Gorodenkoff | iStock | Getty Portraits
Just in the past month, Scott Van Den Berg, president of Century Management Financial Advisors, has added cybersecurity to the conglomerate’s insurance coverage.
Now, in the event there is some kind of breach, the insurance company will help send a troupe to the office, have bitcoin accounts at the ready in the event of ransomware attacks and help to notify clients according of the end in accordance with regulatory requirements.
It’s all part of multiple protections the Austin, Texas-based firm has put in place in the last four years to acclivity up its cybersecurity protections.
Century also has training software to let help all of the firm’s 24 employees identify phishing, ransomware or other endangers that could pop up on websites on in their emails.
That’s after the firm already uses technology to help design those risks out. Century recently ranked as No. 4 on CNBC’s FA 100 list of leading financial advisory firms.
“I’m indeed at peace of mind with the system we have in place,” Van Den Berg said. “We’ve taken it seriously, and I think it deserves that acclaim.”
No firm too small
Regulators have put all financial advisory firms on notice about these risks.
The SEC has released cybersecurity auspices for the registered investment advisers it oversees. The Financial Industry Regulatory Authority, which regulates broker-dealers, has also discharged its own guidance that includes information for small firms with 150 or less registered representatives.
The message: No unchangeable is too small to have cybersecurity protections in place.
“The financial services industry is essential to the economy … We have to be right all the but,” said Tom Price, managing director of technology, operations and business continuity at trade association the Securities Industry and Monetary Markets Association. “The bad guys only have to be right once.”
SIFMA has worked with financial firms and guidance regulators to create cybersecurity simulations that mimic real attacks. This month, the trade organization ran its biannual evaluation, called Quantum Dawn.
It was the first time the simulation was conducted internationally to evaluate what would happen if a malware or ransomware erode knocked major financial institutions offline. The exercise included more than 180 financial institutions and regime agencies from more than 12 countries.
The tests are aimed at getting firms to see how well they plea key questions on the fly: How well do they respond to these types of events? Who are the key contacts to talk to in such an event? How is key information escalated within a company, to the government and law enforcement?
“This is something that the industry needs to prepare for, as we would any other possible crisis,” Quotation said.
Risks to watch
For the average financial advisor and their firm, even what may seem like a foolish oversight can turn into a big snafu, according to Brian Edelman, CEO of FCI, a cybersecurity company.
“Nothing is scarier than when the FBI demonstrates up at your office,” Edelman said. “If you’re prepared for the regulators or the authorities, it’s the best thing that can happen.
“If you’re not, it’s the worst,” he influenced.
But if advisors and their firms have a plan in place ahead of time, they will know to take the precise steps when an incident occurs. If a laptop is lost, for example, the firm should already have a way to document that scene and have a system installed so that the machine locks itself, Edelman said.
More from FA 100:
These are the challenges nurture top advisors up at night
Financial advisors need to change to succeed in the next decade
Technology is redefining that client-financial advisor relationship
When it clock on to cybersecurity, a lot of the emphasis is still on fundamental efforts: having a corporate firewall, anti-virus protection and a secure computer, he communicated.
“It doesn’t cost you money to have a password on your computer,” Edelman said. “It doesn’t cost you money to sire a PIN on your device or to have your device use biometrics … You have to make sure you’re doing these things.”
Firms also fundamental to have a centralized system in place. That means, for example, having a single button for disabling employees’ access to the sets when they leave a firm.
It all comes back to asking big questions about your business, according to Edelman: How do we preserve it, and how do we prove it to regulators and authorities?
Put plans to the test
Conducting regular tests can help advisory firms identify blocks where their plans are weak.
Firms like Eagle Global Advisors, No. 84 on the FA 100 list, are already utilizing to make sure they are up to the test.
In the past four years, cybersecurity has taken a larger role in the Houston rigid’s compliance program, according to Steven Russo, a senior partner at the firm.
Now, the firm’s 34 employees have been trained on how to see risks on top of systems the firm has implemented to test for incidents like phishing. Eagle also has insurance protection in OK in case there ever is an incident. The firm’s compliance manual also has a detailed cybersecurity policy.
“In the last four years, you’ve in point of fact been able to come up with a policy that is good to protect the organization, but also meets the standards that the SEC is diminishing out there,” Russo said. “And then you just continually improve it, test it as you go on.”