The most cutting-edge technology cannot contain one of the biggest cyber hacking threats on Wall Street: sloppy actions by brokers and other industry employees.
Brokerage firm workers have taped sensitive passwords to their computer monitors and stored them in binders labeled "passwords," according to officials from the Financial Industry Regulatory Authority (Finra), Wall Street's industry-funded watchdog.
Some firms give login information to temporary workers and forget to cut them off after their assignment is complete. At the regulator's conference in May, examiners traded tales of brokerage firm behaviors they had found that could lead to security breaches.
One firm, for example, used the very-guessable "username" as the username and "password" for the password that gave access to the company's router, enabling access to the firm's sensitive data.
The problems are coming to light as major online security breaches in other industries are making Wall Street jittery and as financial services industry regulators are focusing on these issues.
Information security professionals said in an interview that Wall Street's demand for their expertise has exploded, especially among small brokerages that do not have safeguards in place. At the Finra conference, the cyber-security session was so packed many professionals sat on the floor
Security breaches could trigger privacy law violations and trouble with financial regulators, which have noted a spate of breaches in other sectors and companies, including eBay Inc, Target Corp, Neiman Marcus Group LLC and other retailers.
Finra and the U.S. Securities and Exchange Commission are looking into measures that brokerages and asset managers have put in place to safeguard against cyber attacks. On Tuesday, the top Massachusetts securities regulator announced cyber audits of state-registered financial advisers.
Train, Don't Complain
The heightened focus on cyber security is sparking change at smaller firms, which often do not have procedures or systems in place to prevent hacking, said Joseph Rivela, chief strategist for Breach Intelligence LLC, a Farmington, Connecticut information security firm. "Many firms are far behind the curve," Rivela said.