Andrea McGrew has been a compliance officer for 14 years at USA Financial, so she's seen plenty of missteps in her time. But when it comes to cybersecurity, she admits she's "never been so afraid" for her advisor clients.
"We're seeing increases in phishing, hacking, all types of nefarious attacks" on her firm and its independent contractor advisors. "It's a terrifying world to live in," says the firm's chief legal and compliance officer, especially for small business owners like independent advisors. And even if you've been immune by chance or design from successful hacks, McGrew points out "you're only as good until the next criminal mind comes along."
The environment is particularly frightening for USA Financial's end clients, who tend to be retirees or near-retirees, she says, since they will have less time to recover from a hack that costs them real money.
To help protect its advisors, USA Financial "started at home" by hiring an outside cybersecurity firm (CBI, or Cyber Security Solutions, based near the broker-dealer's Michigan headquarters) to conduct penetration, phishing and social engineering tests of its own computer systems "to make sure we were safe." It took that first step so the broker-dealer/RIA firm could get a strong understanding of the protection tools and processes available, "pulling back the curtain so our advisors could understand what to do as well" to protect their firms' and clients' data.
Throughout the year USA Financial invites its advisors to multiple business-building conferences, and in the last two such meetings a cybersecurity element was included. "We passed along to them what we learned," and while following its recommendations would improve advisors' systems, McGrew says "we also told them we would highly recommend that they seek out companies" similar to CDI to do the same testing.
Related on ThinkAdvisor:
- Just Do It: A 2018 Year-End Action List for Advisors
- Why Phishing Scams Are Increasingly Targeting Financial Advisors
- T3 Event Shows How Advisors Can Keep Robots at Bay
McGrew admits that hiring such firms is "not an inexpensive proposition" and that while hiring these companies "isn't cheap, neither is a breach."
So what's the top cyber risks to advisors, even smaller ones? McGrew says the biggest threat is "email, still." The most common cyberattacks are phishing and social engineering (when hackers manipulate users into making security mistakes or giving away sensitive information). She says the research shows that email is used to deliver those attacks "96% of the time."