The Financial Planning Association rolled out a cybersecurity certificate program on Thursday to help financial planners protect their data and comply with requirements established by the Security and Exchange Commission and Financial Industry Regulatory Authority.
The program comes at a time when security incidents afflict financial services firms 300 times more often than other businesses, the FPA said, citing research by ID Theft Resource Center.
The FPA developed the certificate program in partnership with FCI, a financial services cybersecurity authority and participant in FINRA’s Preferred Pricing Program.
The FPA program, which includes six focus areas, guides financial planners through a step-by-step process to establish a customized, long-term cybersecurity plan that ensures they are adopting reliable security measures that safeguard client data.
It also provides a record of their firm’s cybersecurity practices if audited by regulators.
“A tremendous amount of data and assets are at stake, and financial planning professionals are a prime target for cyber thieves,” 2020 FPA President Martin Seay said in a statement.
“With billions of dollars lost each year due to cybercrime, it’s imperative financial planners earn client loyalty and trust by embracing a cybersecurity strategy that keeps data and assets safe.”
The certificate program, part of the FPA Learning Center, is designed to educate financial professionals on critical aspects of cybersecurity, how to implement a cybersecurity program successfully and how to safeguard sensitive information and confidential data.
Here’s a glance at the program’s six sections:
Introduction to Cybersecurity: History of cybersecurity and significant changes since 2014, and why the New York Department of Financial Services requirements are of central focus when building a cybersecurity program.
What is a Cybersecurity Program? Overview of a cybersecurity program and outline of differences between controls, sections and policies.
Program Controls: Different policies under Program Controls: types of information that falls under nonpublic information, risk management and risk assessment, and role of the security team.
Process Controls: Details significance of a business continuity plan, importance of a Security Incident Response Plan, purpose of vendor risk management and potential challenges, and value of a Change Management Log.
Data Controls: Describes infrastructure management, endpoints and how they’re managed, file and data management, and the importance of user management and password management software.
Technical and Physical Controls: Explains managed endpoint security, significance of workstations, mobile device and network security, importance of Incident Response Plans and physical security.
— Related on ThinkAdvisor: