Advisors Shouldn’t Wait for Industry-Wide Cybersecurity Tests
The trade group Sifma is about to conduct an industry-wide cybersecurity test to assess preparedness among wealth management and other financial firms —but financial advice practices should take steps on their own to ensure that their and their clients’ data is safe, according to news reports.
Dubbed “Quantum Dawn,” the cybersecurity incident simulation planned for this fall will include over 1,000 people working in various areas of financial services, including wealth management, in roles ranging from crisis management and chief security officers to CEOs and CFOs, CNBC writes. The test aims to assess the adequacy of the companies’ response to various cybersecurity breaches, whether firms have people assigned to oversee the response and how they pass on information about breaches within the firm and to law enforcement, the TV news channel’s website writes.
“We create the spooky scenario,” Tom Price, managing director of operations, technology and business continuity at Sifma, tells CNBC. “It’s data destruction. It’s fake news coming from the newswires. It’s bad data in the processors.”
Advice practices, however, shouldn’t wait for the test’s results: for one thing, both the SEC and Finra have issued cybersecurity guidance, the website writes. But in addition to avoiding regulators’ ire, wealth management practices stand to gain even more by having the proper cybersecurity measures in place, Brian Edelman, CEO of cybersecurity company FCI, tells CNBC.
“Incident response, done the right way, builds loyalty with clients,” he tells the website.
Edelman says that seemingly small incidents — say, the loss of a company laptop — can easily lead to the involvement of financial regulators and even the FBI, according to CNBC. But having a plan in place for such incidents, including a system that would lock the machine in case of loss, could keep regulatory scrutiny at bay, Edelman tells the website. And advice practices can take several other steps for little or no cost to boost their cybersecurity, he says.
“It doesn’t cost you money to have a password on your computer,” Edelman tells CNBC. “It doesn’t cost you money to have a PIN on your device or to have your device use biometrics.”
But he suggests that firms should also have a centralized plan and ensure they’ve set up fundamental defenses, including a corporate firewall, anti-virus tools and secure computers, according to the website.