By Gretchen Halpin, Beyond AUM
As humans, the urge to protect ourselves is built into our DNA. Just like our early ancestors carried spears and shields to keep themselves safe from predatory animals, we wear seatbelts, install home security systems, and keep mace handy when we’re walking alone after dark. But in 2022, there is another dimension we must take precautions against, too—one that can’t be seen.
According to the Allianz Risk Barometer, the biggest concern for companies globally in 2022 is cyber attacks. While cyber concerns have been around for decades, they have understandably become more of a threat as society advances technologically. More recently, cyber risks to businesses have multiplied as more and more employees have adapted to remote work since the start of the pandemic in 2020.
As a financial advisor, you understand the importance of security. After all, you deal with sensitive information and clients’ financial data all day, making it especially critical to take precautions against potential cyber attacks and remain vigilant about your own cybersecurity. Here are five measures you can take to protect your financial advisory firm from cyber threats.
1. Secure your devices and networks.
From installing anti-spyware, anti-spam, and anti-virus security software to setting up a firewall, it’s critical to make sure your devices and network are secure. This includes frequently updating your operating software, using a spam filter, and working over a secure private network.
2. Encrypt and backup important data.
Encryption is the process of converting plaintext to code before sending it over the internet, which significantly reduces the risk of your data being stolen or tampered with. You can encrypt your device’s hard drive (Windows, Mac) to protect your files if lost or stolen.
You can also protect yourself from network surveillance and online hacking by turning on encryption through your router settings or, if you’re on a public network, with a virtual private network (VPN). There are many reputable VPN services that do not keep logs or sell user information. If you’re not comfortable with using a VPN, you should always ensure you’re using the https version of all websites. You can set this in your preferred browser’s settings, or browser plugins like HTTPS everywhere can help avoid man-in-the-middle attacks over shared networks by rerouting traffic over encryption.
3. Cultivate a security-focused workplace culture.
You’re only as strong as your least cyber-secure link. In addition to putting your best foot forward when it comes to protecting your firm, it’s of critical importance to encourage a work culture that is equally security-focused. Conduct monthly or quarterly cybersecurity trainings to ensure your employees are knowledgeable about everything from phishing to malware.
While many large RIAs and BDs perform penetration testing and spoofing/phishing tests on their own teams to benchmark and evaluate cyber readiness, it’s a good rule-of-thumb for smaller and midsize firms to ask team members to avoid clicking links or downloading attachments from people you don’t recognize. Strange internal email requests from team members should be followed up via a different channel, like giving them a direct call or chatting them, in case of a compromise.
You should also ask your team to practice good cyber hygiene. Avoid joining random unsecured wi-fi networks, don’t share passwords in plaintext, don’t open and click emails you don’t recognize, make sure all devices are encrypted and have strong passwords. There’s a laundry list, but it becomes a well-adopted habit if the systems are in place.
4. Don’t repeat passwords and take advantage of multi-factor authentication.
This may seem obvious, but too often people reuse passwords out of ease or habit. We get it—in this day and age, it feels like we’re expected to have a username and password for everything. How is anyone supposed to keep track of them all? On the other hand, imagine if one of your accounts was hacked and it happened to be an account with the same password you used for your RIA firm’s website? Worse still, what if you had also used that password for your portfolio management login? You can see how things could spiral quickly. While it may be inconvenient, it’s certainly worth the extra trouble to ensure that you are using strong and unique passwords for each and every account.
An easy best practice is to use a password manager – like 1Password or LastPass – to secure your devices by generating strong, random passwords for all of your site credentials. Ideally, you would only need to know the master password to log into your “vault” and let the password manager handle the rest.
Another easy way to protect yourself against hackers or cyber attacks is by setting up multi-factor authentication, a security process that requires at least two proofs of identification before allowing you to log in to a site. For example, many social media platforms feature an option that requires you to enter a code that is text messaged to your phone or with a token created by a 2FA app (e.g., Google Authenticator) before allowing you to access your account.
5. Revisit your business insurance policy.
A single cyberattack can cost a company upwards of $200,000, while 60 percent of smaller businesses fold within 6 months of a hack or data breach.
While cyber attacks are on the rise, many business insurer policies have excluded cybersecurity incidents from general liability coverage or errors-and-omissions (E&O). Contact your business insurance provider and add cybersecurity insurance to your policies, if you don’t have it already. Many times this can be bundled with a technology E&O policy, which covers human error or data loss outside of hacks or data breaches.
Beyond AUM knows all of the cybersecurity considerations that go into every beautifully designed website, client-segmented email list, and virtual Zoom webinar. As a financial advisor, you have your clients to focus on and the last thing you need is to spend your energy worrying about cybersecurity. Beyond AUM can help in that department, especially when it comes to your marketing and digital platforms. Reach out to their team or contact us to learn more.