Tips for developing a cybersecurity plan for your firm

Cybercriminals are becoming bolder and more sophisticated in their efforts to hack into networks in search of personal information and ultimately, large sums of money. At the same time, technology has developed in a way that can enhance the capabilities of these bad actors. That’s why now more than ever, it’s important to have a comprehensive cybersecurity plan for your firm.

HOW MERIT IS PUTTING ITS PLAN INTO ACTION

Merit Financial Advisors has made a major investment in technology in recent months. One of our primary focuses is to consolidate client data into a single internal system. While a lot of that data is already under our ownership, we are focused on extending all of those ones and zeros into a data warehouse, creating direct feeds of information from different sources. A data warehouse creates an automated means of receiving data, rather than having it manually entered into a system.

None of these processes would be successful without proper planning, putting a multilayered cybersecurity plan in place to ensure all of this confidential data is protected. Merit has put the following safety measures in place in order and we recommend other firms do the same to give advisers and clients peace of mind:

• Encryption: Whether data is being transferred or is at rest, make sure it's being encrypted, or coded, to prevent unauthorized access. In addition, make sure the portals between your firm’s systems and the systems of your outside partners are encrypted, as well.

• Multifactor authentication: This is one of Merit’s biggest lines of defense when it comes to combating cyberattacks. Any system that has personal information cannot be accessed without the MFA, single sign-on approach. In essence, this removes virtually any ability for those outside of our network to access any of our portals.

• Employee awareness training: We require all employees to undergo periodic digital awareness training to make sure they learn the best cybersecurity practices for protecting their data. The most common way for a cybercriminal to access a digital system is through a phishing attempt, or sending an email claiming to be from a reputable company in an effort to get an employee to click a link and submit personal information. Our goal is to keep our team fully up to speed on the latest tactics and tricks cybercriminals are using, so we test our system and users with authentic-looking emails and false phishing attempts. We train users to check for identifiers, such as the full email address at the top of a message, to be sure the note they’re receiving is legitimate.

• Network monitoring: Similar to the way we monitor our staff’s interactions with fake phishing emails, our technology team constantly tracks all of our systems, including physical computers and virtual desktops. Team members are also able to follow the movement of employees' files, keeping a log to monitor activity. If we notice a bad practice, like saving an email attachment locally to a computer, we ask the employee to remove the file and be sure they know how to save it properly.

IT TAKES A TEAM

It wouldn’t be possible to manage a complex network of technological systems without outside partners. At Merit, we teamed up with F2 Strategies, a wealth technology consulting firm, which has advised us through the development and now the action phases of our comprehensive technology plan. We also work with North Networks, an IT support system that serves as host cloud for our data. Our team’s thorough research led us to these partner firms, which hold the same high standards for data protection and safety as we do.

STAY AHEAD OF THE GAME

Merit continues to do the most it can to stay ahead of the game when it comes to cybersecurity. It’s important for any firm that's serious about investing and protecting their technology and data to continue training and educating their staff on best practices. Too often, someone can get into a bad habit that could result in their firm being vulnerable to a bad actor. Continued education and training is the best way to promote data safety and security, which are in the best interests of your firm and your clients.

[More: Failure to overhaul cybersecurity for remote work creates regulatory risks]

JP Pattinson is a wealth advisor and vice president of technology at Merit Financial Advisors.