Concerns over data security continue to escalate as reports about highly visible cyber breaches pepper the news media. For financial advisors, cyber breaches can be high stakes blunders that can expose clients to identity theft and financial hardships.
Cyber breaches can also harm advisors’ reputation, but a variety of strategies can be implemented to block hackers.
Over the years, high profile companies such as JP Morgan Chase, Home Depot, Target, and Blue Cross and Blue Shield provider Anthem announced that their client data had been breached.
More recently data security was thrust back into the spotlight when WikiLeaks published 19,252 emails from senior members of the Democratic National Committee that pointed to the organization discussing practices that favored Hillary Clinton over Bernie Sanders during the party’s presidential primary. The committee is required to be neutral.
The email leak caused DNC chairwoman Debbie Wasserman Schultz to resign. Shortly afterward, other senior committee members also resigned. The email hack is also complicating efforts to foster party unity as Sanders supporters feel their candidate has been treated unfairly.
In the finance industry, regulators emphasize data security and routine examinations often include scrutiny of financial advisors’ data practices, including records of employees completing training intended to thwart hacking. Routine exams may also assess procedures for employees to report suspected data breaches and the identities of technology employees who are primarily responsible for online security.
With those points in mind, it’s clear that financial advisors need to constantly seek ways to strengthen their data security. Most firms focus on technology that filters malicious emails and prevents employees from downloading harmful attachments.
Technology can also block malicious websites and scan files for viruses. Yet, in many cases, the weakest link in cyber security isn’t technology. Rather, it is employees.
Indeed, a variety of cyber scams fall into the category of social engineering, which involves trying to make employees inadvertently assist in breaching data security.
In its simplest form, it can involve having a criminal call a technology department and claim to be a police officer who urgently needs password information to conduct an ongoing investigation. In other instances, criminals may engineer emails with malicious files that can slip past filters and then be downloaded by employees.
Criminals can also seek out computers that are protected with weak passwords and they may even look for instances of employees having written their passwords on documents kept near their computers.
When considering that a simple slipup by an unsuspecting worker can lead to a costly data breach, advisors should make cyber security training a priority for all employees. Cyber security training can teach employees how to detect bogus emails. One such strategy involves looking for misspelled names or URLs in emails that include the names of legitimate companies but include other words or letters so that the addresses take web surfers to malicious websites.
Advisors may find that outsourcing education to online training companies is the most efficient way to help employees become cyber savvy. Online training programs should also quiz employees to make sure that workers understand each lesson. The quizzing can include asking employees to practice spotting suspicious emails or bogus URLs.
Most training programs take less than 30 minutes and provide the added benefit of tracking which employees have completed the program. Some firms may even test employees by sending out suspicious emails. Employee training should also be ongoing process and supplemented by an internal company newsletter that reinforces training by providing recent examples of cyber scams.