But the financial services sector is especially attractive to hackers because the amount of money being handled and stored spells a major payday to anyone who succeeds.
The risk of being hacked is one of many reasons why Los Angeles RIAs need to focus more resources on improving data protection. The complications that arise from a breach can change the future of an investment firm or even end it entirely.
This article examines the three reasons why data protection needs to be a priority for investment advisors, and the consequences of under-vigilance.
1. Investment firms are legally obligated to protect customer and financial data.
FINRA member firms are obligated to protect a customer’s personal and financial information. The Securities Exchange Commission’s Regulation S-P (known as the “Safeguard Rule”) requires investment companies, broker-dealers, and advisors to have policies and procedures in place that protect customer details and prevent unauthorized access to these records and information.
Regulators have disciplined firms for failing to implement enhanced security measures and procedures or report data breaches to the compliance department and privacy officer. Not all cases have involved actual customer harm.
Enforcement actions can be brought when private information has been exposed to unauthorized parties, even if the details were not misused.
2. More threats are appearing daily.
In 2014, the New York Department of Financial Services released a report warning that financial services companies will continue to be challenged as threats evolve in sophistication and complexity. Los Angeles RIAs must take a closer look at their firm’s network security, security incident response management, vendor management and disaster recovery procedures. Failure to do so can have career-changing consequences.
3. Data breaches are expensive.
Financial industry regulators are paying closer attention to investment firm vulnerability to hackers and data thieves. In a report dated February 3, the SEC stated that 74 percent of the firms it examined had been the target of cyber-attacks. As a result, both the SEC and FINRA have made cyber security checkups a priority for their examiners in 2015.
Any company with less than stringent data security standards faces heavy fines. D.A. Davidson & Co., a brokerage firm, was ordered to pay a fine of $375,000 for failing to protect confidential customer information from Latvian hackers.
Lincoln Financial Securities, Inc. and its affiliate, Lincoln Financial Advisors Corporation, were fined $600,000 for lax data security practices. They failed to require employees working remotely to install security software on personal computers used to conduct company business.
Hackers today have become more resourceful, and Los Angeles RIAs are forced to apply higher standards of data protection. This includes periodic reviews for potential threats, keeping security software current, and prohibiting advisors from sharing passwords.
Many firms are also turning to secure cloud-based services to manage their business systems. The added expense and effort are small prices to pay when it comes to protecting a company’s name and keeping the trust of its clients.
Has your firm been forced to spend money and resources on data protection in recent years? Let us know your thoughts in the Comments box below.
And to follow-through on the tips introduced in this short article, be sure to download your free guide, Investing in High Net Worth Clients: The LA Investment Advisor's Guide to Using Technology to Manage and Grow Your Firm.