Most advisers' cybersecurity training insufficient

Firms would be better off with shorter, more frequent sessions for employeees
FEB 07, 2017
Financial advisers should be spending about three times as much time training their staff each year on how to protect the firm and client data from cybersecurity dangers, experts said. About two-thirds of financial advisers spend two hours or less annually on cybersecurity training, according to a TD Ameritrade Institutional survey of advisers taken last year. One third of advisers are spending an hour or less. “Most firms do it only once a year and cram in an hour or two, and that's totally insufficient,” said Joel Bruckenstein, a financial industry technology consultant. “Training would be much better if it occurred more frequently for shorter periods.” Firms generally should aim to provide about 30 minutes of training each month to everyone at the firm, going over the latest cyberscams that are going around and reminding everyone about safe online procedures and password safety, he said. About 6% of firms spend seven hours or more on cybersecurity training, the survey found. (More: Is cyber insurance worth the cost?) The cybersecurity guidance issued by the Security and Exchange Commission's Office of Compliance Inspections and Examinations said employees can be a firm's first line of defense if they are properly trained to recognize suspicious activity and understanding the firm's procedures when it comes to reporting issues. Without proper training, though, employees can put a firm's data at risk, it said. Jared Hoffman, managing director of operations for Buckingham Strategic Wealth, said his firm recognizes the importance of training and hosts several mandatory sessions for employees every year, as well as additional specialized sessions every couple of months. “This is not a one-time thing. It's constantly evolving because there are new, big scams all the time,” he said. Training that focuses on specific examples of, for instance, a social engineering email or a fake call from the Internal Revenue Service, are especially effective at making employees see their vulnerabilities and understanding the seriousness of the issue, he said. (More: Watch for this new cybersecurity scam, IRS warns) “We keep adapting the presentations to what's happening in the real world,” Mr. Hoffman said. Careless actions of employees are responsible for about 59% of cyberattacks on businesses, according to a recent study by Kapersky Labs. Last year Ameriprise Financial had to take action when one of its advisers was discovered to be putting client data at risk by synchronizing files from his office to his home in an unsecure way. The Minneapolis-based firm had to reach out to warn clients about the risk. About 3% of advisers said they've had firm-level or client data compromised because of a security breach, according to preliminary data from a recent InvestmentNews adviser technology benchmarking study. About 4% of advisers were not sure if data had been compromised, the study found. (More: What advisers can expect from an SEC exam) The areas that SEC examiners may look at when they evaluate a firm's cybersecurity preparedness focus on how training is tailored to specific job functions and how the training encourages employees to be responsible, the OCIE guide said. Brian Edelman, chief executive of Financial Computer Inc., said advisory firms should make sure they are following all the guidance from the SEC if they want to make it through an examination. “This isn't something the regulators are grading, they just want to see that you're acting on this,” he said. About half of advisory firms have documented cybersecurity training plans and procedures in place, the TD Ameritrade Institutional survey found.

Latest News

Former Wells Fargo exec Brendan Krebs emerges at PNC
Former Wells Fargo exec Brendan Krebs emerges at PNC

The 25-year industry veteran previously in charge of the Wall Street bank's advisor recruitment efforts is now fulfilling a similar role at a rival firm.

Trio of advisors switch for 'Happier' times at LPL Financial
Trio of advisors switch for 'Happier' times at LPL Financial

Former Northwestern Mutual advisors join firm for independence.

Indie $8B RIA adds further leadership talent amid growth drive
Indie $8B RIA adds further leadership talent amid growth drive

Executives from LPL Financial, Cresset Partners hired for key roles.

Stock volatility remained low despite risk events
Stock volatility remained low despite risk events

Geopolitical tension has been managed well by the markets.

Fed minutes to provide signals on rate cuts
Fed minutes to provide signals on rate cuts

December cut is still a possiblity.

SPONSORED The future of prospecting: Say goodbye to cold calls and hello to smart connections

Streamline your outreach with Aidentified's AI-driven solutions

SPONSORED A bumpy start to autumn but more positives ahead

This season’s market volatility: Positioning for rate relief, income growth and the AI rebound