[BreachExchange] 4 Steps Advisors Should Take After a Cyber Attack

Audrey McNeil audrey at riskbasedsecurity.com
Tue May 30 19:41:36 EDT 2017


In May 2017, the "WannaCry" ransomware cyber attack infected more than
200,000 computers in over 150 countries, including multinational companies
like FedEx and government organizations like Britain’s National Health
Service, over the course of just five days. Despite its effectiveness,
security researchers warn that WannaCry was likely the work of an amateur
using code leaked from the National Security Agency earlier this year by a
mysterious group calling themselves The Shadow Brokers.

These kinds of cyber attacks may be especially worrisome for financial
advisors and their clients. An investigation by the Securities and Exchange
Commission found that only 15% of broker-dealers and 9% of registered
investment advisors offered security guarantees to protect their clients
against cyber-related losses. (For more, see: What You Don’t Know About
Cybersecurity Can Hurt You.)

It’s easy to preach the mantra of prevention - regular updating, security
protocols, and such - but what should a financial advisor do after they
have already been hacked?

1. Pull the Plug and Fix the Issue

The first step is to address the problem from a technological standpoint to
safeguard client data and ensure no future losses. This means disconnecting
compromised computers or servers from the Internet, professionally removing
the infected files, patching the vulnerability, and changing passwords
before reconnecting the device. In the case of ransomware that encrypts
data, it’s rarely a good idea to pay off criminals for access to the data.

These processes are best accomplished with the help of specialized
information technology security personnel or consulting firms.

2. Proactively Contact Clients

The second step is to proactively reach out to clients that were impacted
by the security breach and tell them to change their passwords, PIN
numbers, and other credentials for online banking and investment accounts.
These clients should also request alerts from credit bureaus and credit
card companies and consider a credit monitoring service as an added
precaution, as well as notify the Social Security Administration to prevent
any possible tax refund theft. (For more, see: 7 Cybersecurity Tips for

This is probably the most difficult step in the process, but properly
handling a security breach and being proactive can make all the difference.
A more reactive approach, where advisors might confirm the hack after
clients realize their accounts are compromised, could further damage client

3. Resolve Compliance Issues

The third step is to report the security breach to the chief compliance
officer and compliance team to take the appropriate actions. In addition,
it may be necessary to contact third parties - such as custodians - that
may have been impacted. It’s also a good idea to discuss the breach with an
attorney and alert regulatory authorities, such as the SEC, FINRA and law
enforcement to ensure that the firm remains fully compliant and that the
perpetrators may be investigated.

Financial advisors should also document the data breach, including their
responses, to inform future security measures and deal with any legal and
regulatory repercussions.

4. Prevent Future Cyber Attacks

The final step is to reassure clients and implement measures to prevent
future problems. This may involve implementing new security protocols or
hiring IT security personnel. It’s also a good idea to consider adding
cybersecurity insurance for client accounts to further reassure existing
clients. The addition of insurance could also become a long-term tool to
differentiate from other advisors that tend not to provide such coverage.

These preventative actions should be clearly communicated to both clients
and employees to help avoid future incidents.

The Bottom Line

Cyber attacks have been on the rise over the past several years. With the
NSA leaks, these attacks are likely to become more effective and
commonplace than ever. Financial advisors should take precautions to secure
their networks and prevent these problems from occurring in the first
place. But when they do occur, it’s important to immediately address the
problem, be proactive with clients, make the appropriate reports, and
improve security for the future.

By following these steps, financial advisors can mitigate the impact that a
security breach has on their client base and even improve their future
abilities to attract clients.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170530/3bd1feb0/attachment.html>

More information about the BreachExchange mailing list