Identity theft is an increasing risk for all of us as we move our personal, business and professional lives more and more into the cloud. So it becomes more and more important for investors to ask how their wealth managers protect clients from cyberattack.
Cybersecurity and Regulators
As important as cybersecurity is for consumers, it is an increasing concern of regulators like the Financial Industry Regulatory Authority (FINRA), Securities Exchange Commission and state securities regulators. For regulators at all levels this has become a higher examination priority because at least 74 percent of advisors have been a target of cyberattack, according on one recent SEC examination.
Here at Clear View Wealth Advisors, we take privacy and security very seriously. This is because we operate in Massachusetts, the state that once saw one of the largest business hacks ever, which prompted the Attorney General to draft new rules for businesses handling sensitive personal information.
What came out of this were new Massachusetts standards for the protection of personal information that all firms doing business in the state needed to have in place. Formally, this is outlined in a law (Massachusetts 201 CMR 17.00) which not only outlines a firm’s response to a data breach but how to prevent personal information from being breached in the first place.
This issue has been a priority for the firm’s founder, Steve Stanganelli. As early as 2009 he participated in making several presentations with local legal experts to business groups in the Greater Boston area outlining the new regulations and how best to manage the new compliance responsibilities. And he became the lead on implementing the new security rules at the registered investment adviser where he worked at that time.
So it was only natural that when Clear View was launched in 2010 that Stanganelli made compliance and security a priority by adopting a formal Written Information Security Protocol (or WISP).
Fast Forward to 2016: How Wealth Managers Protect Clients from Cyberattack
Early on, Clear View put in place both physical and electronic measures to protect client data.
Physical security has included such measures as shredding paper that contains sensitive information, locking offices, and engaging alarm systems. We also have policies in place to deal with instructions from clients requesting distributions of cash from their accounts such as matching the email used with one on file in our database and following up by phone or getting a signed note of instruction.
Electronic security has included password-protected computers, encrypted hard drives, data back ups locally and in the cloud through other services that further encrypt data, and use of an encrypted password manager to protect against data access on the various cloud-based planning software programs Clear View uses. And many passwords are regularly updated or changed at the master password level (annually) and at the individual site level (usually every 90 days to six months).
Each time we contract with a cloud-based software provider we ask them about their own security compliance with these Massachusetts rules which have become the standard used throughout the country. In one such case, we use an online financial planning program from PIE Technologies called MoneyGuidePro. We offer the ability to clients to link their data on their accounts to the program so that we can have up-to-date information on assets and liabilities. This helps us plan better. And the service that PIE Technologies uses to link and synchronize accounts is the same offered at many of the nation’s largest banks with the same high level of data encryption and security in place.
We also have instituted fire walls on our network as well as use software to defend against malware, spyware and cyber-threats. Our software is automatically updated to help stay abreast of current potential threats.
Cybersecurity a Priority with Regulators
All of this is especially timely as Clear View recently has gone through an audit examination in January, its second in three years. During the most recent audit, state examiners asked a number of questions about the company’s WISP and cybersecurity in particular. While the results of the audit will not be know for several weeks, they seemed pleased with the thoroughness of the firm’s plans in place.
Cybersecurity is Front and Center as an Issue with Clients and Potential Clients
Recently, Steve Stanganelli was interviewed for an post appearing on CNBC.com on how wealth managers are defending against being a target for a cyberattack. As Stanganelli noted in the article, cybersecurity is front and center with the firm and clients.
When I talk with [clients and prospects], I disclose how I deal with security of client data right up front … Both clients and prospects appreciate it when I mention this . Many will comment on their concerns about ID theft, especially highlighted during tax season …
Steve Stanganelli, CFP®
One way Clear View helps improve client security and the planning process is to provide each client with a dedicated and secure client folder that is accessible through Citrix ShareFile using a special randomly generated, time-sensitive code for clients to use. This is a high level security tool used by government and others to share sensitive information more securely.
To read more on Steve Stanganelli’s comments and the measures taken by other wealth managers, you may read the CNBC.com article by Deborah Nason here.
