New defenses necessary for protecting client data

New defenses necessary for protecting client data
From the president down, experts say data security is the responsibility of all who hold sensitive information.
FEB 19, 2015
Recent warnings from President Barack Obama about the business threats posed by cyberterrorists and news that an estimated $300 million or more has been hacked from bank clients, should reinforce an adviser's resolve to check — and then double check — cybersecurity defenses. At a cybersecurity summit on Friday, Mr. Obama singled out the nation's financial systems, health systems and power grid as networks being probed every day by criminals and foreign governments. In an effort to improve security against cyberthreats, Mr. Obama signed an executive order to encourage companies to form groups and share information among themselves and with government organizations. Such a step, not aimed at advisers but potentially consequential to client data because it touches the broad financial sector, could be worrisome, even though the president has said the information would be kept private, said Brian Hamburger, chief executive of MarketCounsel. “People are skeptical with information sharing, and they should be asking questions,” he said. Those questions include: “If I share information with a competitor, will he be able to publicize that my firm was hacked?” Mr. Hamburger said. Or, “Will notifications be used to illustrate vulnerabilities before I've been able to fortify system defenses?” Eric Clarke, president of Orion Advisor Services, said the president's focus on data security is a great reminder to advisers that they have to pay attention to the threats and vulnerabilities of keeping client data private. One area advisers may not think about is ensuring vendors and third parties have had their own security audits that include firewall testing and penetration testing to ensure an outsider can't hack through, Mr. Clarke said. He recommended advisers work with those who've attained international specifications for information security management, such as the ISO 27001 certification. Other steps include: requiring multifactor authentication when assessing firm data; password protection systems; staff training and education; and technologies for mobile devices that can electronically wipe devices that are lost. (More: "10 ways advisers can improve their cybersecurity") “Security always creates less convenience," Mr. Clarke said. "However, when you're accessing sensitive data, and a lot of it, it's worth the extra steps to make sure the data is safeguarded. Meanwhile, breaches at 100 banks in 30 nations have led to at least $300 million being stolen from client accounts, according to a Kaspersky Lab report that the New York Times wrote about Saturday. The crimes were years in the making in some cases, beginning with malicious code, or malware, being downloaded by unsuspecting employees, it said. Then hackers reportedly sent in remote access tools to capture video and screen shots that gave them access to bank procedures. The banks, mostly in Russia — but some in the U.S., Europe and Japan — will not be identified because of nondisclosure agreements with Kaspersky, the paper said. (More: Cybersecurity needs to be a spending priority for advisers in 2015) These and other reports indicate the tenacity of cyberterrorists and their widespread impact. Advisers can't just stick their heads in the sand and ignore the problem, experts said. “We've entered into an era where advisers can't easily claim to be helpless victims when it comes to viruses, malware and spyware, and consumers are suffering the ramifications,” Mr. Hamburger said. “Those with a responsibility to collect and maintain sensitive information have the obligation to safeguard that information.”

Latest News

The 2025 InvestmentNews Awards Excellence Awardees revealed
The 2025 InvestmentNews Awards Excellence Awardees revealed

From outstanding individuals to innovative organizations, find out who made the final shortlist for top honors at the IN awards, now in its second year.

Top RIA Cresset warns of 'inevitable' recession amid tariff uncertainty
Top RIA Cresset warns of 'inevitable' recession amid tariff uncertainty

Cresset's Susie Cranston is expecting an economic recession, but says her $65 billion RIA sees "great opportunity" to keep investing in a down market.

Edward Jones joins the crowd to sell more alternative investments
Edward Jones joins the crowd to sell more alternative investments

“There’s a big pull to alternative investments right now because of volatility of the stock market,” Kevin Gannon, CEO of Robert A. Stanger & Co., said.

Record RIA M&A activity marks strong start to 2025
Record RIA M&A activity marks strong start to 2025

Sellers shift focus: It's not about succession anymore.

IB+ Data Hub offers strategic edge for U.S. wealth advisors and RIAs advising business clients
IB+ Data Hub offers strategic edge for U.S. wealth advisors and RIAs advising business clients

Platform being adopted by independent-minded advisors who see insurance as a core pillar of their business.

SPONSORED Compliance in real time: Technology's expanding role in RIA oversight

RIAs face rising regulatory pressure in 2025. Forward-looking firms are responding with embedded technology, not more paperwork.

SPONSORED Advisory firms confront crossroads amid historic wealth transfer

As inheritances are set to reshape client portfolios and next-gen heirs demand digital-first experiences, firms are retooling their wealth tech stacks and succession models in real time.