Guest Blog: 5 Cybersecurity Precautions to Improve Your Digital Safety

By Gretchen Halpin, Beyond AUM

As humans, the urge to protect ourselves is built into our DNA. Just like our early ancestors carried spears and shields to keep themselves safe from predatory animals, we wear seatbelts, install home security systems, and keep mace handy when we’re walking alone after dark. But in 2022, there is another dimension we must take precautions against, too—one that can’t be seen.

According to the Allianz Risk Barometer, the biggest concern for companies globally in 2022 is cyber attacks. While cyber concerns have been around for decades, they have understandably become more of a threat as society advances technologically. More recently, cyber risks to businesses have multiplied as more and more employees have adapted to remote work since the start of the pandemic in 2020.

As a financial advisor, you understand the importance of security. After all, you deal with sensitive information and clients’ financial data all day, making it especially critical to take precautions against potential cyber attacks and remain vigilant about your own cybersecurity. Here are five measures you can take to protect your financial advisory firm from cyber threats.

1. Secure your devices and networks.

From installing anti-spyware, anti-spam, and anti-virus security software to setting up a firewall, it’s critical to make sure your devices and network are secure. This includes frequently updating your operating software, using a spam filter, and working over a secure private network.

2. Encrypt and backup important data.

Encryption is the process of converting plaintext to code before sending it over the internet, which significantly reduces the risk of your data being stolen or tampered with. You can encrypt your device’s hard drive (Windows, Mac) to protect your files if lost or stolen.

You can also protect yourself from network surveillance and online hacking by turning on encryption through your router settings or, if you’re on a public network, with a virtual private network (VPN). There are many reputable VPN services that do not keep logs or sell user information. If you’re not comfortable with using a VPN, you should always ensure you’re using the https version of all websites. You can set this in your preferred browser’s settings, or browser plugins like HTTPS everywhere can help avoid man-in-the-middle attacks over shared networks by rerouting traffic over encryption.

3. Cultivate a security-focused workplace culture.

You’re only as strong as your least cyber-secure link. In addition to putting your best foot forward when it comes to protecting your firm, it’s of critical importance to encourage a work culture that is equally security-focused. Conduct monthly or quarterly cybersecurity trainings to ensure your employees are knowledgeable about everything from phishing to malware.

While many large RIAs and BDs perform penetration testing and spoofing/phishing tests on their own teams to benchmark and evaluate cyber readiness, it’s a good rule-of-thumb for smaller and midsize firms to ask team members to avoid clicking links or downloading attachments from people you don’t recognize. Strange internal email requests from team members should be followed up via a different channel, like giving them a direct call or chatting them, in case of a compromise.

You should also ask your team to practice good cyber hygiene. Avoid joining random unsecured wi-fi networks, don’t share passwords in plaintext, don’t open and click emails you don’t recognize, make sure all devices are encrypted and have strong passwords. There’s a laundry list, but it becomes a well-adopted habit if the systems are in place.

4. Don’t repeat passwords and take advantage of multi-factor authentication.

This may seem obvious, but too often people reuse passwords out of ease or habit. We get it—in this day and age, it feels like we’re expected to have a username and password for everything. How is anyone supposed to keep track of them all? On the other hand, imagine if one of your accounts was hacked and it happened to be an account with the same password you used for your RIA firm’s website? Worse still, what if you had also used that password for your portfolio management login? You can see how things could spiral quickly. While it may be inconvenient, it’s certainly worth the extra trouble to ensure that you are using strong and unique passwords for each and every account.

An easy best practice is to use a password manager – like 1Password or LastPass – to secure your devices by generating strong, random passwords for all of your site credentials. Ideally, you would only need to know the master password to log into your “vault” and let the password manager handle the rest.

Another easy way to protect yourself against hackers or cyber attacks is by setting up multi-factor authentication, a security process that requires at least two proofs of identification before allowing you to log in to a site. For example, many social media platforms feature an option that requires you to enter a code that is text messaged to your phone or with a token created by a 2FA app (e.g., Google Authenticator) before allowing you to access your account.

5. Revisit your business insurance policy.

A single cyberattack can cost a company upwards of $200,000, while 60 percent of smaller businesses fold within 6 months of a hack or data breach.

While cyber attacks are on the rise, many business insurer policies have excluded cybersecurity incidents from general liability coverage or errors-and-omissions (E&O). Contact your business insurance provider and add cybersecurity insurance to your policies, if you don’t have it already. Many times this can be bundled with a technology E&O policy, which covers human error or data loss outside of hacks or data breaches.

Beyond AUM knows all of the cybersecurity considerations that go into every beautifully designed website, client-segmented email list, and virtual Zoom webinar. As a financial advisor, you have your clients to focus on and the last thing you need is to spend your energy worrying about cybersecurity. Beyond AUM can help in that department, especially when it comes to your marketing and digital platforms. Reach out to their team or contact us to learn more.

Privacy Notice

We recognize the importance of protecting our clients’ privacy. We have policies to maintain the confidentiality and security of your nonpublic personal information. The following is designed to help you understand what information we collect from you and how we use that information to serve your account.

Categories of Information We May Collect

In the normal course of business, we may collect the following types of information:

  • Information you provide in the subscription documents and other forms (including name, address, social security number, date of birth, income and other financial-related information); and
  • Data about your transactions with us (such as the types of investments you have made and your account status).

How We Use Your Information That We Collect

Any and all nonpublic personal information that we receive with respect to our clients who are natural persons is not shared with nonaffiliated third parties which are not service providers to us without prior notice to, and consent of, such clients, unless otherwise required by law. In the normal course of business, we may disclose the kinds of nonpublic personal information listed above to nonaffiliated third-party service providers involved in servicing and administering products and services on our behalf. Our service providers include, but are not limited to, our administrator, our auditors and our legal advisor. Additionally, we may disclose such nonpublic personal information as required by law (such as to respond to a subpoena) or to satisfy a request from a regulator and/or to prevent fraud. Without limiting the foregoing, we may disclose nonpublic personal information about you to governmental entities and others in connection with meeting our obligations to prevent money laundering including, without limitation, the disclosure that may be required by the Uniting and Strengthening America Act by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001 and the regulations promulgated thereunder. In addition, if we choose to dispose of our clients’ nonpublic personal information that we are not legally bound to maintain, we will do so in a manner that reasonably protects such information from unauthorized access. The same privacy policy also applies to former clients who are natural persons.

Confidentiality and Security

We restrict access to nonpublic personal information about our clients to those employees and agents who need to know that information to provide products and services to our clients. We maintain physical, electronic and procedural safeguards to protect our clients’ nonpublic personal information. We respect and value that you have entrusted us with your private financial information, and we will work diligently to maintain that trust. We are committed to preserving that trust by respecting your privacy as provided herein.