Over the past year, data breach attempts and cybersecurity attacks aimed at the financial services industry increased in their frequency and their level of sophistication.
Bad actors are multiplying and getting more adept at flying under the radar, making it imperative for advisors to be able to defend against attacks with equal, if not greater, intensity.
Though 2021 is now in the rearview mirror, the Covid-19 pandemic is still impacting the way we work. As we settle into 2022, there are three things advisors ought to do to safeguard their firms and their clients this year.
1. Revisit cybersecurity protocols and procedures to ensure they account for remote working.
Once considered by many to be a ‘temporary’ solution that was part of a business continuity plan, remote work is here to stay. A remote workforce – in one form or another – is the way forward for firms, not only because of the Covid-19 pandemic, but because of its work-life flexibility benefits.
The rise in remote work brings with it a corresponding rise in access to the office through devices and networks that may have less security. Consequently, cybersecurity threats are also elevated.
According to the IBM Security and Ponemon Institute’s 2021 Cost of a Data Breach report, breaches related to remote work cost more and take longer to identify. Firms need to revisit policies and procedures that were developed pre-pandemic to ensure that their protocols for access, onboarding and training, for example, are adjusted to reflect the new way we work.
2. Join the ranks of those getting smarter about cybersecurity, if you haven’t done so already.
The sophistication of breaches has skyrocketed, elevating the need for AI-enabled tools and intelligence to detect and contain stealth and multi-pronged attacks. Firms that have fallen victim to data breaches know this first-hand.
Cybercriminals are no longer content with using ransomware to lock down a network and demand payment. Yes, thieves still want payment to unlock the data. But they also threaten to use the client data they have collected to perpetrate additional crimes, unless paid not to do so.
Smarter cyberthieves are not the only reason to brush up on cybersecurity intelligence. The SEC has increased its focus on exams while also becoming better educated on the threats and what firms should be doing.
States are ramping up their implementation of their own privacy laws. Firms will need to be able to demonstrate to regulators how they are controlling and enforcing cybersecurity policies while managing in the new remote workforce paradigm.
A silver lining to the pandemic-induced shift to remote work is that more firms over the past year now recognize gaps in their ability to protect private information and are taking steps to address them. The news cycle has also helped many realize that a single breach can have downstream effects on the firm’s ecosystem of vendors, clients and other third parties.
3. Understand that shifting from a desktop to a laptop mentality has financial, as well as cybersecurity, implications.
If you put off upgrading your tech stack in 2021, do it now to support your new work environment. Shifts in operations like the remote work transition tend to have bottom line implications.