How to cope with cybersecurity threats

Advisers have much more to worry about than their own computer's security these days. While many see fraudulent e-mails and theft as the primary cyberthreat to their clients, a white paper released last week by The Depository Trust & Clearing Corp. highlights the systemic nature of cybersecurity and the need to see how deeply interconnected electronic communications can be. Advisers have fallen prey to deception by Internet criminals, but scammers represent just one class of cyberthreats, according to Mark G. Clancy, managing director for technology risk management and chief information security officer at DTCC. Other threats to the financial system include “hactivism,” espionage and cyberwar. These attacks, usually in the form of a “denial of service,” don't need to be directed at advisers to disrupt daily wealth management activities. “How can you access the market on behalf of your clients without the Internet?” Mr. Clancy asked. “Advisers are dependent on the infrastructures that are getting targeted. They're part of the larger ecosystem.” For advisers, this means keeping your service providers in the loop and installing procedures that ensure they aren't contributing to the problem. “Apply the most recent software updates and antivirus,” Mr. Clancy said. “Firms are going to trust your address even when you're under attack.” With cyberattacks considered less as chance and more as inevitability, Mr. Clancy suggests implementing workarounds if web access is compromised. These backup transmission mechanisms for executing trades include phone calls, fax, and even a true relic, dial-up service. He warns that as larger financial institutions strengthen their cyber-protection practices, the threat will trickle down to smaller firms with less sophisticated defenses. “Criminal threats will just go down to smaller institutions if the larger ones up their security systems,” Mr. Clancy said. “But they would be harder to attack because there are more of them.”