Criminals follow the money. So it’s no surprise that financial professionals are a favorite target. After all, these professionals often hold a goldmine of information, including customer names, addresses, phone numbers, email addresses, identification numbers, dates of birth and account numbers – all of the information needed to steal a client’s identity and wreak havoc in their financial lives.
According to PwC, “there are two kinds of financial service firms: those that have faced a cyber attack and those that will.” That’s why it’s so crucial for financial service professionals to build good cybersecurity defenses. Here are some cybersecurity essentials you should put in place to keep your client information secure.
Desktop and laptop computers and mobile devices make it easy to conduct business anytime, anywhere. However, if not adequately protected, vulnerabilities to attacks exist. Limiting access to your network and controlling what employees can do once they are connected can reduce the risk of employee-caused breaches.
Secure your company Wi-Fi by changing the network name and default password. Update that password regularly to prevent the hacking of your router. Set up a separate W-Fi network for guests so company and client data cannot be accessed by non-employees.
Create an internet usage policy to protect your network. You don’t need to deny employees access to all non-work related sites, but consider restricting access to certain websites while they use company devices or connect to your Wi-Fi network.
Allowing employees to install software on their desktops or laptops can also be an issue, especially if the programs are downloaded from a website. Set up controls that require employees to receive authorization before installing software on a company device.
Cyber Awareness Training
Employees are often the greatest security risk in an organization. But they can also be its first line of defense against cyber attacks. Train employees on security issues so every member of your organization understands and can recognize cyber threats.
Create a cybersecurity policy that details preventative measures every employee must take to reduce the risk of a breach. Provide step-by-step instructions for how a cybersecurity breach should be reported and handled, including who to notify, what to do following an event, and how your IT team should address the threat.
Your plan should also address safely connecting to external Wi-Fi networks when employees are working outside the office, such as at a coffee shop or other public place. Working on public Wi-Fi networks exposes laptops and mobile devices to threats. An outside consultant can help you identify risks and develop a plan customized to your organization.
Remember that cybersecurity training is not a “one and done” event. Conduct ongoing updates to educate employees on the latest security vulnerabilities so they can recognize and avoid them.
Regular Software Updates
Ensure the installation of updates for company computers, mobile devices, operating systems, browsers and software. Keeping systems and software up to date helps protect your data from known threats and vulnerabilities. Out-of-date software exposes your network to hackers who have discovered security loopholes.
Consider manually pushing updates to employee computers to minimize the risk of letting busy employees put off updating certain programs.
According to a report from LastPass, 91% of employees understand the risk of reusing passwords, yet 61% of them still reuse passwords, increasing the likelihood of hackers gaining access to accounts.
Require employees to select strong, unique passwords for each account they use. Strong passwords have at least 12 characters, include numbers, special characters, and a combination of capital and lower-case letters. Employees should also be required to change their passwords at least every three months to keep systems secure. Investing in a password management program can aid in compliance.
As a financial professional, the security of client information should be a top concern. You may not be able to stop cyber attacks entirely, but it’s your responsibility to think about securing your client’s data in much the same way as you would protect their nest egg.