Financial advisers are changing their systems and procedures
to protect clients and their own firms from the rising incidence of
cybersecurity breaches. Advisers are taking such steps as verifying money
requests, being more careful about passwords, banning client data from laptops
and conducting annual cybersecurity audits to make sure they are protected from
online criminals.
Heron Financial Group has taken the aforementioned steps,
and now its executives are working to make their customer relationship
management system more secure. They also are looking to buy cybersecurity
insurance, which increasingly is being offered by the same firms that provide
advisers with errors and omissions policies.
In two instances this year, someone took over a client's
personal e-mail account, tracked emails from Heron Financial Group and then sent
e-mails appearing to be from the client asking for funds to be wired. The
firm's staff recognized something was off in the language of the e-mail and
called the clients, foiling the fraud.
In fact, cybersecurity has become a top business issue for
many financial advisers as attacks against financial service firms are becoming
more frequent and widespread. The Securities and Exchange Commission even
stepped in four months ago issuing a detailed list of questions it
may ask advisory firms when they are examined.
Compliance professionals are getting the message.
Three-quarters of financial compliance professionals listed cybersecurity as
one of the firm's top issues in 2014, according to a recent survey by
the Investment Adviser Association, ACA Compliance Group and Old Mutual Asset
Management. Only 14% feared cybersecurity issues in 2013.
Many firms are still in the early stages of putting together
programs to judge their risks and crafting the appropriate protocols to detect,
respond and recover from cyber threats. Many advisers have had threats or heard
about increasing problems this year and are being more vigilant about
implementing the policies and procedures they already had in place to protect
client data.
It's important that advisers educate all their employees
about cybersecurity procedures because the firm is only as safe as its weakest
link, he said.
Click
here to access the full article on Investment News.