“What advisory firms should be doing on cybersecurity” — Financial Planning, by Tobias Salinger.
Results of Arizent’s latest cybersecurity survey of financial services business leaders revealed that “Wealth Managers have fallen behind other financial firms in shoring up their cybersecurity.”
Only 21% conduct so-called white hat exercises in which their own team or an outside consultant attempts to hack into the infrastructure. A little more than a quarter, 28%, cut off access when they’re making patches in their systems, and just 34% periodically rehearse what they would do in the event of a breach.
Brian Edelman, FCI CEO & Cybersecurity Expert, advised that firms should put a cybersecurity program into place, in which policies & procedures are well defined and technical safeguards are evidenced. An Incident Response Plan (IRP) is a critical component of your cyber program and should be tested regularly along with execution of an annual Security Risk Assessment.
“The authorities will accuse the advisor of being the bad actor first,” said Edelman. “You’re not only going to be a victim of the bad actor, but you’re going to be a victim of the system. We call that double victimization. Wealth managers who take the necessary steps to protect their clients and document them fully could get ahead of the threats of attack and the risk of costly enforcement actions.”
Financial Planning, by Tobias Salinger