An examination of more than 1,200 investment advisors by the North American Securities Administrators Association uncovered 698 deficiencies, including no or inadequate cybersecurity insurance, no testing of cybersecurity vulnerability, lack of procedures regarding securing or limiting access to devices, no technology specialist or consultant and a lack of procedures regarding hardware and software updates or upgrades.
Frank Quinlan, a counsel to law firm Newmeyer & Dillion who has a background in cybersecurity with the U.S. military, says that because of the amount and type of client information advisors hold, not to mention money and other assets, advisors have to understand that attacks are coming and they are targets, no matter how big or small their firms. Quinlan says advisors absolutely must spend some time understanding information security principles to protect themselves and clients.
He recommends advisors get the NASAA’s “Cybersecurity Checklist for Investment Advisors,” which Quinlan says is written to be easily understandable by advisors and will especially help independent RIAs and small firms get up-to-snuff. But for those worried about these headline-grabbing attacks and what they can do immediately to improve security, Quinlan recommends three key steps.
The first is to read through the National Institutes of Standards and Technology’s guide on the fundamentals of small business information security to have a baseline understanding of the terms and concepts. “[It is] your operational manual for securing a small business,” Quinlan said. MORE