Data breaches and cyberattacks against financial advisers are growing and getting more sophisticated by the day.
It is a big task, but financial advisers can not only keep their data secure and compliant in the cloud but also improve client experience.
Thankfully, although computing technology and protective software can be complicated, it does not take highly skilled computer literacy to make sure your clients’ data is kept safe.
While the financial services industry is largely governed by regulatory guidelines and requirements to ensure financial advisers stay compliant, there are an increasing number of factors beyond regulatory compliance that should be considered in optimising data security for your clients.
This is in addition to the onerous burden on busy practices for responsibility of knowing where data is stored and hosted, how it’s protected and whether this approach complies with Data Protection Laws as well, especially in light of the new GDPR (General Data Protection Regulation), which comes into effect in April 2018.
Mounting cyberattacks
A white paper by External IT published last year, found that financial advisers are vulnerable to attacks in three areas in particular:
There are a number of cost-effective tools available to help, like a highly secure online portal for data storage and client communication■ First, they tend to lack an official security policy and proactive auditing of security.
■ Second, employees are often able to move sensitive data to personal and home devices, with no accountability or tracking measures in place.
■ Finally, there tends to be a lack of any kind of disaster recovery or business continuity plans in place in case of emergency.
When you think about the growing complexity of advisers’ back-office operations - from performance reporting, portfolio management through to client relationship management software - hackers are able to exploit the complexity of those systems for massive gains.
You only need to look at the 11.5m documents leaked by Mossack Fonseca in the Panama Papers scandal, which broke last year.
Serious
How do you make sure you’re taking cybersecurity seriously?
First and foremost, you need to make sure you have a cybersecurity policy in place. Many practices are simply not fully aware how technological changes are creating significant security challenges for their business.
A common example of problematic data security is advisers using DropBox-style services to store clients’ and other people’s personally identifiable information on a third-party hosted web servers without adopting written policies about cybersecurity.
