It’s no secret that cyber-attacks continue to become more sophisticated, and expansive. This past June, an international cyber-attack that first hit computer systems in Ukraine quickly spread to the U.S., Denmark, Australia, and other countries. That attack occurred only a month after the WannaCry cyber-attack caused panic around the world.
Colorado is on track to become the first U.S. state to mandate broker-dealers and fund managers to follow certain procedures to minimize the risk of data breaches by cyber-criminals. This development comes on the heels of New York’s cybersecurity requirements for banks, insurance companies, and other financial institutions regulated by the New York State Department of Financial Services, which went into effect this past March.
In light of the global WannaCry cyber-attack, the rising number of advisors breaking away from wirehouses need to place cybersecurity at the top of their list of priorities as they build their practices.
Approximately 65 advisory teams and individuals departed from wirehouses, established RIAs or independent broker-dealers last year, more than triple the number of breakaways in 2013, according to data from DeVoe and Company. The firm attributes this ongoing breakaway surge to the expiration of the many forgivable loans that wirehouses signed in order to retain or add advisors during the financial crisis of 2008-2009. Now that seven years has passed, and these loans are coming due, the advisors who were given these financial packages are considering their options.
The SEC’s Office of Compliance Inspections and Examinations (OCIE) recently released its national examination priorities for 2017.
While reviewing the regulator’s examination initiatives to protect investors—and the overall integrity of the U.S. capital markets—as the investment landscape continues to become more complex, we uncovered several SEC priorities that underscore the benefits of a turnkey approach to IT and cybersecurity.
In September 2016, the New York State Department of Financial Services (NYDFS) announced its plan for a first-in-the-nation cybersecurity regulation to help protect the state’s financial institutions and the consumers they serve. Then, three months later, after receiving feedback from financial institutions, industry representatives and other parties, the NYDFS scaled back its proposed regulation.
It’s understandable that the NYDFS put forth a plan to help protect financial services firms and their clients in the wake of a rapidly growing cybersecurity threat. It’s also reasonable that banking associations and other financial services industry organizations would lobby the NYDFS to loosen any potential rules so that they are less expensive and onerous for the firms they represent.
Proper security controls and vendor due diligence could have helped the broker-dealer avoid a $650,000 settlement with the Financial Industry Regulatory Authority (FINRA).
On November 14, a subsidiary of Lincoln Financial Group agreed to accept a $650,000 fine brought by FINRA to implement more robust security measures following a hacking that compromised the information of 5,400 clients. This case, over the firm’s safeguards for client data residing in the cloud, is a prime example of the risks firms take when they fail to implement strong security controls and properly assess their third-party vendors.
Their own devices may have played a role in the hack that shut down several major websites.
Why should wealth management firms care about yet another hack that temporarily downed a few websites? Because, this time, your clients care. After all, “the Internet of Things” affects everyone.
The Mirai botnet attack that recently prevented access to over 1,200 websites including Twitter, Amazon, Netflix and PayPal is unprecedented in technique and scope. It hijacked thousands of internet-enabled devices like cameras, DVRs, Smart TVs and refrigerators to flood the domain registration services provider Dyn Inc. with a massive distributed denial of service (DDOS) attack. Since Dyn provides domain name services to some of the largest companies on the web, the result was widespread.
Anybody, including wealth management clients, could own the devices that played a role in the hack. Moreover, a similar hack could just as easily crash the websites of banks, broker-dealers, custodians or even RIAs. And, although this incident may be the work of amateurs, experts agree that it likely will inspire others in the future. Here’s what advisory firms and their clients should know about this evolving threat.
Public, private and hybrid solutions offer distinct pros and cons for wealth managers.
By now you probably know that cloud computing delivers shared data and software resources on demand through the internet. But you might still be wondering about all the varieties of cloud platforms on the market. This primer explores those differences, and explains why External IT operates as something called a “private hybrid cloud,” which we believe is the best approach for independent wealth management firms.
Biggest data breach in history proves it. Your firm needs External IT's security awareness training.
Last Thursday Yahoo announced that hackers stole the personal information of over half a billion of its users, including usernames, passwords, birthdates, and answers to security questions. The Yahoo hack took place in 2014, and many are questioning how the biggest data breach in history could have gone undetected for two years.
The internet company’s woes should serve as a stark warning for wealth management firms about the vulnerability of client data, as well as the potential for regulatory scrutiny and damage to a firm’s reputation.
Here are highlights of the powerful insights that industry leaders shared at our inaugural event.
We were honored that some of the most respected leaders in wealth management technology and cybersecurity joined us Monday, at the Microsoft Conference Center in New York, for our first summit. These experts shared powerful insights about successful software adoption, the breakaway broker trend, succession planning, millennial priorities, regulatory developments, and more. Here’s a summary of highlights from the event.