The North American Securities Administrators Association issued an alert Wednesday urging investors to talk to financial advisors about the cybersecurity protections their firms have in place.

Nasaa President William Beatty said customers should ask their advisors these questions:

• Has the firm addressed which cybersecurity threats and vulnerabilities may impact its business?

• Does the firm have written policies, procedures or training programs in place regarding safeguarding client information?

• Does the firm maintain insurance coverage for cybersecurity?

• Has the firm engaged an outside consultant to provide cybersecurity services?

• Does the firm have confidentiality agreements with any third-party service providers with access to the firm’s information technology systems?

• Has the firm ever experienced a cybersecurity incident where, directly or indirectly, theft, loss, unauthorized exposure, use of, or access to customer information occurred? If so, has the firm taken steps to close any gaps in its cybersecurity infrastructure?

• Does the firm use safeguards such as encryption, antivirus and anti-malware programs?

• Does the firm contact clients via e-mail or other electronic messaging, and if so, does the firm use secure e-mail and/or any procedures to authenticate client instructions received via e-mail or electronic messaging, to work against the possibility of a client being impersonated?

“As a customer, you have the right to ask these questions and get answers you can understand in writing. This is all part of the process of doing your due diligence and becoming an informed investor,” said Beatty who also serves as Washington (State) Securities Director.

Last fall, Nasaa reported that 62 percent of state-registered investment advisor firms participating in a Nasaa pilot survey had undergone a cybersecurity risk assessment, and 77 percent had established policies and procedures related to technology or cybersecurity.