As technology progresses at a rapid pace, financial services firms are faced with a host of cyberthreats, including email hacking, outdated digital signature models and third-party vendor breaches.
“This information age creates new opportunities for people who are very innovative in crime,” said Aaron Spradlin, chief information officer at United Planners Financial Services.
Cyberattacks have become more common recently, with big names like Sony, Target and even the federal government getting caught in the cross hairs of hackers. The fear among financial services companies is what may happen when cybercriminals target the financial advisory industry. After all, advisory firms are not only the holders of substantial private information, but they are indirectly holding on to assets as well.
“The focus [on the industry] is what keeps me up at night,” Mr. Spradlin said.
InvestmentNews brought eight broker-dealer professionals together at the Technology Tools for Today conference in Weston, Fla., on Nov. 2 to talk about cybersecurity in the digital age.
Email in particular remains a constant concern for advisers and their firms. The greatest risk is that a client's email account could be hacked, exposing sensitive information, data and business relationships, and allowing hackers to impersonate the client and gain access to private financial information.
Darren Tedesco, managing principal of innovation and strategy at Commonwealth Financial Network, said his firm sees cyberattacks every day. There are 10 to 30 attempted client email hacks a week, he said.
“It's crazy,” he said. “We've had to staff departments to help advisers deal with client emails hacked.”
With so much information publicly available, it will be increasingly difficult for firms to determine whether clients' accounts are being breached by using security measures that ask for personally identifiable answers to generic questions, such as “What was the model of your first car?” or “Where were you when you learned about Sept. 11?”
Warding off hackers also comes down to how employees safeguard their technology.
James Clabby, chief information officer at AIG Advisor Group, said his firm provides employees with guidance about security best practices regarding their software and hardware, but at the end of the day, there's always the potential for an unexpected issue.
(Related read: Cybersecurity efforts still fall short at advice firms)
It's not necessarily how advisers use the technology, it's accounting for all of the hardware out there and all of the sensitive data on various systems.
“I worry about having a variety of different equipment, with a variety of different software,” Mr. Clabby said.
That's where the cloud and data centers come in. Though the cloud is a more efficient way to do business and offers a certain amount of security safeguards, it also opens firms to potential breaches.
“My concern is more generic, which is the complexity,” said Mukesh Mehta, chief information officer at Cetera Financial Group Inc. “We all have data centers, we co-own or have our own. At every point there is a point of failure.”
Third-party vendors are a cause for concern as well. Mr. Clabby said that as integration between vendors and institutions grows — and it is growing — firms are left to wonder how safe their data actually are as they reside with those third parties.
“When was the last time you went out to wherever the data is physically stored from and, you know, crawled around?” he said. “All of those kinds of questions are coming up at this point.”
Certainly regulators have questions.
The Securities and Exchange Commission and the Financial Industry Regulatory Authority Inc. have been hammering down on potential cyberholes in firms' practices.
It all comes down to instilling security lessons, said Joe Simpson, associate vice president and director of information technology at Securities Service Network.
“One of the bigger things we're doing is just education campaigns, both through our advisers and working with the advisers to help educate clients,” Mr. Simpson said.
(Continue reading: More on digital disruption in the advice industry)