The Elements

By Andrea Schlapia   |   April 7, 2015

What FINRA’s Cybersecurity Report Means for Financial Advisors

Categories: Blog, Operational Effectiveness, Strategic Planning

What FINRA’s Cybersecurity Report Means for Financial Advisors

As the financial industry advances in technology to increase efficiency and enhance client service, firms face a daunting risk of increased exposure to cybersecurity threats and attacks. The changes in how firms and clients use and interact through technology create a variety of new avenues for intrusion that must be proactively addressed.

Earlier this year FINRA issued its Report on Cybersecurity Practices, which suggests using a risk management method to cybersecurity, while noting there isn’t a one-size-fits-all method. The report reviews the results of an industry-wide cybersecurity examination and emphasizes the importance of protecting both investor and firm data. In addition, FINRA outlines effective practices to assist firms with their cybersecurity efforts by determining vulnerabilities in existing systems and analyzing and creating processes to manage risk.

Due to a consistent rise in the number of cybersecurity breaches taking place, advisors need to incorporate security management into their daily practice and ensure everything is being done to protect client and firm data. FINRA’s report provides a list of principles and best practices to guide advisors on cybersecurity and highlights eight key areas:

Leadership

Senior-level management and board of director engagement and knowledge regarding cybersecurity issues is essential to the framework and success of your firm’s cybersecurity process. Involvement and commitment from leadership is critical for firms to achieve cybersecurity goals.

Risk Assessments

Every firm faces cybersecurity risk, no matter the size or business model. To understand your risk, be proactive by completing regularly scheduled risk assessments to identify both external and internal areas of vulnerability. If you don’t know if your system is flawless, a risk assessment is crucial.

Technical Controls

Multiple security controls need to be implemented to protect software and hardware that stores and processes data. Select controls that are appropriate to your technology platform through identity and access management, data encryption, and penetration testing.

Response Plans

FINRA recommends that firms establish policies and procedures, assign roles and responsibilities, and test incident plans for responding to cybersecurity occurrences. FINRA also notes that while it is impossible to address every type of attack, a response plan should outline processes for several different scenarios.

Vendor Relationship Management

Cybersecurity risk that could arise from third-party service providers must be managed by performing due diligence throughout the relationship cycle. Utilize contractual agreements to establish processes for vendors who have access to sensitive data, client information, or firm systems. In addition, develop terms based on the sensitivity level of information the vendor has access.

Staff Training

Define cybersecurity training needs, training cycles, and deliver training to all team members based on your firm’s specific points of exposure. Each employee should have a full understanding of your risk assessment process, threat intelligence research, and the proper incident reporting procedures in the event a device is compromised or infected.

Increase Cyber Threat Intelligence 

Assign responsibility for cybersecurity intelligence gathering and analysis. The collected data should then be utilized to recognize, discover, and respond to cybersecurity threats. Your firm should also implement an information sharing process to proactively secure measures that reduce security weaknesses and improve their ability to protect data.

Insurance Coverage

Evaluate insurance coverage for cybersecurity-related events and pay close attention to policy coverages and exclusions. If you hold a cyber-insurance policy, conduct a periodic analysis to review the adequacy of coverage and the ability to reduce the potential impact to your financial statement in the event of an attack.

The Bottom Line

FINRA stated that the report does not create new legal requirements and included the following statement:

“FINRA expects firms to consider the principles and effective practices presented in this report as they develop or enhance their cybersecurity programs. FINRA will assess the adequacy of firms’ cybersecurity programs in light of the risks they face. This report is not intended to express any legal position, and does not create any new legal requirements or change any existing regulatory obligations.”

Financial advisors are taking cybersecurity seriously by implementing programs and procedures and analyzing systems to ensure that client and firm data is secure and well protected from lurking hackers.

 

Request more information from the Ironstone team or join the Ironstone – Financial Industry Professionals Practice Management Group on LinkedIn and start a discussion.

The foundation of our Performance Coaching and Consulting Programs are based on Ironstone’s Fundamental 4™, which is essential to design, develop, and sustain a successful business. Our ultimate goal is to help you avoid trial and error; shifting your mindset to launch your process of intentional change. [LEARN MORE]

Photo credit: ©iStock/Getty Images

 

 

 


Andrea Schlapia
Organizational Development and Human Capital

Andrea Schlapia, RCC™, HCS, sHRBP, is the Founder and CEO of Ironstone, which represents the culmination of her 20+ year career within the financial services industry. Her experience began as a financial advisor evolving into a consultant coach for advisors entering the field. This ignited her passion to support others through learning and development of best practices in order to achieve substantial results. To this end, she followed her desire into positions of senior-level practice management specialists for Dreyfus, Prudential, and DWS Investments prior to the realization of Ironstone.  Andrea’s focus is on practice management strategies to enhance and improve both business and personal life.

Andrea identifies 4 key performance areas known as the Fundamental 4™, which are required to design, develop, and sustain a successful business. Through coaching sessions and speaking engagements, she captivates her audience with interactive, high-energy presentations which are built with “how-to” strategies resulting in real-world implementation for significant impact. Andrea has been featured in multiple publications and audio broadcasts as a specialist and distinguished spokeswoman in the financial industry.

Learn more...

Leave us a comment, get our blog posts delivered by email, or email the Ironstone Team.

Post a Comment

Your email address will not be published. Required fields are marked *

We would love to hear from you!

  • This field is for validation purposes and should be left unchanged.

Contributors

Andrea Schlapia
Organizational Development and Human Capital
Connie Deianni
Mentoring and Employee Engagement
Guest Blogger
Practice Management
Dr. Heidi Maston
Organizational and Educational Leadership
Judith Bowman
Business Protocol
Laura Garfield
Idea Decanter Co-Founder
Mighty 8th Media
Strategic Partner
Nicole Anglace
Special Projects
Ruthann P. Lacey, P.C.
Elder and Special Needs Law
 Scott D. Calhoun
Legal Counsel
Sharon Gottula
Idea Decanter Co-Founder
TailorMade
Strategic Partner
Ironstone
Practice Management
close

Contact

Thanks for your inquiry!

We will be contacting you shortly. In the meantime please feel free to connect with us on social media and explore our blog posts.

Ironstone understands the importance of protecting your privacy. We will not sell, rent or give your name or address to anyone.

Latest Blog Article

Reflections on the ‘Fearless Girl’ Statue from a Fearless Girl

If a photograph is worth a thousand words, seeing the Fearless Girl statue bravely facing off against the powerful and iconic Wall Street Bull certainly doesn’t disappoint. When I first saw this photo, it immediately brought several powerful words to mind. Fierce. Strong. Empowered. Determined. Seeing her inner strength as a confident youngster was very […]

Read More>