Amid mounting scrutiny from regulators, experts urge advisers to step up their policies and procedures to guard against cyber threats.

Advisers have heard the warnings and seen the headlines. Cybersecurity is a threat -- some say an existential one -- and it isn’t going away any time soon.

So how can advisers upgrade their security posture?

Experts agree that any effective cybersecurity program must be based on a rigorous evaluation of a firm's systems and processes to diagnose and address both internal vulnerabilities and those that can arise when working with third-party vendors.

But beyond that risk assessment, firm leaders from the principal to the chief compliance officer and the board must take steps to address the human element of the security challenge, according to Justin Kapahi, technical director in Miami at External IT, a cloud-computing services provider that works with registered investment advisers. 

Many of the recent high-profile breaches have come as the result of “social engineering,” scenarios under which a scammer gains access to a system by tricking someone on the inside of the target firm, “all of which are very difficult to stop with technology,” he says.  MORE