Cybersecurity Matters: Protect Your and Your Clients' Investments

Written by: Thomas Fink , Vice President of Institutional at Ameritas Life Insurance Corp.

If you watch the news with any regularity, you know that data breaches can happen to even the biggest and best-known entities. And not only are they expensive for companies and consumers to deal with but they also erode the trust that registered investment advisors (RIAs) have worked hard to build with their clients.

The fact is, nearly half of Americans (49 percent) feel that their personal information is less secure than it was five years ago, according to a study on Americans and Cybersecurity from Pew Internet Research . That same study found that 58 percent of Americans age 50 and older feel that their personal information has become less safe in recent years, compared to 41 percent of Americans ages 18 to 49. What’s more, many Americans lack faith in public and private institutions to protect their personal information from those who would seek to compromise it for their own gain.

So where does that leave RIAs?

Ultimately, RIAs have the responsibility to conduct due diligence on all technology providers—and they’re responsible in the event of a data breach. It can be a tough pill to swallow, considering RIAs have smaller pocketbooks, but unfortunately, that’s the reality of the regulatory landscape RIAs live in.

To help face that reality head-on, there are plenty of ways RIAs can build regulatory compliance into their day-to-day operations:

  • Protecting the business. Cyberinsurance has emerged as the fastest-growing type of coverage among U.S. companies, according to the Wall Street Journal . RIAs should consider working with an errors and omissions (or E&O) insurance provider for potential coverage options related to data breaches.
  • Empowering employees. Advisors and their support staff are rarely going to be IT experts, so training is key! Staff should be trained to identify and report any suspicious activity from emails or phone calls requesting fund transfers. It’s also wise to develop a crisis/response plan for employees to follow in the event of a data breach.
  • Putting strong policies in place. Establish guidelines and procedures that are designed to protect client data, like ongoing audits and assessments, internet use and file-sharing policies, and strong password protocols.
  • Managing devices. Advisors and support staff should use VPN (virtual private network) access when working outside the office and regulate the ability to store and access client data on personal devices. Additionally, all devices that access personally identifiable information should have encryption and two-factor authentication.
  • No matter what approach is taken, it’s up to leaders to make data security a priority in order to protect their businesses, keep their clients safe and strengthen the trust they’ve worked so hard to build.

    Related: Why Cybersecurity Is One of the Biggest Concerns for CEOsRelated: Cybersecurity Is Now the Biggest Risk Facing Independent RIAs

    If you’re not sure where to look, the SEC’s Compliance Outreach Program is a great place to start. Additionally, networks like FPA and SIFMA are valuable sources of ongoing education and other resources. When it comes to cybersecurity, the best approach is a good defense, so don’t be afraid to dive in and start shoring up your protections. You’ll be glad you did when the next data breach makes the news.