The biggest cyberthreat to a firm: Employees

Internal hacking is an emerging danger for advisers

Apr 2, 2015 @ 9:04 am

By Alessandra Malito

The biggest cyberthreat for advisory firms may be right in the office.

Experts say internal hacking is an emerging danger for advisers, and to protect client data breaches from inside, advisers need to address security issues with employees, implement stronger policies to steer away potential data theft and keep tabs on employees' Internet activities.

"All too often when people think of cybersecurity, they are thinking of a hacker or a virus," Brian Edelman, chief executive of Financial Computer Services, a company that works primarily in cybersecurity, said. "It's more than that."

The issue of internal cyber security was in the headlines recently when Morgan Stanley claimed one of its advisers allegedly obtained data on thousands of clients. Some of the data ended up online and the question arose whether the broker sold the data — his lawyer said he did not — or whether his computer was hacked.

Morgan Stanley did not respond for comment.

"Morgan Stanley-type firms have a much different problem than a smaller or medium-sized RIA," Greg Friedman, president of Junxure, a cloud-based customer relationship management software, said. "That being said, we should never underestimate the risk of that happening."

Mr. Friedman, who is also the founder of the advisory firm Private Ocean Wealth Management in San Rafael, Calif., said his firm has recently decided to get cybersecurity insurance during the company's review of insurance policies.

With the bulk of advisory firms not planning on spending money on cyber security this year even as regulators raise red flags, the issue looms large.

According to InvestmentNews' Outlook 2015 survey, only 30% of advisers plan to invest in cybersecurity in 2015.

Meanwhile, Securities and Exchange Commission officials believe that advisory firms face an increasing number of online attacks and the Financial Industry Regulatory Authority Inc. is examining more firms to get a handle on how they protect themselves from potential online threats.

In the SEC's cybersecurity sweep report, the regulator found that 11% of broker-dealers and 4% of advisers reported internal hacking, but that 58% of broker-dealers and 21% of advisers have cybersecurity insurance in place.

At least one company thinks it has a solution.

External IT, which offers a cloud-based dashboard that links with 150 applications for registered investment advisers and brokers, is rolling out an upgrade to its product that focuses on internal hacks. Its new feature includes an activity page that tracks an adviser's logins onto the system with location, time, IP address and device information. If there is a questionable login attempt, advisers will notice. At large firms, chief compliance or information officers can track the online activity of every employee through the External IT system.

External IT's dashboard acts as the jumping off point for an adviser's practice throughout the day, and links to applications like Salesforce and Microsoft Office. Advisory firms can decide if they want their advisers to sign in with a two-step process, which includes a token passcode to type in after a regular login and password. Firms can also implement a one-step login for web-based applications after signing into the cloud, where the adviser would not know his or her credentials to sign into the following applications.

The service costs between $150 to $200 per user per month, with an initial fee for setting up a firm's IT system. The company has a partnership with Fidelity in which advisers custodying with Fidelity Institutional Wealth Services can access the External IT features at a reduced rate.

Sam Attias, vice president of financial services practice at External IT, said the firm is seeking to strike other partnerships with custodians, broker-dealers and advisory firm aggregators.

He added that the SEC's cybersecurity sweep prompted the company to reevaluate its security features for advisers.

"The user now knows everything the firm can see," Mr. Attias said. "They can pick up on a breach. It's the visibility you had before but in a very restrictive environment."

A more restrictive environment may be what advisory firms need.

0
Comments

What do you think?

View comments

Upcoming event

Nov 20

Conference

Future of Financial Advice

An innovative conference dedicated to improving the client experience by enhancing digital technology, mainstreaming healthcare and optimizing wealth management strategies.The Future of Financial Advice will provide a forum for... Learn more

Most watched

INTV

Schwab's Jeff Kleintop: Prep for volatility given China trade uncertainties

China could be considered a developed market in five to seven years , according to Jeff Kleintop, chief global investment strategist, Charles Schwab.

INTV

Young advisers envision a radically different business in five years

Fintech and sustainable investing are two factors being watched closely by some of the 2019 class of InvestmentNews' 40 Under 40.

Latest news & opinion

Funding for Reg BI, other SEC advice reform efforts denied in Waters amendment

House likely to approve measure that effectively kills rule package, but it faces uphill battle in Senate

Wall Street lashes out at Sanders' plan to pay off student debt with a securities trading tax

Financial pros argue that a transaction levy will hurt mom-and-pop investors along with investment houses.

GPB paid B-Ds and reps steep commissions to sell troubled private placements

GPB paid commissions of 9.3%, or $167 million altogether, on the firm's private placements.

Give us a break, active managers say

Seven portfolio managers share their outlooks for the rest of the year, generally agreeing that it's been hard for active managers to stand out.

GPB Capital reports decline in value of two biggest funds

One has dropped by 25.4% and the other by 39%, according to the company.

X

Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting investmentnews.com? It'll help us continue to serve you.

Yes, show me how to whitelist investmentnews.com

Ad blocker detected. Please whitelist us or give premium a try.

X

Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print