Most advisers' cybersecurity training insufficient

Firms would be better off with shorter, more frequent sessions for employeees
FEB 07, 2017
Financial advisers should be spending about three times as much time training their staff each year on how to protect the firm and client data from cybersecurity dangers, experts said. About two-thirds of financial advisers spend two hours or less annually on cybersecurity training, according to a TD Ameritrade Institutional survey of advisers taken last year. One third of advisers are spending an hour or less. “Most firms do it only once a year and cram in an hour or two, and that's totally insufficient,” said Joel Bruckenstein, a financial industry technology consultant. “Training would be much better if it occurred more frequently for shorter periods.” Firms generally should aim to provide about 30 minutes of training each month to everyone at the firm, going over the latest cyberscams that are going around and reminding everyone about safe online procedures and password safety, he said. About 6% of firms spend seven hours or more on cybersecurity training, the survey found. (More: Is cyber insurance worth the cost?) The cybersecurity guidance issued by the Security and Exchange Commission's Office of Compliance Inspections and Examinations said employees can be a firm's first line of defense if they are properly trained to recognize suspicious activity and understanding the firm's procedures when it comes to reporting issues. Without proper training, though, employees can put a firm's data at risk, it said. Jared Hoffman, managing director of operations for Buckingham Strategic Wealth, said his firm recognizes the importance of training and hosts several mandatory sessions for employees every year, as well as additional specialized sessions every couple of months. “This is not a one-time thing. It's constantly evolving because there are new, big scams all the time,” he said. Training that focuses on specific examples of, for instance, a social engineering email or a fake call from the Internal Revenue Service, are especially effective at making employees see their vulnerabilities and understanding the seriousness of the issue, he said. (More: Watch for this new cybersecurity scam, IRS warns) “We keep adapting the presentations to what's happening in the real world,” Mr. Hoffman said. Careless actions of employees are responsible for about 59% of cyberattacks on businesses, according to a recent study by Kapersky Labs. Last year Ameriprise Financial had to take action when one of its advisers was discovered to be putting client data at risk by synchronizing files from his office to his home in an unsecure way. The Minneapolis-based firm had to reach out to warn clients about the risk. About 3% of advisers said they've had firm-level or client data compromised because of a security breach, according to preliminary data from a recent InvestmentNews adviser technology benchmarking study. About 4% of advisers were not sure if data had been compromised, the study found. (More: What advisers can expect from an SEC exam) The areas that SEC examiners may look at when they evaluate a firm's cybersecurity preparedness focus on how training is tailored to specific job functions and how the training encourages employees to be responsible, the OCIE guide said. Brian Edelman, chief executive of Financial Computer Inc., said advisory firms should make sure they are following all the guidance from the SEC if they want to make it through an examination. “This isn't something the regulators are grading, they just want to see that you're acting on this,” he said. About half of advisory firms have documented cybersecurity training plans and procedures in place, the TD Ameritrade Institutional survey found.

Latest News

Why fixed income still belongs in your clients' portfolios
Why fixed income still belongs in your clients' portfolios

In an era of AI euphoria and market FOMO, getting back to basics with fixed income may be the most contrarian and most important move advisors can make.

Voya expands advisor managed accounts to add private market assets
Voya expands advisor managed accounts to add private market assets

Voya Financial adds private equity, credit and real estate options to its AMA program, building on support for looser federal investment rules in retirement accounts.

With executives leaving, Osaic’s Reid now in the spotlight
With executives leaving, Osaic’s Reid now in the spotlight

Shannon Reid, president of Osaic and the network’s number two executive, has plenty of challenges, industry executives said.

Investors sue crypto fund and platform, alleging $1.5 million never returned
Investors sue crypto fund and platform, alleging $1.5 million never returned

Auditors flagged the commingling. The COO allegedly knew. Investors kept getting the pitch

Wells Fargo nabs $1.7B RBC advisor team, loses two teams to LPL
Wells Fargo nabs $1.7B RBC advisor team, loses two teams to LPL

The advisors on the move include two brothers leading a family practice in Connecticut, and a husband-and-wife tandem working with business owners in the West Coast.

SPONSORED Who builds the income when the pension disappears?

Dan Biagini of American Equity says the steady decline of pensions, longer lifespans and a reset in interest rates are rewriting how advisors build retirement income

SPONSORED Why direct indexing stopped being optional

Direct indexing is on pace to outgrow ETFs and mutual funds. Northern Trust's Ken Lassner explains why the advisors who get it wish they had started sooner.