With cyber threats continuing to shift and adapt to existing cybersecurity protections on a near-monthly basis, helping advisors and firms stay ahead of these challenges to keep their clients and practices secure will take a concerted, industry-wide effort.
With this in mind, the Financial Services Institute (FSI) team is pleased to play a central role in facilitating productive dialogue with industry experts to help our members win the ongoing battle against cybercriminals.
We brought together a broad range of cybersecurity professionals from our member firms and partners last year to develop a guide on some of the most pressing issues in the cybersecurity space.
And we’ve followed up that effort with a series of webinars throughout October – which is also Cybersecurity Awareness Month – that have provided our members with opportunities to learn about the latest cyber developments from leading experts in the field.
Following are some of the key takeaways from these discussions and materials:
Overcoming Cyber Risks from the Shift to Remote Work
After 18 months of the current remote / hybrid work environment, many members of the industry have adapted to our ‘new normal.’
However, as our recent cybersecurity expert panel discussed, remote work also exposes vital resources to increased risk of a cybersecurity event or breach, as financial professionals generally do not have the same security level at home as they do at the office.
The panel, including Corey Moscoe, Chief Information Security Officer at SEI; Scott MacDougall, Global Head of Threat Intelligence at BNY Mellon; and Sid Yenamandra, Founder and CEO of Entreda, was moderated by Frank Smith of First Command Financial Services.
Discussions touched on issues such as the use of unsecured Wi-Fi networks and personal devices, as well as lackluster physical security practices in public places.
In addition to using the best tools available, the experts suggested that getting “back to basics” is critical to protect clients’ privacy and data as more financial services providers work remotely.
While it may seem simple, employing multi-factor authentication, regularly changing passwords and remaining diligent about suspicious or unexpected digital requests go a long way to mitigating general cyber threats.
The Big Business of Ransomware
As Mark Schlesinger, a senior technical fellow with Broadridge Financial Solutions, noted during another Cybersecurity Awareness Month webinar, malicious actors ranging from individuals to organized groups to nation-states have upped the ante in recent years, leading to an unprecedented level of ransomware attacks. “Ransomware has become a really big business,” Schlesinger said.
Fortunately, said the Broadridge team, the media attention garnered by the most egregious cyber-attacks has brought best practices regarding controls and protections into the national conversation.
Several mitigation techniques can help address the complex threats associated with a cybersecurity breach that should always be top of mind for financial professionals.
In addition to deploying anti-virus and anti-malware software as standard on all devices that can access client information, the report recommended utilizing cloud-based services to wipe laptops or mobile devices if they are lost or stolen.
Notably, the experts who authored our 2020 cybersecurity guide suggest creating a written cybersecurity checklist, including inventory and assignment of all devices used, so that firms can quickly and easily identify potential issues – as well as possible responsible parties – during a cybersecurity event.
Mr. Schlesinger echoed this suggestion, noting that developing a detailed plan well before a cybersecurity event or breach can make all the difference in a firm’s response. These plans should include clearly defined roles and responsibilities for all active members of the response team, including spokespeople for clients, media and regulators, he said. Regular drills and practice can also be highly effective in preparing organizations to respond in the unfortunately likely event that a breach happens to them.
SEI, one of our Cybersecurity Awareness Month partners, notes that “the inevitability of cyberattacks does not need to be an inevitable disaster to a business.”
However, to avoid this disaster, firms should develop exacting data collection and structuring programs, according to Justin Estadt, Head of Product at SEI IT Services. Precise data enables precise outcomes — and gives security teams a chance to stop bad actors before they can do lasting damage, Estadt explained.
The experts agree that when combined, these best practices, a well-designed plan and a meaningful data collection and structuring system can position firms to stop or diminish the impact of a cybersecurity breach.
The constantly evolving threat from bad actors around the globe compels us to regularly enhance our efforts to protect our systems, data and clients. At FSI, we are committed to working with our members and leading experts across the country to help protect Main Street American investors’ personal and financial data, wherever and whenever attacks may occur.
Dale E. Brown is President and CEO of the Financial Services Institute, the leading advocacy group and industry association for independent financial services firms.