The December 2022 Inside Information edition highlighting “Data Security and Compliance” showcases Brian Edelman’s recommendations of the best ways to protect your tech stack and client data from bad actors:
- Cybersecurity is its own discipline independent of IT. Maintaining separation of cyber and IT duties is the best practice for security checks and balances
- Every firm needs to have an independent security assessment performed including Cyber Safeguard Evidencing and Scanning (CSES) to identify vulnerabilities for remediation
- Cyber assets must be inventoried and actively managed including formal decommissioning when no longer utilized
- Cybersecurity Awareness Training is key to educate advisory firm staff to prevent innocent clicks that open up security breaches
- Active cyber program management is crucial for preventing data breaches. Firms often discover too late that breach recovery, including cyber insurance claims, is more complex than anticipated. Especially when money transfer was involved, the firm itself becomes the primary suspect and must be prepared to disprove negligence to authorities.
Cybersecurity regulation requirements have become evidence-based, to better enforce fiduciary responsibility to protect private data. To help firms to minimize cyber risk and meet regulatory compliance, the National Institute of Standards & Technology (NIST) issued and updates cybersecurity framework protocols and best practices. When followed, the NIST framework supports comprehensive cybersecurity protection and positions firms to certify compliance.
“Of course, you have to meet all those cyber-related regulatory requirements, right? That means installing procedures and keeping track that you actually followed through on them, so you can show this evidence to a skeptical SEC or state auditor.” -Bob Veres, Inside Information
Brought to market as a solution when there was no other, Buckler is an app that enables firms to actively manage their cybersecurity program and meet evidence-based regulatory requirements. Buckler creates template cyber manuals that advisory firms can customize and use in their operations. The deep value of Buckler is that it maps every risk management action back to each regulation that requires it.
About Bob Veres’ Inside Information
Bob Veres is editor and publisher of the Inside Information interactive guide to trends and innovations in the profession and contributing editor and columnist for Financial Planning magazine. Mr. Veres has been named one of the most influential people in the financial planning profession by Investment Advisor magazine and Financial Planning magazine, was granted the Special Achievement Award for service to the profession by the National Association of Personal Financial Advisors, and the Heart of Financial Planning Distinguished Service Award from the Denver-based Financial Planning Association. Inside Information is published monthly. To subscribe: https://www.bobveres.com/amember/signup