What financial advisors should know about digital security
No advisor wants to have to tell their clients a security breach has left them, their assets and their information vulnerable. While advances in firewalls, site security and data storage have increased protection of sensitive data, the human error factor remains the greatest risk to many practices.
Human error is often not a result of malicious intent from an employee, but rather a moment of carelessness from an advisor or staff member that puts a practice at risk.
Texas-based advisor Cody Siebert offers a unique perspective to this problem facing the industry today. With more than three decades in the financial services industry, Siebert is also active in Infragard, an organization developed by Department of Homeland Security and the Federal Bureau of Investigations.
“As advisors, we are responsible for two things,” Siebert said about the role of cybersecurity. “One is protecting the client data from being breached, and the other is protecting client assets from being pilfered illegally away.”
Siebert’s background working with Infragard provides her a level of knowledge that most advisors do not have in this field. Without ongoing education on the topic, it can be easy to become stagnant and unaware of newer threats, but there are some foundational elements all advisors can establish in their practice.
“While there are many firewalls and checks and balances, the largest cause of a cyber breach or a hacking breach is actually the employees of the firm themselves,” Siebert said. “That’s your highest risk, because they assume that going onto this website or that website wouldn’t be harmful. Once the employee even clicks on before entering a website, the breech can potentially occure from the inside to allow surpassing system securities put in place.“
As an advisor and employer, creating a positive workplace is important, opening up the non-compliant opportunity for employees to relax on policies. Those who want to steal the data are increasingly diligent in their pursuit of the information, so a clear policy and commitment to safe practices are important.
“What we have to do as advisors is really get firm and say, ‘You as an employee cannot go to any website unless it’s on the list of what we have approved. Period’. Wanting to do something personally, even going to their own personal email, can breach the entire firm,” Siebert said. “And they should not be allowed to do that on your firms systems.”
The need for security expands beyond just the computer at each desk, encompassing the entire digital footprint of the firm. Awareness and expectations can help create an environment focused on protecting client data. Encourage clients and employees to use their own cell direct devises to access data on their own networks if they need to check information while in your office.
“Also don’t allow your staff use the WiFi in your office to get on their personal device, because this too goes through your network, because all of that is breachable,” Siebert said. “Once you get on the internet in general, it’s like a free freeway of traffic. Anybody can drive the car. There’s no lock out. So that’s the first and foremost thing, is to keep things secure.”