Today's independent financial advisors wear many hats, from portfolio manager to behavioral coach to chief financial officer of their own businesses. But there's another responsibility that has become increasingly critical in recent years—that of identity protector. With major security breaches and other smaller-scale hacks on the rise, advisors need to understand where they may be vulnerable and what steps they should take to close any open doors to their clients' sensitive information. It's a big job, and it's hard to know where to begin.
With this in mind, let's look at some of the cybersecurity issues regulators are focusing on, as well as considerations for protecting your clients and your business.
FINRA's Meeting of the Minds
Earlier this year, we attended the 2016 FINRA Cybersecurity Conference, which was a great opportunity to gather with industry peers and regulators and discuss the cybersecurity challenges and risks we face on a daily basis. One theme was abundantly clear. That is, we are all in this together and have a common goal: to protect clients from the constant onslaught of scams and the bad actors that perpetrate them. Being successful at this? Well, that's a different and much larger story.
Cybersecurity blueprints. As you might expect, the presenters and panelists at the FINRA conference highlighted the scams that financial professionals are seeing now or eventually will see. Perhaps the most valuable takeaway was how financial companies can approach implementing a cyber-risk program using the plethora of best practices and resources that are publicly available. There was a lot of discussion and guidance regarding cybersecurity frameworks—in particular NIST or ISO2 7001—and how advisors can use these frameworks as "blueprints" to identify and mitigate risk exposure throughout their organizations.
Information sharing. Another key topic was cyber-threat information sharing, which is quickly becoming an invaluable and necessary lifeline that enables us to proactively protect our most important assets. The Financial Services Information Sharing and Analysis Center is one resource that financial institutions, broker/dealers, and regulators can use to share intelligence about threats and the actors associated with them.
Preventing common attacks is very much possible when you have the vital intelligence. Understanding the importance of this, the Department of Homeland Security is moving forward with the Cybersecurity Information Sharing Act. The biggest piece of cybersecurity legislation we've seen, it was passed just last year and includes preliminary guidance on how the private sector and government will communicate threat data. (To learn more, check out this post on the Data Protection Report.)
The SEC's Focus on Cybersecurity