As cyberattacks have become a serious threat to the wealth management industry, many financial advisory firms have developed strong policies to prevent client data from being hacked.
However, some firms haven’t exerted the same amount of effort into training their employees or vendors to make sure these policies are correctly implemented. As a result, money spent goes down the drain, said H2L Solutions CEO Jonathan Hard during an exclusive Financial Planning webinar on cybersecurity.
According to an OCIE survey of broker-dealers and advisers, 88% of BDs and 74% of advisers have experienced cyber-related incidents, the majority of which are related to malware and fraudulent emails. Also, 25% of the BDs who suffered loss blame it on employees not following policies, which led to security compromises.
It’s important to note that not all cybersecurity breaches are external. An “insider accident” could compromise a firm’s security, Hard said. “If your employees are not properly trained — no matter what technical solution you have in place to eliminate that risk, no matter how much money you spend — you’ll still be compromised,” Hard said.
In fact, over 90% of hacks come from an unintentional inside job, said Justin Kapahi, vice preesident of solutions and security at External IT, a technology services provider for advisory firms. “All employees have the keys to the security you built up. If they hand the keys to random strangers on the street, that’s not secure,” he said.