Tips for developing a cybersecurity plan for your firm

Tips for developing a cybersecurity plan for your firm
As cybercriminals become bolder and more sophisticated in their efforts to hack into networks, it's more important than ever for your firm to have a comprehensive plan to protect its data.
NOV 15, 2021

Cybercriminals are becoming bolder and more sophisticated in their efforts to hack into networks in search of personal information and ultimately, large sums of money. At the same time, technology has developed in a way that can enhance the capabilities of these bad actors. That’s why now more than ever, it’s important to have a comprehensive cybersecurity plan for your firm.

HOW MERIT IS PUTTING ITS PLAN INTO ACTION

Merit Financial Advisors has made a major investment in technology in recent months. One of our primary focuses is to consolidate client data into a single internal system. While a lot of that data is already under our ownership, we are focused on extending all of those ones and zeros into a data warehouse, creating direct feeds of information from different sources. A data warehouse creates an automated means of receiving data, rather than having it manually entered into a system.

None of these processes would be successful without proper planning, putting a multilayered cybersecurity plan in place to ensure all of this confidential data is protected. Merit has put the following safety measures in place in order and we recommend other firms do the same to give advisers and clients peace of mind:

  • Encryption: Whether data is being transferred or is at rest, make sure it's being encrypted, or coded, to prevent unauthorized access. In addition, make sure the portals between your firm’s systems and the systems of your outside partners are encrypted, as well.
  • Multifactor authentication: This is one of Merit’s biggest lines of defense when it comes to combating cyberattacks. Any system that has personal information cannot be accessed without the MFA, single sign-on approach. In essence, this removes virtually any ability for those outside of our network to access any of our portals.
  • Employee awareness training: We require all employees to undergo periodic digital awareness training to make sure they learn the best cybersecurity practices for protecting their data. The most common way for a cybercriminal to access a digital system is through a phishing attempt, or sending an email claiming to be from a reputable company in an effort to get an employee to click a link and submit personal information. Our goal is to keep our team fully up to speed on the latest tactics and tricks cybercriminals are using, so we test our system and users with authentic-looking emails and false phishing attempts. We train users to check for identifiers, such as the full email address at the top of a message, to be sure the note they’re receiving is legitimate.
  • Network monitoring: Similar to the way we monitor our staff’s interactions with fake phishing emails, our technology team constantly tracks all of our systems, including physical computers and virtual desktops. Team members are also able to follow the movement of employees' files, keeping a log to monitor activity. If we notice a bad practice, like saving an email attachment locally to a computer, we ask the employee to remove the file and be sure they know how to save it properly.
IT TAKES A TEAM

It wouldn’t be possible to manage a complex network of technological systems without outside partners. At Merit, we teamed up with F2 Strategies, a wealth technology consulting firm, which has advised us through the development and now the action phases of our comprehensive technology plan. We also work with North Networks, an IT support system that serves as host cloud for our data. Our team’s thorough research led us to these partner firms, which hold the same high standards for data protection and safety as we do.

STAY AHEAD OF THE GAME

Merit continues to do the most it can to stay ahead of the game when it comes to cybersecurity. It’s important for any firm that's serious about investing and protecting their technology and data to continue training and educating their staff on best practices. Too often, someone can get into a bad habit that could result in their firm being vulnerable to a bad actor. Continued education and training is the best way to promote data safety and security, which are in the best interests of your firm and your clients.

JP Pattinson is a wealth advisor and vice president of technology at Merit Financial Advisors.

Latest News

Trump teleprompter operator placed on unpaid leave amid probe into alleged Kalshi bets
Trump teleprompter operator placed on unpaid leave amid probe into alleged Kalshi bets

“The White House has extremely strict ethical guidelines with respect to issues like this,” said Press Secretary Karoline Leavitt.

GPB, the priest and a get out of jail card
GPB, the priest and a get out of jail card

Just how much does it cost for a financial advice exec to stay out of prison?

St. Louis pension fund sues FS/KKR advisor over alleged excessive fees
St. Louis pension fund sues FS/KKR advisor over alleged excessive fees

The advisor both prices FSK's private loans and gets paid on those prices, the suit claims

SEC moves to make electronic delivery the default for investor disclosures
SEC moves to make electronic delivery the default for investor disclosures

The proposal would end decades of paper-first delivery rules, but keeps a paper opt-out and draws early praise from fund and annuity industry groups.

Trump accounts could encompass every US family, 70 million children, says IRS chief
Trump accounts could encompass every US family, 70 million children, says IRS chief

The Trump accounts are “generationally changing” and bring financial literacy to youth, said IRS chief Frank Bisignano.

SPONSORED Direct indexing webinar targets tax-loss harvesting amid market swings

Northern Trust’s Ken Lassner shows advisors how to convert volatility into after-tax portfolio gains

SPONSORED Who builds the income when the pension disappears?

Dan Biagini of American Equity says the steady decline of pensions, longer lifespans and a reset in interest rates are rewriting how advisors build retirement income