A recent Investment News article highlighted the pervasive problem associated with cyberattacks and offered some guidance in the event of an attack. Before visiting that guidance, understand how pervasive these attacks are.
The SEC recently conducted a sweep on cyberattacks. This sweep revealed that 88% of broker-dealers and 74% of advisors have experienced some form of cyberattack, either directly or indirectly through a vendor. These statistics suggest that it is a matter of when, not if you will sustain some form of cyberattack.
Accepting this reality, the SEC has urged firms to be proactive and develop and deploy cybersecurity plans that address what should be done in the event of a breach. The SEC has found that most broker-dealers and advisors have such plans, which include periodic system assessments, encryption and proper backup.
So what do you do in the event of an attack? Some action steps include the following:
- Each adviser should change all of his/her passwords.
- Fully investigate what happened across systems and seek proper assistance (which should include determining what your state law is on cybersecurity breaches) before contacting the impacted parties. We have an app known as Data Breach 411 that can help you determine the state law where you are located.
- Notify those impacted, including what you are doing to ensure that it does not happen again.
We are living in a challenging world when it comes to cyber-crime. Make sure your systems are up to date and as secure as possible. Have a cybersecurity plan. If the event you are a victim, deploy your plan of action to minimize the impact.*
* photo from freedigitalphotos.net