The finance industry has always been a top target for hackers, scammers, and malicious threat actors.
In 2021, the Security and Exchange Commission (SEC) charged eight firms, including a handful of Cetera’s independent brokers and dealers, for “faulty cyber policies and procedures that didn’t protect private client information.” (Wealth Management.com)
As a managed service provider that specializes in the wealth management industry, here is our expert advice on how to protect your firm in 2022.
Set up MFA on Everything You Can
One such shortfall was the lack of multi-factor authentication (MFA), a security measure several firms had in their security plans but had failed to implement, leaving themselves and their clients open to unnecessary risk.
MFA is an extra layer of defense against hackers that helps keep your most important accounts secure. In fact, according to Microsoft, MFA can block over 99.9% of account compromise attacks (Microsoft). It has become so important that, in order to provide coverage, cyber insurance carriers are now requiring MFA on key systems and accounts.
Although the long name can sound intimidating, muti-factor authentication is easy to use. All you need to do is validate your login attempt using two or more verification methods. For example, you could type your password and use Face ID, or push an alert on your phone after signing into your bank account. Office 365, VPNS, and Google Accounts are excellent candidates for MFA.
Watch our recent video to find out more about why MFA is so important.
Consistent Training for All Employees
Cybersecurity is everyone’s responsibility. It only takes one person in the organization to cause a business-ending breach. Luckily, we have put together a video on the top causes to pause – check out the most common cyber-attack red flags.
Some of the most common cyber-attacks we witness are social engineering attacks. Hackers use methods of phishing, spoofing, and malicious attachments to infiltrate your system and trick your people. The best way to prevent such attacks is to regularly educate and test your team to create a culture of cybersecurity awareness.
Keep Everything Up to Date
As software becomes more complex and offers you new features, hackers inevitability find security gaps to infiltrate. Many of the updates you install on your operating systems (Apple, Windows) and applications (Excel, Paladin, etc.) are full of new security components made to help keep your systems safe. The longer you go between these critical updates, the longer your IT system is exposed to such malicious attacks.
A notable example is Apple’s past iOS vulnerabilities. Recently, Apple released a crucial security update that fixed a major hole in iPhones and iPad’s security. Until the update was installed, hackers were able to remotely control your device without you ever knowing. While we trust big tech companies like Apple and Microsoft with our livelihoods, nothing is perfect. That is why it is so important to install the latest updates as soon as one is available.
Check out our tutorial on how to enable automatic updates on iPhones and iPads. That could be one less thing you have to worry about at the end of the day.
Validate You Have the Appropriate Cyber Insurance
Falling victim to a cyber-attack is inevitable nowadays. According to Verizon, 92% of these breaches are financially motivated. The cost of a breach is far more expensive than most people anticipate. Cyber insurance is one of the essential components to ensuring your firm can financially survive one of these expensive attacks.
If you do not already have a cyber insurance policy, get one immediately. Your IT provider’s insurance does not cover any attacks you experience, so if you fall victim, you are on the hook for any unforeseen costs. This includes ransom, paying expert negotiators, replacing equipment, loss of billable hours, plus strengthening your security post-attack. Ransoms alone could mean potential bankruptcy for most wealth management companies.
Cyber insurance policies will vary greatly. Make sure you understand what is covered and what is not by your policy. They may cover a portion of ransoms, but not equipment replacements. Having the right insurance policy for your firm can be critical when it comes to the costs of a breach.
Taking steps to protect your people and your firm from threats is more important than ever. By following these best practices for cyber security in wealth management, you are one step ahead of the malicious actors who are targeting your industry in 2022.
Do you have questions or concerns about mitigating your risk? Our team of experts is ready to help you with solutions and services that will protect your wealth management firm. Reach out via email or call us at 503.635.7414 to begin your process of keeping your people protected, productive, and happy.