Why do financial advisors and wealth management firms need cybersecurity protections for their networks if they store all their data in the cloud? It's a question I get all the time.
The answer comes from this cautionary hypothetical tale: Let's say a midsized RIA firm uses a reputable, cloud-based CRM system that encrypts all data and stores it securely on servers, as it should. But at the same time, one of the firm's senior leaders isn't as circumspect as he should be when it comes to his email – even though he regularly accesses personally identifiable client information using work devices.
As a result, he clicks on something he shouldn't and unknowingly downloads a malware script, which ends up compromising a treasure trove of sensitive information, including client logins and passwords. None of this is the CRM provider's fault. The RIA acted improperly and should be liable for the damages.
The message? Data stored in cloud servers – no matter how secure – is not hermetically sealed. If a member of your team fails to protect networks and endpoints adequately, data will still be vulnerable to breaches.
The lesson here for independent broker-dealers, RIAs and their advisors is clear: Cybersecurity is an end-to-end problem that requires end-to-end solutions. That means even if you've done your due diligence and are confident that a third-party platform’s defenses are sound and meet all regulatory and compliance requirements, you still need robust protection for your networks and all the devices that access data.
Endpoints Are Still Vulnerable
According to a recent report, 64% of companies experienced one or more endpoint attacks that compromised data or IT infrastructure in the prior 12 months. That was up from 54% in 2017.
The data suggest that endpoints remain an attractive breach point for cybercriminals. This is no surprise. The problem is especially acute for larger companies and organizations, since more devices in use typically means more vulnerability.
Moreover, with workers increasingly untethered to an office, the variety of devices they use has expanded beyond laptops and desktop computers to include smartphones, tablets and even connected devices such as smartwatches. This gives cybercriminals an expanded number of targets and speaks to the need to either control the number of devices in use through stringent “bring your own device” management that keeps track of applications installed on all devices, or put into effect more robust endpoint solutions that monitor users’ devices continually for threats and vulnerabilities and implement remediations in real time.
Beware Of Weak Points On Your Network
Most wealth management firms appreciate the need to protect their IT infrastructure. What they are less keenly aware of is the sheer volume of connected equipment on their network that, because they don't provide access to sensitive data, can easily get overlooked but are nonetheless vulnerable to attack. Examples include smart speakers, printers and cameras.
Firms need to do a periodic inventory of all the hardware on their networks to determine whether each one serves a business purpose. If not, the clear course of action is to disconnect the piece of equipment.
Meanwhile, firms should also implement solutions that do much the same work as your endpoint protection, except on the network level. Namely, scan your network continuously for threats and automatically address them.
Get Your Own House In Order
For wealth management firms, the rationale for using cloud-based services to safeguard and store data is pretty evident – such providers could hold the key to streamlining your businesses, making the operations fast, efficient and more client-friendly than ever.
The cloud, however, by itself is not a cybersecurity magic bullet. Without firms being vigilant and following proper protocols and procedures, client data is just as vulnerable as ever.
Sid Yenamandra is the co-founder and CEO of Entreda, a provider of comprehensive cybersecurity solutions for independent retail financial advice firms and their affiliated advisors.