The biggest cyberthreat to a firm: Employees

Internal hacking is an emerging danger for advisers

Apr 2, 2015 @ 9:04 am

By Alessandra Malito

The biggest cyberthreat for advisory firms may be right in the office.

Experts say internal hacking is an emerging danger for advisers, and to protect client data breaches from inside, advisers need to address security issues with employees, implement stronger policies to steer away potential data theft and keep tabs on employees' Internet activities.

"All too often when people think of cybersecurity, they are thinking of a hacker or a virus," Brian Edelman, chief executive of Financial Computer Services, a company that works primarily in cybersecurity, said. "It's more than that."

The issue of internal cyber security was in the headlines recently when Morgan Stanley claimed one of its advisers allegedly obtained data on thousands of clients. Some of the data ended up online and the question arose whether the broker sold the data — his lawyer said he did not — or whether his computer was hacked.

Morgan Stanley did not respond for comment.

"Morgan Stanley-type firms have a much different problem than a smaller or medium-sized RIA," Greg Friedman, president of Junxure, a cloud-based customer relationship management software, said. "That being said, we should never underestimate the risk of that happening."

Mr. Friedman, who is also the founder of the advisory firm Private Ocean Wealth Management in San Rafael, Calif., said his firm has recently decided to get cybersecurity insurance during the company's review of insurance policies.

With the bulk of advisory firms not planning on spending money on cyber security this year even as regulators raise red flags, the issue looms large.

According to InvestmentNews' Outlook 2015 survey, only 30% of advisers plan to invest in cybersecurity in 2015.

Meanwhile, Securities and Exchange Commission officials believe that advisory firms face an increasing number of online attacks and the Financial Industry Regulatory Authority Inc. is examining more firms to get a handle on how they protect themselves from potential online threats.

In the SEC's cybersecurity sweep report, the regulator found that 11% of broker-dealers and 4% of advisers reported internal hacking, but that 58% of broker-dealers and 21% of advisers have cybersecurity insurance in place.

At least one company thinks it has a solution.

External IT, which offers a cloud-based dashboard that links with 150 applications for registered investment advisers and brokers, is rolling out an upgrade to its product that focuses on internal hacks. Its new feature includes an activity page that tracks an adviser's logins onto the system with location, time, IP address and device information. If there is a questionable login attempt, advisers will notice. At large firms, chief compliance or information officers can track the online activity of every employee through the External IT system.

External IT's dashboard acts as the jumping off point for an adviser's practice throughout the day, and links to applications like Salesforce and Microsoft Office. Advisory firms can decide if they want their advisers to sign in with a two-step process, which includes a token passcode to type in after a regular login and password. Firms can also implement a one-step login for web-based applications after signing into the cloud, where the adviser would not know his or her credentials to sign into the following applications.

The service costs between $150 to $200 per user per month, with an initial fee for setting up a firm's IT system. The company has a partnership with Fidelity in which advisers custodying with Fidelity Institutional Wealth Services can access the External IT features at a reduced rate.

Sam Attias, vice president of financial services practice at External IT, said the firm is seeking to strike other partnerships with custodians, broker-dealers and advisory firm aggregators.

He added that the SEC's cybersecurity sweep prompted the company to reevaluate its security features for advisers.

"The user now knows everything the firm can see," Mr. Attias said. "They can pick up on a breach. It's the visibility you had before but in a very restrictive environment."

A more restrictive environment may be what advisory firms need.

0
Comments

What do you think?

View comments

Upcoming event

Nov 19

Conference

New York Women Adviser Summit

The InvestmentNews Women Adviser Summit, a one-day workshop now held in six cities due to popular demand, is uniquely designed for the sophisticated female adviser who wants to take her personal and professional self to the next level.... Learn more

Most watched

Events

Finding innovation in your firm

Adam Holt of AssetMap explains how advisers understand they need to grow, but great innovation may be lurking right under your nose.

Events

Finding your edge from Tony Robbins

Guru Tony Robbins has helped a lot of people, but armed with his psychology Financial Advisor Josh Nelson has helped his practice soar.

Latest news & opinion

Hopes high for bill to ease small-firm adviser regulations

High-ranking, bipartisan members of the House Financial Services Committee back the legislation.

Redtail CRM data breach exposes personal client data

The information exposed includes names, addresses, dates of birth and Social Security numbers.

This strategy can double your estate-tax exemption

'Portability' allows a surviving spouse to tack the decedent's exemption on to his or her own. Despite the higher threshold for paying estate taxes in the 2017 tax law, experts recommend filing for the benefit.

Couple in Morgan Stanley advisory account wins $519,000 arb case over unsuitable investments

Plaintiff's lawyer says junk bonds, futures contracts and derivatives were inappropriate for his clients.

The growth of factor-based investing

Advisers are making decisions about clients' portfolios by using the same characteristics that govern factor-based ETFs.

X

Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting investmentnews.com? It'll help us continue to serve you.

Yes, show me how to whitelist investmentnews.com

Ad blocker detected. Please whitelist us or give premium a try.

X

Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print