Cybersecurity Best Practices for Financial Advisors from FINRA

Recently I had the opportunity to attend FINRA’s Cybersecurity Conference in New York. To help you evaluate and enhance your firms’ cybersecurity practices, below are some key takeaways on where Financial Services companies are focusing their security efforts now.

  • Security threats come not only from outside the organization but also from within. An employee who clicks on the wrong link can compromise your entire system.
  • Hacking is no longer a “lone ranger” problem. Nations and businesses are doing this full time. It is a very serious threat.
  • Basic blocking and tackling:
    • Create a strong password and change it regularly. Use a password tool like LastPass to keep track of all your passwords
    • Reset your password at least every 90 days
    • Use Multi-Factor Authentication wherever possible
    • Implement security patches and updates regularly
    • Make a backup of your files every day – make sure you have a copy at a remote site
    • Scan all devices on a regular basis – third party services can help
    • Document and track all security incidents
    • Know your suppliers – have a good vendor management process
  • Wireless networks are more vulnerable – change your WiFi password once a month.
  • Have a separate guest WiFi network – most routers allow for this.
  • Allow only company devices to access company networks.
    • Have a dedicated company computer, do not use personal device for business use
  • Know where your data is – keep track of storage location.
  • Conduct risk assessments of employees who have left the company and current employees.
  • Investigate accidental disclosures – info sent to wrong recipients via email, etc.
  • Implement systematic and regular security training on Phishing, Malware, recent trends, for your employees and yourself. You can subscribe to third party training modules.
  • Have a data breach plan – communication, steps to recover, and documentation.
  • Have a Ransomware plan
    • Try not to pay $ – it does not guarantee decryption key
    • Good systematic backups are critical to recover from Ransomware
    • Have “Airgap” – store backups periodically at a disconnected location – third-party services are available to help
  • Encrypt your hard drive – Microsoft comes with a free disk encryption program called bit locker. Full disk encryption software is available for Macs as well.
  • Document your security policies and procedures – several templates/tools are available to prepare the documents.

When it comes to cybersecurity, there are no magic bullets, but being careful and taking smart precautions can improve your odds of keeping your systems and data safe.


R 18-114

The contents of any report published herein are for informational and educational purposes only. The articles are not to be construed as investment, tax, financial, accounting, or legal advice. Individuals should seek independent advice from a tax professional based on his or her individual circumstances.

The analysis contained in any publication published or otherwise disseminated by Buckingham Strategic Partners (BSP) on this site is based on the data available at the time of publication which may become outdated or otherwise superseded at any time without notice, and the opinions of BSP. Certain information contained therein is based upon third-party sources, which BSP believes to be reliable, but is not guaranteed for accuracy or completeness. Neither the SEC nor any other federal or state agency or non-U.S. commission has confirmed the accuracy or determined the adequacy of information published or disseminated by BSP. Any publication or dissemination of information to the contrary is unlawful. Each reader acknowledges the contents published or otherwise disseminated by BSP is the sole property of BSP and any reproduction or distribution of such information, in whole or in part, other than for its intended purpose with credit provided to BSP, is prohibited. BSP reserves the right to remove, alter, edit, or adapt any third-party content published, contributed, or subject to applicable law.

By clicking on any of the links within the articles on this site you acknowledge that they are solely for your convenience, and do not necessarily imply any affiliations, sponsorships, endorsements or representations whatsoever by us regarding third-party Web sites. We are not responsible for the content, availability or privacy policies of these sites, and shall not be responsible or liable for any information, opinions, advice, products or services available on or through them.