Leave a comment

Cybersecurity: Preparing Your Team

2016Cybersecurity_Whitepaper2_V5.inddCybersecurity is high on advisers’ priority lists.

In a white paper released by the Financial Planning Association and TD Ameritrade Institutional found that 81 percent of advisers say cybersecurity is high or very high among their firm’s priority list.

But there is a gap when it comes to providing mandatory training for staff. The white paper, titled “Cybersecurity: Is Your Team Prepared?” reported that 11 percent of firm CEOs “completely agree” that their team is fully aware of what would be required to adhere to guidelines set out by the Office of Compliance Inspections and Examinations (OCIE). And only 44 percent of firms with more than one team member provide mandatory training for employees.

But finding the right training for you and your staff is the ticket to closing that gap and safeguarding and preparing your firm for cyber attacks.

The white paper reported that the average team member receives less than two hours of cybersecurity training per year. But it offered some steps to take action on training.

  1. Define clear goals when it comes to cybersecurity. Keep the OCIE requirements as well as the goals of your team in mind during training.
  1. Define team expectations in relation to those goals. Be clear and concise in communicating your expectations.
  1. Gather input from the team. What questions or concerns do your team members have when it comes to cybersecurity?
  1. Conduct anonymous internal assessment. Find out what your team knows and understands regarding OCIE requirements and cybersecurity.
  1. Identify gaps. Focus your training on closing these gaps.
  1. Create training process. Determine how often, whether its mandatory and how you will deliver training, among other things.
  1. Summarize training process. Summarize the process on a single page so you can tell your clients what you are doing.

For a full sample assessment recommended in step No. 4, download the full white paper here.

AnaHeadshotAna Trujillo
Associate Editor
Journal of Financial Planning
Denver, Colo.

 


Leave a comment

Be Proactive about Cybersecurity

Your clients are concerned about cybersecurity.

A recent study by Kaspersky Lab, a global cybersecurity firm, found that 65 percent of consumers worry about the cybersecurity practices of companies that have their personal and financial information. And yet the first of three white papers by FPA Research and Practice InstituteTM, “Cybersecurity: Client Perception and Communication,” sponsored by TD Ameritrade Institutional, found that only 11 percent of financial advisers surveyed think clients are “very worried” about this issue.

Regardless of perception how many clients may or may not be worried about cybersecurity issues, cybersecurity risks to advisers and their client are real. The FPA white paper offers the following steps to be more proactive:

  1. Conduct a team meeting. In this meeting, ask employees what their experience has been and whether they’re hearing concern from clients.
  1. Gather data. Find out specifically what clients are concerned about. A survey might help with this. Doing so will help you determine what gaps exist between what your clients are worried about and what you are doing to mitigate their worry.
  1. Decide your role. Determine whether you want to reach out to clients proactively and tell them what your game plan is in case a breach exists, or reach out reactively.
  1. Map out communications plan. Figure out what you’ll say over multiple channels because one form of communication won’t be enough. You’ll need to communicate through emails, blog posts, articles, conference calls, etc.
  1. Focus on consistency. Make sure every staff member is relaying the same message to clients. Ensure all team members understand the issue.

Download the first of three white papers, as well as the full, original study at www.OneFPA.org/cybersecurity.

 

AnaHeadshotAna Trujillo
Associate Editor
Journal of Financial Planning
Denver, Colo.

 


Leave a comment

There’s Work to Be Done, says Cybersecurity Report

FPA_2016Cybersecurity_Report_R7.inddA day doesn’t go by when there’s not some attempt to hack personal information, Bryan Baas, the managing director of risk oversight and control for TD Ameritrade Institutional said at press conference at FPA BE 2016.

Baas was speaking on the results of the “Is Your Data Safe? The 2016 Financial Adviser Cybersecurity Assessment” study conducted by the FPA Research and Practice Institute™ and sponsored by TD Ameritrade Institutional.

Advisers are well aware of the issue and 81 percent of those surveyed say it is a high priority for them. But despite this, less than half of the advisers surveyed don’t understand the risks and how to mitigate them.

“Cybersecurity is with us every, single day,” Dan Skiles, president of Shareholders Service Group and a member of the FPA Board of Directors said. “It is something advisers need to worry about today, tomorrow, 10 years from now.”

The report found that there are several areas where advisers can improve in terms of establishing and implementing documented policies and procedures.

When it came to governance and risk assessment, 57 percent of the 1,015 survey participants had documented policies and procedures in place; 59 percent had them in place for access rights and prevention; 58 percent had them for data loss prevention; 51 percent had them for vendor management; and 43 percent had them for incident response.

Simply becoming aware that there is work to be done is an important first step.

untitled-7041What Can Planners Do Now
It doesn’t have to be so complicated, said Brian Edelman, CEO of Financial Computer Services, Inc.

Become aware. Become aware of what components you need to be looking at. Take an inventory of your data and do some risk assessment, which is similar to what you do with your clients.

Know that if there is a breach, you are responsible for notification. It’s embarrassing and distracting to have to tell all your clients there has been a breach, but the rule is clear that you must be the one to notify the clients.

If you have plans in place, practice them once. Ensure that your team is aware of what to do in each type of event that could possibly occur.

Give your clients tips to stay safe. Oftentimes, a breach that happens to you happens because one of your clients was hacked. So give them tips to employ tools like dual-factor authentication on their Gmail accounts.

Vet your vendors. You’re trusting these third-party technology companies with your information, so ensure that they are safe themselves. Visit their offices and see how they work and ensure they’re doing all they need to do to keep you safe.

These things might be a pain, but they’re necessary steps to ensure yours and your clients safety.

“What is an inconvenience to you is most likely a roadblock to the bad guy,” Baas said.

Three upcoming whitepapers will be released by The FPA Research and Practice Institute™ and TD Ameritrade Institutional that will give advisers information on the following topics: how advisers are communicating with clients regarding cybersecurity; how advisers are training their teams on issues related to cybersecurity; and what tools and technology (and its associated costs) advisers are using to protect their business.

For the full study, visit www.onefpa.org/Cybersecurity.

AnaHeadshot

 

Ana Trujillo
Associate Editor
Journal of Financial Planning
Denver, Colo.


Leave a comment

Step Up Cybersecurity

As planners incorporate more technology into their offerings to clients, it’s imperative they stay on top of their cybersecurity measures.

“Cybersecurity is a major issue for financial planners in today’s highly technical, digital world,” writes Ben Lewis, FPA’s public relations team leader on an FPA Connect post calling for participants for a cybersecurity assessment that has since ended.

Anthony Stitch explains in the forthcoming August issue of the Journal of Financial Planning that planners who don’t provide the technology clients want these days may lose those clients to firms they like less but that offer the technology they prefer. This, he writes, is called digital attrition. Members, you’ll get to read the full article when it comes out. And if you’re not yet a member, maybe now is the time. Learn more here.

“As you incorporate more technology into the running of your firm, it’s important that you stay educated on best practices for cybersecurity,” Blane Warren, an industry leader in financial services marketing, compliance, and technology, writes on XY Planning Network’s website.

But planners this move toward providing more technology options means planners need to step up their cybersecurity game in order to keep their clients and themselves safe. Something they’re not currently doing very well, according to a report from External IT titled “Financial Services Firms Face Further Scrutiny of Their Cybersecurity Practices: Is Your Frim Ready?”

InvestmentNews reports that that report found three key areas were lacking in terms of financial cybersecurity: security policy, firms failing to audit their IT security; accountability when moving data, moving data to personal and home devices without tracking measures; and disaster recovery, not having emergency business continuity plans.

This isn’t to say that planners don’t want to address cybersecurity issues, rather they don’t know where to go to get their information, Brian Edelman, chief executive of Financial Computer Services told InvestmentNews.

Edelman recommends using a cybersecurity firm that understands financial services.

In a recent article, ThinkAdvisor recommended planners check out the following resources: National Institute of Standards and Technology (nist.gov) and the Financial Services Information Sharing and Analysis Center (fsisac.com).

AnaHeadshot

 

Ana Trujillo
Associate Editor
Journal of Financial Planning
Denver, Colo.