In order to have sound cyber-security protocols, you need to do more than just physically protecting your systems and having written supervisory programs. Specifically, you need to fully engage your clients to be part of the protocol. Their participation can make your program work that much better than without them.
How so? For one, every firm should educate their clients of what type of materials, electronic or otherwise, that the client should expect to receive from the firm. You should likewise tell clients to report back to you if they receive something not in keeping with the list you previously provided.
For example, clients should be reminded that trades and money transfers are not handled via email. Any email solicitation of trades or transfers should be reported to the firm because that may reflect a security gap.
Many clients have access to their accounts on line. These clients should be reminded not to share their passwords with anyone. Likewise, the firms should have a multiple verification process to allow clients to access their statements on-line; i.e., a password and a security question to which only the client would know the answer.
Finally, you should consider having a standard presentation that you can provide clients about your cyber-security protocols. In other words, let your clients know what you have and what you are doing to protect their data.
In short, any sound data security program is going to engage a firm’s clients as much as its own internal systems, programs and policies. A collective effort is the best course to protect firm and client data. Without this joint engagement, you only run a greater risk of client harm when you have a breach.