United States: Why Should You Care About Cyber-Security

The short answer to this question is that the SEC and FINRA care.  Both regulators have made this issue an exam priority for the year, and it was recently a focus of an SEC roundtable. 

We hear of data breaches on nearly a daily basis at retail stores, to name a common target.  But what about the financial services industry.  Is it at the same risk?  In some ways, broker-dealers and RIAs are even more at risk. 

The common data breaches that we hear about involve an outside source breaking into a company's data warehousing system.  This is what I would call the macro cyber-security issue.  This is one that firms must address on an across the firm systemic basis with their information technology resources. 

Equally troubling are what I call the micro level risks.  These include efforts by outsiders to divert funds from a client's account through the use of the email system. 

The typical situation involves a compromise of your client's email.  Then an email comes from your client's email address purporting to ask for funds to be forwarded to an account outside of the firm.  The unknowing advisor executes the trade with the client unknowingly having been compromised. 

The easiest way to deal with this issue is to have and enforce a written supervisory procedure that forbids brokers from executing orders that come through email.  Instead, such a distribution request should only be effectuated with a confirming call to the client. In this day and age of instant messaging it is critical not to forget the phone.   

There are a number of benefits to this approach.  For one, a simple call to your client may avert a financial disaster.  Equally important, any time you speak with your clients is a way to assure your clients that you have their best interests at heart.  Doing so, is also simply another marketing opportunity to get in front of your clients. 

We are all at risk of cyber-attack so all firms must be certain to have their technology tested to ensure against macro attacks.  Firms must also train their brokers to understand the signs of a micro level attack.  The failure to take these actions is a recipe for disaster.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.