Next, Moreshead recommended creating a strategy to prevent, detect and respond to threats. Answer these questions: Do you control access to systems and data? Do you use data encryption? Are you protected against a loss? Is your data backed up and retrievable? Do you have an incident response plan? For example, who investigates the problem? How will it be contained? Who brings in IT, legal counsel and a consultant firm?
To implement the strategy, he said to have written policies and procedures, staff training, company monitory and even client education. “Yes, the SEC mentioned client education,” said Moreshead. That is because there is some benefit in the form of breach prevention. Plus, it will be surprising how well the clients will positively respond to the education.
3. Make the hackers’ attempts less likely to succeed.
Brian Edelman, CEO of Financial Computer, is glad now that being prepared for cybersecurity is a requirement and function of the compliance team. The SEC has made the chief compliance officer responsible for this.
When designing an integrated cybersecurity plan, it does not have to be complicated, it just has to be in place, advised Edelman.
He recommended some best practices that include two-factor authentication; encryption on private information, especially related to client emails; managed antivirus/anti spyware; IT support; a firewall; educating staff and clients; and not connecting to an open Wi-FI. “Every phone has a built in hotspot. Use it,” instructed Edelman.
The regulators are looking to see that you made an attempt to protect information, as they know it might be impossible to protect everything.
“There are a whole series of things you can do,” said Edelman. Combining things makes it harder for the hackers.” He believes that at the end of this year the industry will be more secure than it ever has, but cybersecurity will always be evolving.
Mike Byrnes is a national speaker and owner of Byrnes Consulting, LLC. His firm provides consulting services to help advisors become even more successful. Read more at ByrnesConsulting.com and follow @ByrnesConsultin.