Covid has forced many advisors and reps to work from home over the past year. With little time for planning or preparation, firms and financial professionals did the best they could, cobbling together plans and systems in order to continue doing business in an interrupted fashion.
But turning on a dime to continue operations 19 months ago may have left gaps in many firms’ technology and cybersecurity policies and safeguards just as financial cyber attacks have become more of a threat than ever—rising 41% in the first half of the year, according to LexisNexis Risk Solutions.
“As many of us are returning to the office, now is a good time to take stock of your cyber hygiene,” Charles Schwab Corp. said in a new prep list. The list is designed for financial professionals who want to make sure they fill in those cybersecurity gaps with plans that will stand up to regulatory scrutiny.
What is clear is that the transition back to the office after 19 months at home requires more than just turning off your laptop and bringing it to work with you.
There are five main cybersecurity and operational issues to consider when transitioning your team back into the office, Schwab said.
Whether you are transitioning back to a full-time in office work schedule or a more hybrid schedule, at the top of your list should be communicating your expectations and policies regarding cybersecurity so that employees and independent advisors know what your firm expects, Schwab said.
“For many firms, hybrid models where employees split time between working remotely and in person will be a part of the future. Switching back and forth between workstation setups can create the temptation to file-share and email using personal accounts or save documents to removable media. This can introduce a great deal of risk, and it may be beneficial to err on the side of caution and ban these practices,” Schwab said.
Decide what, if any, type switching and file-sharing will be permissible and clearly communicate your policies up front, to avoid confusion and missteps, the report said.
It is also a time to look for vulnerabilities. While the hybrid environment worked well for many firms and advisors—some of whom said they didn’t miss a beat in terms of servicing clients—it is rife for an increase in cybercrime, Schwab said.
For instance, the Securities and Exchange Commission said examiners are finding “an increase in the number of cyber-attacks against SEC-registered investment advisers and brokers and dealers using credential stuffing to access client accounts using compromised client login credentials, resulting in the possible loss of customer assets and unauthorized disclosure of sensitive personal information."
The failure to proactively mitigate the risks of credential stuffing proactively “significantly increases various risks for firms, including but not limited to financial, regulatory, legal, and reputational risks, as well as, importantly, risks to investors,” the agency said.