In recent years, companies in nearly every industry have started buckling down on data security to protect against elusive hackers and phishers. But after a Morgan Stanley employee was accused of accessing the data of a whopping 350,000 clients and enabling a hacker to do the same, it's apparent that internal threats have become an equally devastating danger in the finance world and beyond.
In a survey of 438 IT professionals in U.S.-based companies, 77 percent cited employees as their biggest security vulnerability. Yet, according to a Ponemon Institute study, 71 percent of employees reported having access to data they shouldn’t. These are scary statistics for any business -- but they’re especially frightening for those in the finance sector, where trust is paramount to advisor-client relationships and a company’s bottom line.
In the case of Morgan Stanley’s clients, the story appears to have turned out OK: The data was recovered, and no one has reported a financial loss as a result. But even though Morgan Stanley may have retrieved the data, mending client trust won’t be as easy.
Client Trust Is a Valuable Commodity
Financial advisory firms aren’t the only ones giving too many employees access to private client data, but they do stand to lose the most. Client trust is much more difficult to come by in the financial world. And simply being in the advisory business makes you a more attractive target to both internal and external hackers.
Despite major security breaches, consumers have started filtering back into retailers like Target and the Home Depot. But in finance, restoring your image takes much more time and money.
After the U.S. financial crisis, a majority of finance execs cited negative perception as the primary reason that business declined 27 percent. And years later, this perception persists. Combine this with the fact that, on average, financial institutions suffer a 6.1 percent loss of business after a breach, and you have the recipe for serious long-term damage.
While most advisory firms have at least some form of security to protect themselves from outside threats, internal security tends to be more lax. Because you and your team need access to client information, you might have an “open door” data policy in place to improve productivity. Your firm simply may not recognize the elevated risk of malicious or accidental exposure to sensitive company information. Either way, safeguarding client information should be your top priority.
Manage Data Access to Keep Your Clients’ Trust Intact
You don’t need a giant security team to protect your clients’ data. By rethinking the way you treat data internally, you can help avoid a situation like Morgan Stanley’s.