Expert: Finance firms ignore cybersecurity at their peril

Even small firms can be targets for a cyberbreach, so it’s important to close the gaps

Expert: Finance firms ignore cybersecurity at their peril
Wealth management firms simply can't ignore cybersecurity, a leading expert in the field says.

With clients’ personal and financial information in their custody, advisors can both lose money and find their reputations damaged in devastating fashion.

So says John Paul Cunningham in Financial Advisor. According to the CIO and chief information security officer at Docupace Technologies, even small wealth-management practices can be targeted. Every firm has to acknowledge its vulnerabilities.

A first step, Cunningham says, is identifying the most sensitive and valuable data you have. This audit process on its own, he says, will help reveal small issues previously overlooked, like older or repurposed technology that is vulnerable to attack.

Don't cut corners, he advises. Firms should keep a thorough tally of who has access to the data that should be protected, and consider how a hacker could exploit that structure. With wealth management outfits often providing administrative privileges to too many people, such firms should consider making the data accessible to as few people as possible.

To get people on the same page, Cunningham recommends that company-wide policies on data access be established following best practices, such as those outlined in a key report, the so-called Cybersecurity Framework from the US government's National Institute of Standards and Technology. If your IT personnel aren’t certified or equipped to perform these crucial functions, it's time to hire a third-party firm to get it done.

Related stories:
Canadian firms lag in cyber breach detection
Expect increased focus on cybersecurity in 2017