Are you prepared to prevent a cyberattack? Many financial professionals aren’t so sure. The good news is that there are steps you can take to protect your business. Prepare your office to prevent a breach:
CREATE A PLAN TO PROTECT YOUR DATA
Organize your client information: Keep an up-to-date data inventory so you know where critical client info resides.
Identify protective measures: Determine what key controls to put into place to protect client info from unauthorized access or malicious intent.
Real world training: Maintain general awareness of threats and suspicious activities with routine exercises, like phishing awareness training, to prepare your office for commonplace attacks.
PROTECT YOUR BUSINESS WITH CYBER INSURANCE
Find the right insurance: Like car insurance, there are many carriers to choose from and the options can be overwhelming. Identify the right partner for you: When shopping for cyber insurance, read the fine print and ask yourself the following questions:
— Do they have the right expertise at the best rate?
— What procedures are in place to protect you and your business?
— If you do need their help, will they give you the runaround with reimbursement?
EMPLOY A THIRD PARTY TO VALIDATE THAT YOUR CLIENT INFORMATION IS SECURE
It could be required: Many current regulations and laws require continuous risk assessments of your protective capabilities for your firm and your third-party supply chain. Do you have a third party, like your broker-dealer, that can address a risk and remediation plan?
Here’s what you need to do if a breach occurs:
ASSESS THE DAMAGE
Begin an investigation: Within 24 hours, have a professional begin an investigation and conduct a forensic analysis to contain the breach and understand the damage.
Know your obligations: legal and regulatory obligations to your clients vary based on state of residence, so it’s important to understand your responsibilities.
Create awareness: Determine what information has been compromised and alert those affected.
CREATE A CLIENT NOTIFICATION PLAN
If your client’s data has been compromised you need to notify them.
Talk to an attorney
Do you need to do anything (e.g., offer credit monitoring)?
Sound like a lot to add to your plate? It is. The good news is, there are some easy steps you can take immediately to help secure your practice and your clients’ personal data. I encourage you to take these precautions today to protect your practice from a cyberattack, because tomorrow may be too late. If you are interested in discussing any of these topics in more detail, contact Iron Point today!