Security Measures Advisors Should Use to Protect Client Information

Kate Stalter

June 8, 2020 at 4:46 PM·6 min read

If there was ever an industry that's required to protect data, it's financial services.

Customers rely on brokerages, advisors, accountants and even insurance agents to keep their information safe, secure and confidential.

Well before the stay-at-home mandates of the pandemic, state regulators and the Securities and Exchange Commission were issuing stronger guidelines for financial advisor cybersecurity.

"The SEC's Office of Compliance Inspections and Examinations has made it crystal clear that cybersecurity is a priority. And with good reason," says Andrea McGrew, chief compliance officer and chief legal officer at USA Financial, an independent broker-dealer headquartered in Ada, Michigan.

[SUBSCRIBE: Get the weekly U.S. News newsletter for financial advisors. ]

Data Breaches

"A data breach can be devastating to investors and can have a far-reaching impact," McGrew says.

Mike Pedlow, executive vice president and chief compliance officer at Austin, Texas-based Kestra Financial, says financial companies should anticipate specific measures to attract regulatory attention. Those include "multifactor authentication, which verifies someone's identity by sending a code via text message before allowing access to sensitive information," he says.

Other items on the regulator's radar include encryption of emails and data files.

"This keeps your clients' private information secure, even if there is a breach," says Pedlow, whose firm provides technology and consulting services to financial advisors. He also says regulators are looking for secure wireless networks and "complex and unique passwords. Don't use your Netflix password!"

Pedlow points out that a security breach outside an advisor's firm can also affect the firm's clients.

"Recently, we had a scenario where (the email of) a client's attorney was infiltrated because a junior employee of the law firm used the same password for their work email and one of their local service providers," he says.

"The local service provider was breached, and the criminal was able to access the law firm email. The criminal watched email traffic long enough to understand language patterns, the people involved, the forms used and the timing of distribution requests," Pedlow says.

After observing the patterns for a while, the criminal made a fraudulent fund distribution request. "When our financial professional called to verify the instructions, the junior employee confused their actual request with the fraudulent request , and the money was sent to the criminal's account instead of the client's," Pedlow says. "In this case, we caught the error quickly and were able to recover the funds, but that is not always the case."

Risk Mitigration

State and federal regulators are looking closely at risk mitigation. During firm audits, examiners want to see evidence of systems to prevent breaches or to quickly identify when a breach occurs.

Examiners want firms to be proactive about implementing cybersecurity systems, says Mark Alcaide, senior managing director at compliance consultancy Foreside, which is headquartered in Portland, Maine.

"First and foremost, regulators want to have confidence that an advisory firm understands its cybersecurity risks based on its business model, types of clients and key vendors" Alcaide says. "Has the firm performed a cybersecurity risk assessment? Has the firm taken reasonable steps to mitigate its known cybersecurity risks?"

One example he gives is that many firms in a remote work environment are leveraging video meeting services like Zoom.

Alcaide notes that the FBI in late March issued a warning regarding multiple cyberbreaches on Zoom, also known as "Zoombombing," and highlighted steps firms should take when using the online conference app.

[10 Financial Advisor Marketing Tips.]

When looking at an advisory firm's commitment to cybersecurity, regulators want to see robust policies and procedures, staff training and regular testing of systems to identify possible holes.

"Of course, it doesn't help if you conduct tests and train staff without also maintaining adequate documentation of those tests and training sessions," Alcaide says.

He adds that regulators are focusing on human behaviors that contribute to or mitigate data vulnerability.

Phishing Attempts

One problem is phishing, which involves the use of emails designed to look like they come from a trusted or reputable sender to steal personal information Often, these emails appear genuine, causing firm employees to divulge confidential information, such as account numbers or passwords.

Alcaide says the rise in phishing attempts creates a renewed focus on advisors being vigilant, in addition to strong systems and spam filters.

McGrew also emphasizes the need for advisors and their employees to be cognizant of risks and not simply rely on software. She has witnessed situations where firms had proper protocols and systems in place, but they were not followed.

[READ: Q&A: Riskalyze.]

For example, she says, best practices dictate that financial advisors confirm any email distribution requests from clients verbally. That is an additional safeguard against phishing or other fraudulent behaviors. It's a matter of the advisor or a staff member simply calling the client to verify that he or she did, indeed, email a request for a withdrawal or transfer.

"When that practice is not followed, bad actors can obtain the keys to the kingdom," she says.

She cites one situation in which a financial adviser received an email from what appeared to be a known and verified client email address. In the email, the client requested a withdrawal of $150,000, saying his bank account information had changed. The email also provided a fax number, so the advisor could send paperwork authorizing a distribution to the new bank account. That's a necessary step, but the advisor failed to call the client to confirm the request.

McGrew says the email address was actually wrong, but the advisor missed it.

"The client's original and legitimate email domain started with a 'w.' All subsequent emails were sent from an identical email address with one small change: The domain name started with 'vv.' An almost indiscernible, but devastating change," she says.

It was an easy scam to perpetrate, as people don't often scrutinize every letter in an email address. In this case, the fraudster completed the new direct deposit form and provided a voided check for the new account. McGrew says the $150,000 was sent from the client's brokerage account to the new account.

"The client noticed the unusual activity and called the financial advisor. The client was devastated, as was the financial advisor. And the entire situation could have been mitigated by making one simple phone call," she says.

The extra steps and layers of security may be a hassle, but it's worth taking these measures, Pedlow says.

"It may seem like a pain to follow security protocols, but I can assure you that it is nothing compared to the pain and embarrassment of having to notify your clients that you exposed their information because you didn't follow your firm's policies or didn't take simple precautions," he says.

Yahoo Finance
The FDIC change that leaves wealthy bank depositors with less protection
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
Yahoo Sports
Former NBA guard Darius Morris dies at 33
Former NBA guard Darius Morris has died at the age of 33. He played for five teams during his four NBA seasons. Morris played college basketball at Michigan.
Yahoo Sports
No one was airing Angel Reese and Kamilla Cardoso's WNBA preseason debuts, so an X user livestreamed it
The quality was choppy, but it was better than what the WNBA had.
Yahoo Sports
NFL Draft grades for all 32 teams | Zero Blitz
Jason Fitz and Frank Schwab join forces to recap the draft in the best way they know how: letter grades! Fitz and Frank discuss all 32 teams division by division as they give a snapshot of how fans should be feeling heading into the 2024 season. The duo have key debates on the Dallas Cowboys, New York Giants, New Orleans Saints, Los Angeles Rams, New England Patriots, Las Vegas Raiders and more.
Yahoo Sports
2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick
Yahoo Sports' Charles McDonald breaks down the Broncos' 2024 draft.
Yahoo Sports
New details emerge in alleged gambling ring behind Shohei Ohtani-Ippei Mizuhara scandal
It turns out the money was going from Ohtani's bank account to an illegal bookie to ... casinos.
Yahoo Sports
Bulls' Lonzo Ball picks up $21.4 million option for 2024-25 season amid knee concerns
Ball hasn't played since the 2021-22 season.
Yahoo Sports
NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?
Which teams did the best in the NFL Draft?
Yahoo Sports
Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race
Race organizers say they'll revoke a Trump fundraiser's suite license if he holds an event for the former president on Sunday at the race.
Yahoo Finance
CVS stock plunges after earnings numbers one analyst 'did not even believe'
CVS warns it could cede Medicare Advantage market share as reimbursement rates pressure the company.
Yahoo Sports
Anthony Edwards' arrival should have the Nuggets — and the entire league — on high alert
The Timberwolves' rising superstar led Minnesota to a Game 1 victory over Denver, then reminded the world that he's 22, not 23 ... yet.
Yahoo Sports
Kentucky Derby: Mystik Dan wins in three-horse photo finish, outruns favorite Fierceness in stunning upset
The 150th Kentucky Derby produced yet another magnificent two-minute spectacle.
Yahoo Sports
Formula 1: Lando Norris gets his first win ahead of Max Verstappen at the Miami Grand Prix
Norris hadn't pitted and was leading the Grand Prix when a safety car was deployed for Logan Sargeant and Kevin Magnussen's crash.
Yahoo Sports
The best QBs for 2024 fantasy football according to our analysts
The Yahoo Fantasy football analysts reveal their first quarterback rankings for the 2024 NFL season.
Yahoo Sports
Canelo Álvarez and Oscar De La Hoya erupt in heated exchange ahead of title bout with Jaime Munguía
Canelo Álvarez is set to defend his title against undefeated Jaime Munguía on Saturday in Las Vegas.
Autoblog
Why did Musk ax the Supercharger team?
Elon Musk’s decision to dismiss much of Tesla’s Supercharger team this week came as a shock. A look at possible reasons why he did it.
Yahoo Sports
Diana Taurasi’s trash-talking, in-your-face ways may be a bit of a shock to new WNBA fans
Caitlin Clark fans beware: You never know what the 20-year veteran might say … or do.
Yahoo Sports
Shohei Ohtani punctuates Dodgers sweep of Braves with 2 home runs to tie MLB lead
Ohtani tagged Braves ace Max Fried for a two-run shot in the first inning, then hit a solo shot in the eighth as the Dodgers prevailed in a battle of NL favorites.
Yahoo Sports
Caitlin Clark catches fire from 3 in WNBA preseason debut; Arike Ogunbowale's late heroics send Wings past Fever
Caitlin Clark’s WNBA preseason debut went much like her senior year at Iowa. She hit a bunch of 3s and did so in front of a sold-out crowd.
Engadget
The best budgeting apps for 2024
Budgeting apps can help you keep track of your finances, stick to a spending plan and reach your money goals. These are the best budget-tracking apps available right now.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Security Measures Advisors Should Use to Protect Client Information

Risk Mitigration

Recommended Stories

The FDIC change that leaves wealthy bank depositors with less protection

Former NBA guard Darius Morris dies at 33

No one was airing Angel Reese and Kamilla Cardoso's WNBA preseason debuts, so an X user livestreamed it

NFL Draft grades for all 32 teams | Zero Blitz

2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick

New details emerge in alleged gambling ring behind Shohei Ohtani-Ippei Mizuhara scandal

Bulls' Lonzo Ball picks up $21.4 million option for 2024-25 season amid knee concerns

NFL Power Rankings, draft edition: Did Patriots fix their offensive issues?

Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race

CVS stock plunges after earnings numbers one analyst 'did not even believe'

Anthony Edwards' arrival should have the Nuggets — and the entire league — on high alert

Kentucky Derby: Mystik Dan wins in three-horse photo finish, outruns favorite Fierceness in stunning upset

Formula 1: Lando Norris gets his first win ahead of Max Verstappen at the Miami Grand Prix

The best QBs for 2024 fantasy football according to our analysts

Canelo Álvarez and Oscar De La Hoya erupt in heated exchange ahead of title bout with Jaime Munguía

Why did Musk ax the Supercharger team?

Diana Taurasi’s trash-talking, in-your-face ways may be a bit of a shock to new WNBA fans

Shohei Ohtani punctuates Dodgers sweep of Braves with 2 home runs to tie MLB lead

Caitlin Clark catches fire from 3 in WNBA preseason debut; Arike Ogunbowale's late heroics send Wings past Fever

The best budgeting apps for 2024