Most advisers' cybersecurity training insufficient

Firms would be better off with shorter, more frequent sessions for employeees

Feb 7, 2017 @ 10:55 am

By Liz Skinner

Financial advisers should be spending about three times as much time training their staff each year on how to protect the firm and client data from cybersecurity dangers, experts said.

About two-thirds of financial advisers spend two hours or less annually on cybersecurity training, according to a TD Ameritrade Institutional survey of advisers taken last year. One third of advisers are spending an hour or less.

“Most firms do it only once a year and cram in an hour or two, and that's totally insufficient,” said Joel Bruckenstein, a financial industry technology consultant. “Training would be much better if it occurred more frequently for shorter periods.”

Firms generally should aim to provide about 30 minutes of training each month to everyone at the firm, going over the latest cyberscams that are going around and reminding everyone about safe online procedures and password safety, he said.

About 6% of firms spend seven hours or more on cybersecurity training, the survey found.

(More: Is cyber insurance worth the cost?)

The cybersecurity guidance issued by the Security and Exchange Commission's Office of Compliance Inspections and Examinations said employees can be a firm's first line of defense if they are properly trained to recognize suspicious activity and understanding the firm's procedures when it comes to reporting issues. Without proper training, though, employees can put a firm's data at risk, it said.

Jared Hoffman, managing director of operations for Buckingham Strategic Wealth, said his firm recognizes the importance of training and hosts several mandatory sessions for employees every year, as well as additional specialized sessions every couple of months.

“This is not a one-time thing. It's constantly evolving because there are new, big scams all the time,” he said.

Training that focuses on specific examples of, for instance, a social engineering email or a fake call from the Internal Revenue Service, are especially effective at making employees see their vulnerabilities and understanding the seriousness of the issue, he said.

(More: Watch for this new cybersecurity scam, IRS warns)

“We keep adapting the presentations to what's happening in the real world,” Mr. Hoffman said.

Careless actions of employees are responsible for about 59% of cyberattacks on businesses, according to a recent study by Kapersky Labs.

Last year Ameriprise Financial had to take action when one of its advisers was discovered to be putting client data at risk by synchronizing files from his office to his home in an unsecure way. The Minneapolis-based firm had to reach out to warn clients about the risk.

About 3% of advisers said they've had firm-level or client data compromised because of a security breach, according to preliminary data from a recent InvestmentNews adviser technology benchmarking study. About 4% of advisers were not sure if data had been compromised, the study found.

(More: What advisers can expect from an SEC exam)

The areas that SEC examiners may look at when they evaluate a firm's cybersecurity preparedness focus on how training is tailored to specific job functions and how the training encourages employees to be responsible, the OCIE guide said.

Brian Edelman, chief executive of Financial Computer Inc., said advisory firms should make sure they are following all the guidance from the SEC if they want to make it through an examination.

“This isn't something the regulators are grading, they just want to see that you're acting on this,” he said.

About half of advisory firms have documented cybersecurity training plans and procedures in place, the TD Ameritrade Institutional survey found.


What do you think?

View comments

Upcoming event

Oct 22


San Francisco Women Adviser Summit

The InvestmentNews Women Adviser Summit, a one-day workshop now held in six cities due to popular demand, is uniquely designed for the sophisticated female adviser who wants to take her personal and professional self to the next level.... Learn more

Most watched


Finding your edge from Tony Robbins

Guru Tony Robbins has helped a lot of people, but armed with his psychology Financial Advisor Josh Nelson has helped his practice soar.


Finding innovation in your firm

Adam Holt of AssetMap explains how advisers understand they need to grow, but great innovation may be lurking right under your nose.

Latest news & opinion

Hopes high for bill to ease small-firm adviser regulations

High-ranking, bipartisan members of the House Financial Services Committee back the legislation.

Redtail CRM data breach exposes personal client data

The information exposed includes names, addresses, dates of birth and Social Security numbers.

This strategy can double your estate-tax exemption

'Portability' allows a surviving spouse to tack the decedent's exemption on to his or her own. Despite the higher threshold for paying estate taxes in the 2017 tax law, experts recommend filing for the benefit.

Couple in Morgan Stanley advisory account wins $519,000 arb case over unsuitable investments

Plaintiff's lawyer says junk bonds, futures contracts and derivatives were inappropriate for his clients.

The growth of factor-based investing

Advisers are making decisions about clients' portfolios by using the same characteristics that govern factor-based ETFs.


Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting It'll help us continue to serve you.

Yes, show me how to whitelist

Ad blocker detected. Please whitelist us or give premium a try.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print