Since October is National Cybersecurity Awareness Month, this is a good time to reflect on the many high-profile security breaches that have made headlines this year.
Yahoo announced that the security breach it suffered back in August 2013 compromised every single one of its customer accounts. Up to 143 million Americans may have had their sensitive financial information compromised when Equifax was hacked. A detailed forensic analysis undertaken by the Securities and Exchange Commission (SEC) found that information was compromised when the regulator’s EDGAR system was hacked. The WannaCry cyber-attack caused global panic in May, and it was quickly followed by another international cyber-attack, which first hit computer systems in Ukraine and then spread to the U.S. and other countries.
That’s quite a list. In light of these jolting events, the most productive way for financial services and other highly regulated firms to observe National Cybersecurity Awareness Month is to ask themselves if they can answer “yes” to the question, “Are you doing all you can to protect your data properly?”
It’s no secret that cyber-attacks continue to become more sophisticated, and expansive. This past June, an international cyber-attack that first hit computer systems in Ukraine quickly spread to the U.S., Denmark, Australia, and other countries. That attack occurred only a month after the WannaCry cyber-attack caused panic around the world.
Colorado is on track to become the first U.S. state to mandate broker-dealers and fund managers to follow certain procedures to minimize the risk of data breaches by cyber-criminals. This development comes on the heels of New York’s cybersecurity requirements for banks, insurance companies, and other financial institutions regulated by the New York State Department of Financial Services, which went into effect this past March.
In light of the global WannaCry cyber-attack, the rising number of advisors breaking away from wirehouses need to place cybersecurity at the top of their list of priorities as they build their practices.
Approximately 65 advisory teams and individuals departed from wirehouses, established RIAs or independent broker-dealers last year, more than triple the number of breakaways in 2013, according to data from DeVoe and Company. The firm attributes this ongoing breakaway surge to the expiration of the many forgivable loans that wirehouses signed in order to retain or add advisors during the financial crisis of 2008-2009. Now that seven years has passed, and these loans are coming due, the advisors who were given these financial packages are considering their options.
The SEC’s Office of Compliance Inspections and Examinations (OCIE) recently released its national examination priorities for 2017.
While reviewing the regulator’s examination initiatives to protect investors—and the overall integrity of the U.S. capital markets—as the investment landscape continues to become more complex, we uncovered several SEC priorities that underscore the benefits of a turnkey approach to IT and cybersecurity.
In September 2016, the New York State Department of Financial Services (NYDFS) announced its plan for a first-in-the-nation cybersecurity regulation to help protect the state’s financial institutions and the consumers they serve. Then, three months later, after receiving feedback from financial institutions, industry representatives and other parties, the NYDFS scaled back its proposed regulation.
It’s understandable that the NYDFS put forth a plan to help protect financial services firms and their clients in the wake of a rapidly growing cybersecurity threat. It’s also reasonable that banking associations and other financial services industry organizations would lobby the NYDFS to loosen any potential rules so that they are less expensive and onerous for the firms they represent.
Proper security controls and vendor due diligence could have helped the broker-dealer avoid a $650,000 settlement with the Financial Industry Regulatory Authority (FINRA).
On November 14, a subsidiary of Lincoln Financial Group agreed to accept a $650,000 fine brought by FINRA to implement more robust security measures following a hacking that compromised the information of 5,400 clients. This case, over the firm’s safeguards for client data residing in the cloud, is a prime example of the risks firms take when they fail to implement strong security controls and properly assess their third-party vendors.
Their own devices may have played a role in the hack that shut down several major websites.
Why should wealth management firms care about yet another hack that temporarily downed a few websites? Because, this time, your clients care. After all, “the Internet of Things” affects everyone.
The Mirai botnet attack that recently prevented access to over 1,200 websites including Twitter, Amazon, Netflix and PayPal is unprecedented in technique and scope. It hijacked thousands of internet-enabled devices like cameras, DVRs, Smart TVs and refrigerators to flood the domain registration services provider Dyn Inc. with a massive distributed denial of service (DDOS) attack. Since Dyn provides domain name services to some of the largest companies on the web, the result was widespread.
Anybody, including wealth management clients, could own the devices that played a role in the hack. Moreover, a similar hack could just as easily crash the websites of banks, broker-dealers, custodians or even RIAs. And, although this incident may be the work of amateurs, experts agree that it likely will inspire others in the future. Here’s what advisory firms and their clients should know about this evolving threat.
Public, private and hybrid solutions offer distinct pros and cons for wealth managers.
By now you probably know that cloud computing delivers shared data and software resources on demand through the internet. But you might still be wondering about all the varieties of cloud platforms on the market. This primer explores those differences, and explains why External IT operates as something called a “private hybrid cloud,” which we believe is the best approach for independent wealth management firms.
Biggest data breach in history proves it. Your firm needs External IT's security awareness training.
Last Thursday Yahoo announced that hackers stole the personal information of over half a billion of its users, including usernames, passwords, birthdates, and answers to security questions. The Yahoo hack took place in 2014, and many are questioning how the biggest data breach in history could have gone undetected for two years.
The internet company’s woes should serve as a stark warning for wealth management firms about the vulnerability of client data, as well as the potential for regulatory scrutiny and damage to a firm’s reputation.