, loss, unauthorized exposure, use of, or access to customer information occurred? If so, has the firm taken steps to close any gaps in its cybersecurity infrastructure?
    • Does the firm use safeguards such as encryption, antivirus and anti-malware programs?
    • Does the firm contact clients via email or other electronic messaging, and if so, does the firm use secure email and/or any procedures to authenticate client instructions received via email or electronic messaging, to work against the possibility of a client being impersonated?

Guidance from the National Ethics Association: Make sure you have completed a cybersecurity assessment and that you have comprehensive policies and procedures in place to prevent a cyber attack. If you haven't done this yet, tap into resources or referrals available from your FMO, RIA, or Broker-Dealer. Most importantly, do not assume that a cyber attack will never happen to you. It can, and if it does, your response plan must be ready to go.

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Related Stories

Lawsuit: Schwab, BofA Failed to Protect Older Couple Scammed Out of $18.5M Globe Life Reports Extortion Threat Involving Customer Data Banks Brace for Era of Consumer Data Sharing Fidelity Reports Data Breach Hitting 77,000 Clients Wells Fargo Client Sues Over Data Breach How Advisors Plan to Use Tech to Boost Growth: Schwab

Resource Center

6 Steps to Help Clients with Estate Planning link

Guide

6 Steps to Help Clients with Estate Planning

Essential Estate Planning Terms for You and Your Clients link

Guide

Essential Estate Planning Terms for You and Your Clients

The Estate Planning Checklist link

Checklist

The Estate Planning Checklist