Corporate security breaches are becoming ever more common each year, and firms ranging from the highest echelons of the Fortune 500 roster to small RIAs have proven vulnerable.
Frequent headlines of hacks and data leakages are increasingly hard to ignore. Many financial advisors have seen those stories and sought a better understanding of cybersecurity. It’s an encouraging sign that wealth management firms of all sizes are making the concept central to their value proposition.
By now you’ve probably heard about the most obvious cybersecurity precautions – cloud-based platforms that facilitate firewalls, data encryption and multi-factor authentication. But many firms have still not come to grips with one of the most prevalent sources of data breaches: employees.
Hackers routinely target workers who are dangerously oblivious to proper cybersecurity practices. Managers who care about protecting their clients, their firms and themselves must prioritize educating employees of all levels on how breaches occur.
Whether rank-and-file or C-suite, employees can fall prey to malicious agents in numerous ways. Typical scenarios involve social engineering, insecure remote access and unauthorized access.
- Social engineering involves criminals who use emails, text messages, phone calls and websites to impersonate legitimate sources. They then dupe staffers into revealing confidential information or clicking links that hijack the firm’s operating system.
- Insecure remote access is rampant. Hackers can easily infiltrate systems that use public wifi such as that available at libraries, parks or coffee shops. Similarly, employees who share laptops or smartphones with anyone else puts private data at risk.
- Unauthorized access is when staffers use applications to view files or change data they should not be able to touch. This usually requires another employee, such as a system administrator, to be lax with system access controls. Data theft or destruction can follow.
Employees have been responsible for data breaches in both the private and public sectors.
In June, the Securities and Exchange Commission fined Morgan Stanley $1 million after a former advisor accessed confidential data on thousands of clients belonging to other advisors, and transferred them to his personal server, only for him to become the victim of a hacker who then posted some of the data online.