The Target cybersecurity breach that exposed information on millions of consumers to hackers, and a reported breach at Nordstrom, are new warnings to all who have access to customer or client financial data that they must take all possible steps to protect it.
While most financial planners and investment advisers may feel they are too small to be targeted, hackers are opportunists. If they identify an easy target, no matter how small, they likely will attack it because personal financial data have become valuable to criminals.
Therefore, planners and advisers must first inventory what client financial information they have in their computer systems and who has access to that information. Those with access to the computer systems or client data must be reminded that security begins with them.
Then the companies must review and update their computer security measures consistently to ensure that client data are protected and secure. They also should have backup and recovery systems separate from their main systems so they can recover quickly from a security breach.
Further, they should constantly remind clients to do the same to protect sensitive financial information kept on home computers.
They also must ask hard questions of the companies that serve them and their clients: banks, brokers and custodians who have client data on their systems. How often do these companies update their security? How big are their cybersecurity teams? How often do they test their systems? What are the action plans if a breach occurs and client data are compromised?
Advisers must be sure to get detailed and satisfactory answers to these questions. In the words of President Ronald Reagan, trust but verify. There are benefits — and risks — in using smaller, lower-profile service providers or large firms. Either can work, but not without a thorough vetting process.
Clearly, as the wave of cybercrime grows, advisers and those helping them serve their clients must intensify their efforts to protect client data.