Cybersecurity is becoming an ever increasing concern today, with the widespread use of computers, smart phones, and tablets it’s almost impossible to live our lives without the use of these devices. Research company Gartner predicts that by the year 2020 there will be 2 – 3 connected devices for each person on the planet (based on current U.N. population projections). That’s more than 20 billion connected devices, a 194% increase in the next 4 years.
More and more of our personal information is floating in the elusive cloud where we expect it to be safe, especially if that information is in the hands of our banks, financial advisors, and other authorities we put our cybersecurity trust in. But what happens if your data is breached? Even in capable hands the threat is increasing. The prevalence and continued steady growth of connected devices presents an unprecedented opportunity for hackers. And it’s an opportunity experts say hackers plan to seize.
Brian Edelman, CEO of Financial Computer Services (a data security company with more that 20 years of experience), is a nationally recognized technology advisor who specializes in both financial services and technology. Making him uniquely qualified to advise on the risks of data security breaches and how to prevent them.
In today’s Guest Post, Brian shares his expertise on cybersecurity and breaks down exactly what steps you need to take if you fall victim to a cybersecurity breach, specifically at the hands of your financial investment firm.
Imagine, a cybersecurity breach has occurred at your financial advisor’s firm. Important and sensitive information that you have trusted your advisor with has been compromised. Now what?
Your first reaction may be to fire your financial advisor on the spot. That is the initial reaction from almost everyone we talk to.
However, this is exactly what you should not do. Your financial advisor might be the key to securing your information, and you do not want to destroy that relationship — at least, not just yet.
Instead, talk to your financial advisor about the situation. Gather information and find out everything you can about the breach.
Then take the following steps.
- Change your passwords and pins. Make sure to change your passwords and pins on all of your accounts. This helps to prevent fraudulent access into these accounts. If you use the same passwords or pins anywhere else, you are going to need to change them as well.
- Watch your credit reports. Look for accounts or charges you do not recognize. Cyberthieves can use the leaked information to open accounts in your name. Putting a fraud alert on your credit would be a good idea. For even more protection, you can put a security freeze on your credit.
- Contact your bank and credit card companies. Let these financial institutions know that a breach has occurred with your financial advisor and that your information may have been compromised. Ask them to cancel your account(s) and issue you new account numbers.
- Set notifications. Log into your accounts and set up your notifications. You can set up text or email alerts to notify you of any activity so you will immediately be made aware of any unauthorized transactions.
- Get your advisor’s cybersecurity insurance information. Just like when a loss has occurred in a vehicle accident, one of the most important items to get is the insurance information of the other driver; insurance companies have the experience, resources and money to mitigate the damage. So be sure to ask your financial advisor for the details of their cyber insurance policy information. Without proper cyber insurance and an incidence response plan, the financial advisor’s practice more than likely will not survive a breach.
Hindsight, of course, is 20/20, but there are some questions that you should ask your financial advisor before a cybersecurity breach ever occurs. And chances are, you probably do still have time, because your advisor hasn’t been hacked … yet. But the risks do grow every day with the more we rely on technology, so ask these questions before it’s too late:
1. Do you have a WISP, and can I see it?
This is a Written Information Security Plan. The financial advisors of a firm that has a WISP typically have better security awareness. These plans need to include appropriate administrative, technical and physical safeguards to protect your private information.
2. Are all devices that have access to my private information encrypted?
A financial advisor’s WISP plan requires that all devices containing any private information be encrypted. To what extent are these devices encrypted? We recommend devices have Full Disk Encryption. Full Disk Encryption will keep all of the information stored on them safe, preventing unauthorized parties from seeing your private information.
4. How do you dispose of records containing private information?
Discarding records that contain private information on them before rendering the information unreadable puts your information at risk. Federal and state laws require that financial advisors take steps to protect private information from unauthorized access or use during disposal. This includes burning, shredding or pulverizing paper records and permanently erasing all electronic media containing your private information.
5. How do you select and monitor your service providers (vendors)?
Any vendor that your financial advisor is using that has access to your private information needs to be contractually required to maintain appropriate safeguards to keep your private information safe.
6. What custodians or broker-dealers do you use?
Find out about the financial institution. Knowing what custodians or broker-dealers your financial advisor uses can help you decide if they are the right advisor for you.
Asking questions is not enough!
You know the old saying, “Seeing is believing.”
What have you observed your financial advisor doing to protect your private information?
When your financial advisor receives hard-copy documents from you that contains your private information, do they take the time to express being careful with your private information? If your financial advisor needs to send
you an email containing private information, how do they send the email? Are they sending it using a secure email program, or are they just sending it via regular email? Anytime an email is sent containing private information, it needs to be sent using a secure email program.
Did your financial advisor take the time to help you set up notifications on your accounts? How do they respond when you have a question?
Selecting the wrong financial advisor could be as risky as taking your entire life savings to a casino and betting it on one hand. You wouldn’t want to gamble away your life savings, so you should not hand over the financial reins to someone who is not trustworthy.
Yes, now it might be time to fire your advisor.
If you are among the unlucky clients who has never asked these questions, you still need to consider each one after a breach. And once you have gathered all the relevant information, the biggest question of all is still left to answer:
Has your financial advisor done everything required in order to protect your private information?
If the answer is no and your information is now in the hands of cybercriminals, you are going to want to hire an attorney and, most likely, fire your financial advisor at the end of the process.
However, if the financial advisor was taking all of the necessary actions to keep your information safe, you are going to want to get on the team with your financial advisor and work to help resolve this breach.
We recognize that a data breach is scary, but you do not have to panic. Data breaches do not necessarily mean that you will become a victim of identity theft. Following the advice above will help make this high-stakes decision of whether to keep or choose a new financial advisor a little easier — and reduce the risk of theft.
Ebix would like to thank Brian for sharing his time and unrivaled expertise with our readers. If you would like more information on what you can do to protect your business and your clients, reach out to Financial Computer and see what steps you can take to ensure your data is secure.