News Labels Investment News

Article from InvestmentNews

SEC risk alert calls on advisory industry to do more to shore up cybersecurity

Posted by In the News No Comments

View on InvestmentNews

Financial advisory firms are getting more advice from federal regulators on steps they should be taking to protect their information systems from hackers.

Advisory firms need to do a better job of following their stated cybersecurity policies and they should correct all the vulnerabilities that periodic tests reveal, according to results from a new round of cybersecurity examinations by staff at the Securities and Exchange Commission.

Advisers also need to do a better job of keeping the firm’s security patches up-to-date, the new SEC exam risk alert said. It contained findings from 75 cybersecurity exams of advisory firms, broker dealers and funds conducted from September 2015 through June 2016.

Article from InvestmentNews

Cybersecurity looms as adviser business threat

Posted by In the News No Comments

View on InvestmentNews

U.S. officials have warned for many years that cybercrime is one of the greatest threats facing the nation, and now financial advisers have to face the reality that their businesses are also vulnerable to digital attacks.

News headlines regularly carry stories of broker-dealers and advisers increasingly being targeted by sophisticated hackers aiming for clients’ personal information and funds. Wealth managers also are getting more attention from regulators, which are fining financial firms that fail to be mindful of cybersecurity, including all the actions of their employees and third-party partners.

Article from InvestmentNews

Encrypting emails, files for clients is crucial, but not always followed

Posted by In the News No Comments

View on Investment News

Encryption is one of the best bets for securing clients’ sensitive information

Encrypting emails and shared files is one of the best bets for securing clients’ sensitive information, yet not all advisers are taking the initiative.

Regulators require advisory firms to securely manage their clients’ information, though not necessarily through encryption. Some states, including Massachusetts, California and Nevada, require advisers to encrypt clients’ personally identifiable information.

“Absolutely advisers should be using encryption,” said E.J. Yerzak, partner and vice president of technology at Ascendant Compliance Management. “The cost of a breach makes it a no brainer.”

Encryption involves scrambling information so unauthorized users can’t read it. While it is just one part of an overall security system, it has a key role, giving companies a way to encode words, numbers and images to prevent misuse.

Considering how critical electronic communication is between an adviser and client, and how attractive it is for cyber criminals, experts say advisers should encrypt data being sent back and forth in e-mails as well as data stored on hard drives or in a cloud.

Encryption is not utilized by 46% of the advisers asked in a 2014 North American Securities Administrators Association survey on cybersecurity practices of small and mid-sized investment adviser firms. Another 39% do encrypt data and 13% were unsure, according to the survey.

Many advisers avoid encrypting data because they view it as inconvenient. Others avoid it because they — or their clients — are unfamiliar with the technology.

Advisers need to educate their clients around these security measures, said Brian Edelman, chief executive of Financial Computer Services, a cybersecurity firm.

“It should be seamless,” Mr. Edelman said. “If they find themselves doing extra steps because of security, they may have chosen the wrong security.”

Several forms of data should be encrypted, including the actual messages, the browser being used to access the content and stationary content, such as archived emails, said Sid Yenamandra, chief executive of Entreda, a cybersecurity and risk-management company. Emails can be encrypted within their email services or by using software. Advisers should check that their web browsers are set up with Secure Socket Layer, or SSL, which they can do by finding an “https” in front of the web address they’re accessing.

Commonwealth Financial Network, an independent broker-dealer based in Boston, follows strict procedures around encryption under the Massachusetts state law, said Darren Tedesco, managing principal of innovation and strategy at Commonwealth Financial Network.

Big companies outside the financial services industry also see the importance of encrypting information. Google stepped up its encryption offering this year, adding a feature that indicates to users if they are receiving or sending an email to someone without a secure connection.Facebook Messenger recently announced it is now testing an end-to-end encryption option for private conversations.

File storage is another crucial area worth encrypting. Ascendant’s Mr. Yerzak said he is seeing a rise in using client portals, a hot commodity by vendors this year, to securely share confidential documents but said there needs to be policies in place to ensure they’re being used properly. Mr. Edelman said advisers should look for best-of-breed vendors, usually focused on the financial services industry, and ask questions of the companies on their security measures.

Even with this extra layer of encrypted content though, advisers need to do their due diligence when electronically communicating with clients. Hackers targeted the financial services industry 300% more than other businesses between January and May 2015, according to a Websense Security Labs report, and financial firms are still falling short in the cybersecurity arena, according to an External IT study.

Advisers should take the extra step of ensuring the communication is with their client, such as David Haas, an adviser with Cereus Financial in Franklin Lakes, N.J. Even though he uses encryption for his messages, he still calls clients when it’s really important.

“You still need to make sure that both sides are who you expect,” Mr. Haas said.

Article from InvestmentNews

What the Apple-FBI Feud Means for Financial Advisers and Privacy Rights

Posted by In the News No Comments

View on Investment News

What happens with the tech giant could have ripple effects for financial services

Apple’s standoff with the FBI, which is trying to force the technology giant to provide access to a locked iPhone at the heart of the mass shooting probe in California, has prompted a discussion in the financial services industry over how far regulators can go to force advisers to give up data and in what ways advisers can ensure their mobile devices are being used appropriately. Read More