The reports of successful cyber-breaches, such as the Anthem incident, demonstrate the risks presented by criminals operating online. Data can be lost, stolen, and misused to the detriment of the firm and, ultimately, of its clients.
Keeping security levels both high and up-to-date is not an easy task, given the rapid pace at which technology changes.
Often firm management makes mistakes or simply skips over addressing critical requirements when it comes to navigating the complexity of cyber-security.
This article details the top three IT security mistakes made by LA investment advisors and what can be done to correct them before they become serious problems.
1. Ignoring a Critical Security Event
Everyone has heard about the Target breach that took place in the latter half of 2013. The retailer was forced to announce that 40 million credit and debit cards had likely been skimmed at its stores. As it turned out, the company’s security software had detected the Trojan that committed the hack, but the IT security team dismissed the report as a false positive.
The result? Loss of hundreds of millions of dollars, resignation of the CEO and CIO, and damaged customer trust in the Target brand. Office managers and IT security teams need to work together to investigate all reported events, even those that appear to be false positives and monitor them for growing activity.
2. Not Changing Passwords
A major, and common, IT security mistake is not changing admin passwords for a long time. It’s practically the norm for RIAs to have the same login details for years. All computer security guidelines recommend that passwords be changed every 45 to 90 days, with administrator-level credentials being updated as well.
To ensure system integrity, periodically update all passwords and always change them after an employee is terminated. Password sharing is not rare and a disgruntled former employee may have administrator-level login details that can enable them to wreak havoc with your technology systems.
3. Not Encrypting Files
The importance of file encryption in computer and network security cannot be underestimated. It renders confidential and sensitive data unreadable should a hacker get past the company’s front-line defenses. It also prevents users from intentionally or unintentionally copying information off of a secure system.
File encryption involves encoding and decoding files. To open and read an encrypted file, a person needs a ‘key’ to decode it - such as a password or trusted certificate. Office managers must ensure that all critical files are encrypted, to minimize the damage of a successful cyber-breach.
Although computers and IT are now the backbone of the financial services industry, we’re still living in the ‘Wild West’ when it comes to Internet security. Few cyber-criminals are successfully prosecuted: the Web supports anonymity, with identifying details being lost or covered up in mere seconds.
Until it becomes less of a safe haven for hackers and data thieves, IT security remains a key objective for LA investment advisors.
Has your firm ever come close to experiencing a cyber-breach? How was it intercepted and stopped? Let us know your thoughts in the Comments box below.
And to follow-through on the tips introduced in this short article, be sure to download your free guide, Investing in High Net Worth Clients: The LA Investment Advisor's Guide to Using Technology to Manage and Grow Your Firm.