The Anthem security breach is yet another reminder that discussions about data security cannot be delayed. The days of data breaches and cyber-attacks being another company’s problem are long gone. The last year has been especially monumental in the seriousness of these business risks.
The Anthem security breach resulted in the release of an estimated 80 million employee and customer files, but not all assaults are so grand in scale. LA investment advisor firms need to safeguard their information from terminated employees, discourage password-sharing in the office, and devise strategies to deal with stolen smartphones and laptops.
The tips in this article will help investment firms lessen their vulnerability to data theft.
Monitor Existing Accounts
Watch for any unauthorized transfers or activity on the firm’s financial accounts, including brokerage and 401K accounts. Criminals attempt to get through the security questions by using stolen information such as customer street address and last four digits of their Social Security number. This type of fraud accounts for 30% of all stolen data.
Pay Attention to the Security of Company Data
Hackers search out easy targets, so implementing a good cyber security system will frustrate most efforts. Investment firms need to implement a data security assessment and rapid-response protocol that can integrate easily with the company’s current security technologies.
The ideal solution will include the following features:
- Immediate validation and assessment of all detected threats, so that any malicious programs can be contained before damage spreads
- Thoroughly audit financial files, personally identifiable client and employee information, and other sensitive details
- Establish approved baselines for all software installs to prevent accidental malware introduction
Get Security Systems Tested by the Professionals
Investment firms have traditionally hired consultants to help with security efforts, but more and more of them are now adding such experts to their in-house team. These specialists occupy two camps: those who proactively identify and tackle potential cyber threats, and “ethical hackers” who help the firm run tests on its internal systems to prevent security breaches.
LA investment firms with less than ideal cyber security standards can get in trouble with the SEC, FINRA, and other regulators. Wells Investment Securities was fined $300,000 for not protecting customer details on their laptops. Ameriprise Financial Services Inc. recently paid $750,000 for a series of violations, including the failure to prevent terminated employees from continuing to access the firm’s computer files. Bear in mind that actual harm to customers is not required for the SEC or FINRA to impose penalties when customer data is exposed.
Did your firm make any added security enhancements in the wake of the Anthem security breach? Let us know your thoughts in the Comments box below.
And to follow-through on the tips introduced in this short article, be sure to download your free guide, Investing in High Net Worth Clients: The LA Investment Advisor's Guide to Using Technology to Manage and Grow Your Firm.