It’s no secret that 2014 was the “year of the hacker”. Huge companies like JP Morgan and Apple were the victims of cybersecurity breaches that affected thousands of consumers. In an effort to reduce these attacks, both the Securities and Exchange Commission (“SEC”) and the Financial Industry Regulatory Authority (“FINRA”) have reported increased focus on cybersecurity and technology. This week, we want to share our tips to help avoid a cybersecurity breach.
Periodic Firewall Testing
- Many advisory firms have dedicated IT personnel who should conduct periodic firewall testing. Attempting to “hack” into your firm’s systems allows the IT team to identify the system’s strengths and weaknesses.
Encrypt files with private client information whether the information is being sent via email or stored on firm systems
- Although we don’t recommend sending clients non-public information via email, we do advise firms to “protect” such information when sent electronically. Unfortunately, hackers can access emails after your server releases them. Encrypting non-public information in emails ensures it is unreadable during the “transport” phase. We suggest consulting your IT personnel to learn how to encrypt information in your emails
Websites that require login information should disabled automatically after a certain number of failed login attempts
- Allowing infinite password attempts is a huge “no-no”; it allows hackers the opportunity to try a variety of passwords. We suggest locking the system after 3 failed attempts.
Appoint a “Password Protector”
- We understand how difficult it would be to try to memorize or store various passwords. We recommend appointing a trusted employee as the ‘password protector’. This person should keep a log- hidden in a secure location- of the entire firm’s password information for the firm’s many accounts.
We hope our Big 4 list helps you manage your firm’s cybersecurity efforts. Please keep in mind that the above list is just a sampling of the steps firm should consider when implementing their cybersecurity program.
Check out last year’s Risk Management Update: Cybersecurity – Important Considerations for IAs and BDs.
For more information on this and other related subjects, please contact us at (619) 278-0020 to schedule a consultation.