Tips for developing a cybersecurity plan for your firm

Tips for developing a cybersecurity plan for your firm
As cybercriminals become bolder and more sophisticated in their efforts to hack into networks, it's more important than ever for your firm to have a comprehensive plan to protect its data.
NOV 15, 2021

Cybercriminals are becoming bolder and more sophisticated in their efforts to hack into networks in search of personal information and ultimately, large sums of money. At the same time, technology has developed in a way that can enhance the capabilities of these bad actors. That’s why now more than ever, it’s important to have a comprehensive cybersecurity plan for your firm.

HOW MERIT IS PUTTING ITS PLAN INTO ACTION

Merit Financial Advisors has made a major investment in technology in recent months. One of our primary focuses is to consolidate client data into a single internal system. While a lot of that data is already under our ownership, we are focused on extending all of those ones and zeros into a data warehouse, creating direct feeds of information from different sources. A data warehouse creates an automated means of receiving data, rather than having it manually entered into a system.

None of these processes would be successful without proper planning, putting a multilayered cybersecurity plan in place to ensure all of this confidential data is protected. Merit has put the following safety measures in place in order and we recommend other firms do the same to give advisers and clients peace of mind:

  • Encryption: Whether data is being transferred or is at rest, make sure it's being encrypted, or coded, to prevent unauthorized access. In addition, make sure the portals between your firm’s systems and the systems of your outside partners are encrypted, as well.
  • Multifactor authentication: This is one of Merit’s biggest lines of defense when it comes to combating cyberattacks. Any system that has personal information cannot be accessed without the MFA, single sign-on approach. In essence, this removes virtually any ability for those outside of our network to access any of our portals.
  • Employee awareness training: We require all employees to undergo periodic digital awareness training to make sure they learn the best cybersecurity practices for protecting their data. The most common way for a cybercriminal to access a digital system is through a phishing attempt, or sending an email claiming to be from a reputable company in an effort to get an employee to click a link and submit personal information. Our goal is to keep our team fully up to speed on the latest tactics and tricks cybercriminals are using, so we test our system and users with authentic-looking emails and false phishing attempts. We train users to check for identifiers, such as the full email address at the top of a message, to be sure the note they’re receiving is legitimate.
  • Network monitoring: Similar to the way we monitor our staff’s interactions with fake phishing emails, our technology team constantly tracks all of our systems, including physical computers and virtual desktops. Team members are also able to follow the movement of employees' files, keeping a log to monitor activity. If we notice a bad practice, like saving an email attachment locally to a computer, we ask the employee to remove the file and be sure they know how to save it properly.
IT TAKES A TEAM

It wouldn’t be possible to manage a complex network of technological systems without outside partners. At Merit, we teamed up with F2 Strategies, a wealth technology consulting firm, which has advised us through the development and now the action phases of our comprehensive technology plan. We also work with North Networks, an IT support system that serves as host cloud for our data. Our team’s thorough research led us to these partner firms, which hold the same high standards for data protection and safety as we do.

STAY AHEAD OF THE GAME

Merit continues to do the most it can to stay ahead of the game when it comes to cybersecurity. It’s important for any firm that's serious about investing and protecting their technology and data to continue training and educating their staff on best practices. Too often, someone can get into a bad habit that could result in their firm being vulnerable to a bad actor. Continued education and training is the best way to promote data safety and security, which are in the best interests of your firm and your clients.

JP Pattinson is a wealth advisor and vice president of technology at Merit Financial Advisors.

Latest News

Farther debuts AI investment proposal tool for advisors to win clients
Farther debuts AI investment proposal tool for advisors to win clients

"Im glad to see that from a regulatory perspective, we're going to get the ability to show we're responsible [...] we'll have a little bit more freedom to innovate," Farther co-founder Brad Genser told InvestmentNews.

Barred ex-Merrill Lynch advisor arrested in alleged $2.6M theft of former Miami Dolphin Pro Bowler
Barred ex-Merrill Lynch advisor arrested in alleged $2.6M theft of former Miami Dolphin Pro Bowler

Former advisor Isaiah Williams allegedly used the stolen funds from ex-Dolphins defensive safety Reshad Jones for numerous personal expenses, according to police and court records.

Are you optimally efficient?
Are you optimally efficient?

Taking a systematic approach to three key practice areas can help advisors gain confidence, get back time, and increase their opportunities.

Advisor moves: Father-son duo leaves Raymond James for LPL, RayJay adds Merrill Lynch alum in Florida
Advisor moves: Father-son duo leaves Raymond James for LPL, RayJay adds Merrill Lynch alum in Florida

Meanwhile, Osaic lures a high-net-worth advisor from Commonwealth in the Pacific Northwest.

Beacon Pointe adds six RIAs in two-month acquisition spree, boosting AUM by $2.7B
Beacon Pointe adds six RIAs in two-month acquisition spree, boosting AUM by $2.7B

The deals, which include its first stake in Ohio, push the national women-led firm up to $47 billion in assets.

SPONSORED How advisors can build for high-net-worth complexity

Orion's Tom Wilson on delivering coordinated, high-touch service in a world where returns alone no longer set you apart.

SPONSORED RILAs bring stability, growth during volatile markets

Barely a decade old, registered index-linked annuities have quickly surged in popularity, thanks to their unique blend of protection and growth potential—an appealing option for investors looking to chart a steadier course through today's choppy market waters, says Myles Lambert, Brighthouse Financial.