Who’s responsible for cybersecurity: The adviser or the firm?
Q: All we keep hearing about at my firm is “cybersecurity.” I get what I’m supposed to do: Don’t click on strange links in e-mails. Watch out for phishing attempts. Verify distribution requests with my clients verbally. Beyond that, isn’t it the firm’s responsibility to make sure its systems are buttoned up?
A: Actually, the measures you’re taking aren’t the only ones that you personally need to worry about when it comes to cybersecurity.
If you work from home, is your modem secure? If you’re working remotely from a coffee shop, is the Wi-Fi allowing hackers to access your laptop? Do you save your passwords on your smartphone in an unencrypted file? Do you use the same password for different accounts? And have you failed to speak to your clients about how they’re keeping their financial information secure?
These are just a few of the additional questions you should be asking yourself.
It might help to re-think your attitude about cybersecurity. Treating it as your firm’s responsibility, not yours, is surest way to undermine your firm’s security (cyber- or otherwise).
The number and frequency of attacks continue to grow, putting your clients’ money at risk (not to mention your firm’s).
Broker-dealers that get hit with cyberattacks not only lose money as a direct result of the incursions, but also lose clients when their reputations take a hit — sometimes at a greater cost than the immediate loss from the financial breach. And if your firm loses clients, you can bet that you’re losing clients —and income — as well.
So if you can’t get on board for the sake of your employer and you’re not concerned about your clients losing money, then at least do it for the sake of your own pocketbook.