Accusations of Russia’s hacking of the 2016 presidential election shone an enormous spotlight on the vital role cyber security plays in the safety of our nation and to its citizens.
But cyber threats are nothing new, particularly to the financial services industry. On June 10, 2014, in a speech given at the New York Stock Exchange, then SEC Commissioner Luis A. Aguilar said, “Boards that choose to ignore, or minimize, the importance of cybersecurity oversight responsibility, do so at their own peril.”1
That was an important moment in history for financial services professionals. It set in motion stricter SEC regulations on cyber security and crackdowns on companies and individuals who don’t comply with the new guidelines.
In June 2016, Morgan Stanley agreed to pay a $1 million penalty after some of its customer information was hacked and offered for sale online.2Then, in November 2016, FINRA fined Lincoln Financial $650,000 for failing to protect client data.3
As hackers become more sophisticated, financial entities and professionals must become increasingly diligent to protect sensitive data and to meet the annually updated government rules.
In July of last year, we got a snapshot of what financial advisors think about the threat of cybersecurity and how prepared they feel to combat that threat. A study conducted by the Financial Planning Association and TD Ameritrade revealed that a vast majority of advisors (81 percent) view cybersecurity as a high priority. However, only 44 percent of advisors said they fully understand the issues and risks associated with cybersecurity. Even more troubling, a mere 29 percent of advisors say they are “fully prepared to manage and mitigate the risks associated with cybersecurity.”4
Earlier this month, the SEC announced its list of exam priorities for 2017. It should come as no shock that cybersecurity remains among the top concerns for the governing agency. As stated, “the Office of Compliance Inspections and Examinations (OCIE) will continue its ongoing initiative to examine for cybersecurity compliance procedures and controls, including testing the implementation of those procedures and controls at broker-dealers and investment advisors.”5
At Beacon, we take cybersecurity very seriously. We have always complied with the government regulations, but in 2015, we developed additional systems and procedures including our Electronic Technology & Communications Policy. This document is designed to communicate to firm personnel exactly how our systems work and what rules to follow to maintain strict compliance standards at all levels of the company.
In today’s world with its looming data threats, we at Beacon believe it’s important to give special attention to the following items:
- Do you fully understand the risks and threats inherent in today’s cyber world?
- Do you regularly test and assess your control structure?
- Are your technical controls (firewalls, software, backup solutions, hardware) in place and effective?
- Are your administrative controls—your policies and procedures—in place and effective?
- Are your physical controls, your locks, alarms, battery backups and cameras, in place and effective?
It’s imperative that you are regularly testing these processes and systems both internally and externally by engaging third-party providers to ensure that your controls are not only in place, but that they are effectively combatting cyber threats.
At Beacon, we are committed to cybersecurity. For further assistance on how to run and maintain a cyber secure business, contact your wholesaler today!
4 Source: Is Your Data Safe? The 2016 Financial Adviser Cybersecurity Assessment