What advisers should do after a cyberattack

Hacks are becoming more common, and knowing how to respond quickly is critical

Jun 8, 2015 @ 1:45 pm

By Alessandra Malito

Advisers beware: Cyberattacks represent a growing trend, but being prepared will help mitigate damage to clients.

Just recently, the United States federal government — both the Internal Revenue Service and the Office of Personnel Management — was the victim of cyberbreaches, compromising the personal data of millions. Advisers, who are the gatekeepers of account-holders' assets and sensitive information, can be the target of hackers as well.

"Hackings are happening all of the time," said Sid Yenamandra, chief executive of Entreda, a cybersecurity and risk-management company. "Advisers have a very high responsibility factor to their clients to make sure they safeguard their data."

According to the Securities and Exchange Commission's sweep on cyberattacks earlier this year, 88% of broker-dealers and 74% of advisers said they have experienced cyberattacks directly or through their vendors. Most of those incidents were related to malware and fraudulent emails, where hackers tried to transfer client funds.

Even when advisers take great measures to ensure air-tight security, sometimes a cyberattack is unavoidable. So once a breach is uncovered, a few quick recovery steps should be taken.

Change passwords. Although it seems obvious, going into every account an adviser has and changing the passwords is crucial once a breach occurs.

"Precious time gets spent in just trying to figure out what is going on," Mr. Yenamandra said. "If you've been breached, the damage is continuing to happen."

Investigate, and get help. Before contacting any affected parties, advisers should assess the state of their equipment and accounts, making a copy of all their computer's files and programs as soon as possible.

Advisers should already have a list of all of the email, software and social media accounts they have control of. They also should check their system for any malware that may have been left behind.

Brian Edelman, chief executive of Financial Computer Services, a company that specializes in cybersecurity, said the first thing advisers should do — after changing their passwords — is contact an attorney and learn their state's cybersecurity rules.

“The fundamental problem is your knee-jerk reaction and what you should do, [which] are two different things,” Mr. Edelman said. “The knee-jerk reaction is to try and fix it.”

Notify those involved. After the initial steps are handled, advisers should tell their clients of the occurrence and what they can do.

Although it can be a tough conversation to have, being honest and showing clients what steps have been taken to ensure it doesn't happen again is important, said Arlene Moss, a financial adviser coach with Kimberlite Coaching and Community Strategies. Advisers can come prepared with a list of actions client can take, and also by "just letting your clients know that you're there for them and you're going to take care of them no matter what," she said.

Advisers should notify their compliance offices and the SEC or Financial Industry Regulatory Authority Inc.

Be proactive. The SEC is urging advisers to create cybersecurity plans, which would address the risks of potential breaches. The written, formal document would recommend conducting periodic data assessments, as well as encrypting and backing up sensitive data. According to the SEC's sweep, 93% of broker-dealers and 83% of advisers have adopted these written policies.

"I would hope they take all of the precautions: firewalls, filters and encryptions," said Sheryl Rowling, a financial adviser with Rowling & Associates. But hackers, she added, "are becoming more and more aggressive and more and more sophisticated."


What do you think?

View comments

Recommended for you

Upcoming Event

Oct 09


Diversity & Inclusion Awards

Attend the industry’s first event celebrating diversity and inclusion as well as recognizing those who are leading the financial services profession in this important endeavor. Join InvestmentNews, as we strive to raise awareness, educate... Learn more

Featured video


What's behind the TCA, ETrade deal?

Deputy editor Bob Hordt talks with senior columnist Jeff Benjamin about what each party in the recent acquisition stands to gain by joining forces.

Latest news & opinion

As DOL fiduciary rule dies, variable annuities come alive — sales up for first time since 2014

Indexed annuity sales also broke their previous quarterly sales record.

Cambridge Investment Research bags mid-sized broker-dealer

Broker Dealer Financial Services, an IBD with 150 reps and advisers, and $3.5 billion in assets, will become a Cambridge OSJ.

HighTower on prowl for new CEO, Weissbluth to become chairman

Move is latest in Chicago-based RIA consolidator's effort to expand senior leadership team.

What's in a name? For TCA by ETrade, everything

Trust Company of America is gone, and there's big buzz over the name change. But turning the custodian into an industry powerhouse will take a lot longer — if it happens at all.

When it comes to regulating AI in financial services, murky waters are ahead

Laws are unclear on how the technology fits in with compliance.


Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting investmentnews.com? It'll help us continue to serve you.

Yes, show me how to whitelist investmentnews.com

Ad blocker detected. Please whitelist us or give premium a try.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print