News that a Morgan Stanley broker allegedly stole data on 350,000 clients and that information for 900 of them made it online was a jolt for many about the reality that cyberthreats don't come only from strangers in the cloud.
The person sitting at the next desk can dump files onto a flash drive or access accounts online just as easily — if not more easily — than outsiders.
It's not natural to distrust the people you hire, work with and speak to about their families every day. But when it comes to the client data for which you're responsible, protecting clients' privacy and finances must come first.
It's OK to trust, but it's critical to verify.
Wherever personal financial gain at the expense of others is possible, checks, rechecks and more redundant checks are required. And big firms aren't the only ones that need to be on top of data security.
Fortunately, Morgan Stanley spotted the theft early. As InvestmentNews' Liz Skinner reported last week, broker-dealers and custodians typically subscribe to cyber-security services that monitor postings, but mom-and-pop adviser shops often don't have the resources to do that. How can they avoid internal breaches in the first place?
Experts recommend instituting an information-security plan that houses client data in a secure place and tightly restricts who can access it. Think of it as security clearances and sharing on a need-to-know basis.
Even if you've worked with colleagues for decades and would trust them with your life, it does not mean the virtuous among us can't make mistakes.
What if Jane takes a laptop home and misplaces it at the post office along the way? Or Bob uses a public hot spot at his local coffee shop to access client accounts he's working on? They may have good intentions, but those around them might not.
In any case, having protocols in place to secure access to and usage of client data and company equipment is a key step in protecting the very business you've worked so hard to build.