Online threats are more of a reality than they ever have been. That is why TD Ameritrade brought in several speakers to their national conference in Orlando, Fla., called LINC to advise financial advisors on what to do.

Here is advice from three different speakers:

1.  Be prepared for cybercrime. 

“The breach is inevitable,” stated Theresa Payton, former White House CIO, cybersecurity authority, and expert on identity theft and the internet of things. She added, “When security breaches happen, they are so disastrous.”  Her advice was to know what is the most critical of all the data a business has. Focus on the top two areas and create different protection levels.  “Firewall it off,” she advised.

She recommended doing a “walk around” like she did for the thirteen branches under the President of the United States. Sometimes associates know the policies, but actually do other things with information, like take pictures of it, print it out or put in on a thumbnail drive.

The bad guys are out there, and they are changing little bits of code constantly which makes it super hard for the anti-virus companies to keep up. Payton said to picture the famous I Love Lucy scene when they cannot keep up with the candy on the conveyor belt in the factory. Every 90 seconds a new malware is created, she added.

Still, three quarters of breaches are due to the user being tricked. She joked that we have figured out it is not really a Nigerian prince that is leaving you money, but now they are getting smarter.

Payton predicts that ransomware will go up. There are even some cases where it makes sense to pay the bad guys. Explosionware is also an increasing risk. She told a story where hackers stole the executive team’s emails and threatened to dump them on the Internet. She advised asking if cybersecurity insurance will cover ransomware. Geofencing is another concern as the bad guys can gain a lot of data on a person and know their habits and location.

Your employees are going to mess up, so Payton recommended taking proper precautions, training your team and getting prepared for a breach because everything is hackable.

2.  Know what to do before a Cyber attack.

Craig Moreshead, director of compliance at Regulatory Compliance, advised creating a strategy from industry best practices. Using the Division of Investment Management Guidance Update 2015-02, he advised doing a period assessment. This includes knowing the nature, sensitivity and location of information. It is important to know that external and internal threats exist. He suggested hiring a company to send fake emails to associates to see how many will click on them. Likely many will make mistakes, so it becomes a good training exercise. Also, set up security controls and processes, know the potential impact of a breach and determine the effectiveness of the governance structure.

First « 1 2 » Next