9. Protect customers
Because cyberhackers find easy points of entry into consumers’ accounts, it has become increasingly clear to the SEC and advisory firms’ IT departments that a computer network is only as strong as its weakest link.
“We try to preach to our users, ‘verify, verify, verify,’” Mr. Sundberg said. “Never download an attachment or accept a weird friend request if it can’t be verified.”
For example, he said, if an advisory firm employee receives a phone call and the person at the other end of the line says he’s from Microsoft tech support and has noticed a computer virus in the firm’s system, the employee should hang up immediately and not let the unidentified caller connect to the firm’s system.
“Or, if you get an e-mail from somebody saying they’ve been mugged on vacation or have lost their wallet and passport or some other doom-and-gloom scenario, most likely their e-mail has been hacked,” Mr. Sundberg said. “Contact that person another way, not through email, whether on a home land line or cellphone.”