Financial Advisors and Wealth Management Firms Must Emphasize Cybersecurity Protection Now More Than Ever
Russia’s invasion of Ukraine is nothing less than tragic. It’s produced a senseless loss of thousands of lives, caused a mass migration, and resulted in billions of dollars’ worth of property damage.
This, of course, is not the first time Russia has acted out on the world stage in recent years. It annexed Crimea in 2014 and has long been a hub of cyberterrorism activity against Western countries, either by carrying out attacks itself or harboring those that do – including, experts suspect, the group responsible for disrupting the Colonial Pipeline last May.
Many believe that as the war continues, Russia’s cybercrimes will only escalate. Are U.S.-based independent financial firms or advisors likely targets for malicious actors on a global scale? Perhaps not. Still, as threats become increasingly sophisticated and cybercriminals search for additional victims, it makes sense for any business to harden its digital defenses.
Protecting Your Business
To that end, our industry can take steps to maximize our cyber-defense capabilities and establish protocols in the event of an attack.
Begin by focusing on the basics. Perform an inventory of your business systems, even if you are a sole practitioner who only uses one machine. This includes computers, printers, file servers or any other technology within the office. Importantly, make sure to equip those systems with the latest vendor patches.
Next, beef up credential/password protections. Put programs in place that ensure that computer system passwords meet certain requirements and detect whether those credentials end up on the dark web.
Other tips to keep in mind: never re-use passwords (especially between personal and administrative accounts), be sure to remove local administrative rights from your user account on your desktop and implement multi-factor authentication to protect your devices.
Finally, perform incident response drills. Doing this will help you react quickly to cyberattacks and give you the best chance to restore business operations without experiencing an extended disruption. When it comes to cyber readiness, it’s always best to over-plan.
Meanwhile, independent financial advisors can’t go it alone. Wealth management firms must be part of the solution by investing in a complete cyber security program, one that has a combination of in-house and third-party tools and capabilities to keep financial advisor businesses secure.
Ideally, this includes dedicated cyber consultants, a hotline to report actual or suspected incidents, data backup solutions, automated system monitoring, enhanced email security and, if all else fails, access to cyber risk insurance. Crucially, advisors need access to these resources at low rates. (There is no reason their firms shouldn’t be able to use their size to win competitive pricing.)
Additionally, independent wealth management firms must do more to harden digital infrastructure by focusing on the security, resilience and continuity of the systems supporting critical functions for their advisors. They also need a robust third-party risk management program that includes a thorough cyber review of all involved parties.
Firms and advisors can no longer kick the proverbial cybersecurity can further down the road. Not only are the stakes bigger than ever but regulators are actively looking to sharpen the rules governing cybersecurity.
Now more than ever, therefore, independent wealth management firms need to ask tough questions and make clear decisions on how to best protect financial advisors and end clients.
Clayton Chandler is Chief Information Security Officer at Advisor Group, one of the nation’s largest independent wealth management firms.
