8 Cybersecurity Tips to Protect Your Clients and Your Business

While keeping your business and clients safe might seem daunting, it doesn’t have to be. Here are eight tips to help you stay one step ahead of cybercriminals:

Enable Multi-Factor Authentication (MFA)

Your password is your first defense in protecting your electronic accounts and devices from unauthorized access. While it might be convenient to choose your child’s birthday or your first pet’s name as your password, they can also be more easily guessed by bad actors. Instead, choose complex passwords longer than 14 characters that incorporate upper and lowercase letters, symbols and numbers. Remember: the longer and more complex the password, the harder it will be to crack.

If you’re looking to add an additional layer of security to your accounts and make it more difficult for bad actors to access them, implement multi-factor authentication (MFA). This means something you have, like a code to your phone, email or biometric data, and something you know, like your password. Many websites — including financial, healthcare and government — already require the use of MFA by default as it offers increased protection against account takeover.

And remember, if you discover a password is compromised, change it (and others like it) immediately and monitor your accounts for fraudulent activity.

Regularly Review Privacy Settings

You can bolster your online privacy by regularly checking and adjusting the privacy settings on your online accounts, like social media platforms or email services, at least once a year to help ensure your personal information is only being shared according to your desired level of privacy. You should also regularly review third-party app permissions and revoke access to any suspicious or unused applications.

Dispose of Sensitive Documents Correctly

As we’ve already highlighted, it’s critical to stay vigilant regarding your online data. However, it’s equally important to properly dispose of sensitive documents.

When it comes to paper copies of documents containing personal or sensitive data, there are a few ways to help keep them safe.

• Enact a “clean desk” policy requiring staff to lock sensitive documents away securely in a desk drawer, locked cupboard, or filing cabinet when they are away from their desk.
• Regularly check printers and scanners to ensure documents are not left behind. Print software can be installed to hold print jobs until the employee releases them using their employee badge or number.
• Take the time to shred sensitive documents. By changing personal and sensitive information into unreadable pieces, shredding prevents access by the wrong people, making it challenging for bad actors to piece together information for malicious purposes.

The nature of the financial advisory business requires the digital sharing of personally identifiable information and other sensitive data, but there are a few ways to help you help keep this information from ending up in the wrong hands.

• Help protect data through encryption. To send and receive sensitive information, you need end-to-end encryption. This method of sharing data is a great option because only the sender and receiver can decrypt the shared information and therefore are the only ones who can view the contents.
• Use a file sharing system — which uses encrypted cloud storage — instead of email to help keep your client files backed up and protected from threats.

While this section discusses ways to dispose of sensitive documents, it’s also important to understand how long you should retain these records. SEC Rule 204-2, also known as the “books and records” rule, is a critical regulation for financial organizations subject to SEC oversight with far-reaching implications. It is the job of financial advisors and their teams to stay up to date on the rules and regulations for retaining various documents.

Use Public Wi-Fi with Caution

Public Wi-Fi refers to wireless networks that are available in public places like coffee shops, airports, libraries, and stores. This allows individuals to connect their devices and access the internet without the need for a password or authentication process.

Although convenient, public Wi-Fi networks are often unencrypted, meaning that any data transmitted over the network — such as login credentials, financial information or personal data — can be potentially intercepted by unauthorized individuals.

Given the security risks associated with public Wi-Fi, it is advisable to take caution and exercise security precautions to help protect your — and your clients’ — data and online privacy.

If you do need to use your phone or computer for business purposes in a public place, use a VPN or use your phone as a hotspot.

Enable Automatic Software Updates

Software updates are critical for maintaining the security and performance of your devices and applications. Beyond protecting you and your business from cyber threats, they can improve your client’s experience and ensure compatibility with other software and hardware.

Most software and apps will automatically download and install updates when they are available from the developer. However, if you prefer a more manual approach, you should make it a habit to regularly check for updates which can usually be found in the “help” or “about” menu of your software or app.

Be Aware of Phishing Attempts

Scammers might use email or text messages to trick you into giving them personal or financial information. Once this information is obtained, they might be able to get access to your email, financial accounts, or your clients’ accounts with the goal of using that information or selling it to other bad actors.

There are several ways to protect yourself:

1. Be cautious of suspicious emails, texts, or calls asking for personal information, even if they appear legitimate. While real companies might communicate with you by email or text, they won’t email or text you with a link to update your payment information or request your password.
2. If you do receive a questionable email, report it to the company being impersonated as well as your IT team.
3. Mark the email as spam in your and run a malware scan on your computer.

While it’s critical that financial advisors and their staff can spot suspicious emails or phishing attempts, it’s equally as important that their clients can spot them too. Take time to educate your clients on spotting malicious communications and what they should do if they receive one.

If you, or someone your team, opens a phishing email, immediately alert your IT department so they can mitigate the damage to stop potential damage from spreading.

Use Cloud Storage to Help Protect Data

The cloud offers a convenient way to store, manage, and access data from anywhere. Unlike traditional storage on a hard drive, it doesn’t rely on a single computer. Instead, it moves between computers and storage devices in large industrial facilities.

When utilizing cloud storage, make sure it offers encryption and don’t forget to turn on multi-factor authentication to prevent unauthorized individuals from accessing the account.

Cloud storage is great for keeping files but also serves as a fantastic backup against Ransomware as it uses features like versioning, which can potentially help you to restore previous versions of your data from a point in time before a ransomware attack.

Consider Cyber Insurance and Identity Theft Protection Services

Cyber insurance covers a wide range of expenses that can arise from cybersecurity incidents and data breaches. Discuss your needs with knowledgeable insurance brokers who specialize in cybersecurity, and whether first-party coverage, third-party coverage, or both are best for your business.

These policies typically cover expenses such as legal fees, forensic investigation costs, and data recovery. Beyond direct financial coverage, cyber insurance policies often extend their protection to include business interruption and lost revenue resulting from a cyberattack. Carefully review the terms and conditions of these policies before committing to coverage. Regularly review your cyber insurance policy to ensure coverage remains adequate as the cybersecurity threat landscape evolves.

Identity theft protection services offer the ability to monitor your credit files and can alert you to unauthorized activity, such as a new credit account or bank account opened in your name, allowing you to act quickly and report the issue.

Being proactive and vigilant is to the first step to helping protect your clients and your business. It only takes one person to compromise the entire firm. By understanding potential risks, putting best practices into action, and regularly educating your staff and clients, you can significantly reduce your exposure to potential data issues and threats.