Close Close
ThinkAdvisor

Regulation and Compliance > Cybersecurity

3 Steps for Tackling Cybersecurity This Year

X
Your article was successfully shared with the contacts you provided.

Over the past year, data breach attempts and cybersecurity attacks aimed at the financial services industry increased in their frequency and their level of sophistication.

Bad actors are multiplying and getting more adept at flying under the radar, making it imperative for advisors to be able to defend against attacks with equal, if not greater, intensity. 

Though 2021 is now in the rearview mirror, the Covid-19 pandemic is still impacting the way we work. As we settle into 2022, there are three things advisors ought to do to safeguard their firms and their clients this year.

1. Revisit cybersecurity protocols and procedures to ensure they account for remote working. 

Once considered by many to be a ‘temporary’ solution that was part of a business continuity plan, remote work is here to stay. A remote workforce – in one form or another – is the way forward for firms, not only because of the Covid-19 pandemic, but because of its work-life flexibility benefits.

The rise in remote work brings with it a corresponding rise in access to the office through devices and networks that may have less security. Consequently, cybersecurity threats are also elevated.

According to the IBM Security and Ponemon Institute’s 2021 Cost of a Data Breach report, breaches related to remote work cost more and take longer to identify. Firms need to revisit policies and procedures that were developed pre-pandemic to ensure that their protocols for access, onboarding and training, for example, are adjusted to reflect the new way we work.

2. Join the ranks of those getting smarter about cybersecurity, if you haven’t done so already.

The sophistication of breaches has skyrocketed, elevating the need for AI-enabled tools and intelligence to detect and contain stealth and multi-pronged attacks. Firms that have fallen victim to data breaches know this first-hand.

Cybercriminals are no longer content with using ransomware to lock down a network and demand payment. Yes, thieves still want payment to unlock the data. But they also threaten to use the client data they have collected to perpetrate additional crimes, unless paid not to do so. 

Smarter cyberthieves are not the only reason to brush up on cybersecurity intelligence. The SEC has increased its focus on exams while also becoming better educated on the threats and what firms should be doing.

States are ramping up their implementation of their own privacy laws. Firms will need to be able to demonstrate to regulators how they are controlling and enforcing cybersecurity policies while managing in the new remote workforce paradigm. 

A silver lining to the pandemic-induced shift to remote work is that more firms over the past year now recognize gaps in their ability to protect private information and are taking steps to address them. The news cycle has also helped many realize that a single breach can have downstream effects on the firm’s ecosystem of vendors, clients and other third parties.

3. Understand that shifting from a desktop to a laptop mentality has financial, as well as cybersecurity, implications.

If you put off upgrading your tech stack in 2021, do it now to support your new work environment. Shifts in operations like the remote work transition tend to have bottom line implications.

Pre-pandemic, remote workers tended to be the exception, so network security and access were managed from an in-office perspective. In the office, firms had firewalls, virtual private networks (VPNs) and protected workstations.

Over the past year or so, firms have discovered that desktop workstations do not travel well. Enter: the laptop mentality and the mobile, remote workforce. The transition to a remote workforce does not just come with new security issues, there are balance sheet implications to consider as well.

The most expensive and most secure technology strategy for remote work is to purchase and own the devices that staff use. At the other end of the cost spectrum for firms is the bring your own device (BYOD) approach.

Cheaper, yes, but also much less secure. Additionally, staff may resist the required management of non-work-issued devices, which is necessary to secure access to the firm’s business applications.

Virtual desktops are the middle ground in terms of expenses and security, but they have their own drawbacks, such as weak broadband connections that can cripple streaming, video conferencing and graphics abilities. 

Still, enabling staff to access a secure, virtual desktop through devices that have antivirus (AV), endpoint detection and response (EDR) and multifactor authentication (MFA) allows them to be productive while giving the organization a stronger cybersecurity defense.  

There’s no single right solution for all firms; in fact, it’s not uncommon for firms to have multiple technology strategies in place for managing their remote workforces. Advisors need to assess their options carefully when determining the best way to manage cybersecurity risks for their firms. 

Compared to the start of last year, the industry has made progress in how it approaches cybersecurity and remote work.  Advisors have moved from a state of panic at the start of the pandemic “how are we going to get this done?” to thinking through the process of how to do this well.

In 2022, the next step will be for advisors to make their remote work technology a safe and secure competitive advantage.

***

Wes Stillman is the founder and president of RightSize Solutions, a Swizznet-owned company. RightSize Solutions provides cloud-based technology and cybersecurity services to the wealth management industry. He can be reached at [email protected].

(Image: Shutterstock)