A 2021 Cybersecurity Checklist
Advisor Perspectives welcomes guest contributions. The views presented here do not necessarily represent those of Advisor Perspectives.
With cybercrime up and the FBI urging heightened vigilance during COVID-19, it’s imperative that financial advisors brush up on all the ways they must protect client data.
Protecting sensitive information is particularly challenging for advisors. Two-thirds of the advisory profession consists of independent advisors running small businesses. Since they don’t benefit from the dedicated IT resources of bigger corporations, the task of securing an organization often falls on business owners. Many don’t know where to start.
You can take active steps to protect your practice, clients, and employees by:
- Securing your devices
o Password-protect any information sent through physical (e.g. paper, removable drives, other storages devices) or electronic mail; usernames and passwords should contain a minimum of eight characters and include a mix of uppercase and lowercase letters, numbers, and special characters.
o Use a password manager to help you generate strong passwords and keep them in a single, secure, organized application.
o Consider multi-factor authentication, which adds an extra layer of security to ensure only you can access your account, even if someone gets a hold of your username or password.
o Use a trusted anti-virus software and keep it updated.
o Keep the software on your devices updated as well.
o Be careful what you open and download; email attachments may contain malicious code or viruses.
o Ensure your devices are password protected and locked when not in use.
- Secure your network
o Make sure your home and office Wi-Fi networks are password protected.
o Have a separate network for guests.
o Do not use the default password on the Wi-Fi or administration screen for your network.
o Use a virtual private network (VPN) when working on an unknown or public network.
o Domain name system (DNS) management services help secure networks by preventing access to inappropriate websites, blocking phishing sites, and preventing virus/malware infections.
- Regularly back up your data
o Schedule automatic back-ups and store them at another secure site or in the cloud.
- Securing your physical site
o Install proper locks and an office security system to control physical access; limit protected access to keys and security system password(s).
o Consider security cameras; there are several low-cost, effective systems available.
o Keep an inventory of physical business assets.
o Have a documented plan in the event of an intrusion; ensure employees are properly trained to respond.
Even with the right safeguards in place, hackers are often able to gain access using engineered attacks designed to trick victims into giving up passwords and other personal information. Educate your employees and clients to ensure they are:
- Cautious about opening emails from unknown or unsolicited senders, and checking email addresses to avoid phishing attempts and damaging attachments;
- Using responsible browsing practices; they should know how to spot suspicious links, avoid untrusted sites, and malicious downloads;
- Confirming the identity of anyone on an inbound call or email before providing them with sensitive information;
- Locking or turning off their devices when not in use;
- Using a password on all devices;
- Not leaving their devices lying around in the open; and
- Not exposing confidential information on unsecure networks, such as public or free Wi-Fi.
The strongest line of defense against cyber-attacks is based on continuous education, cooperation, and vigilance among all stakeholders. This starts with you.
For more information on safeguarding your data, seek the services of a security expert or business consultant who has the security expertise to provide comprehensive guidance and support.
Carrie Hansen is EVP, chief operating officer and president mutual funds at AssetMark, a turnkey asset management platform provider.