What To Do After Your Financial Advisor Gets Hacked

Commentary by Brian Edelman, Financial Computer CEO.
Link to the article: CNBC.

Imagine, a cybersecurity breach has occurred at your financial advisor’s firm. Important and sensitive information that you have trusted your advisor with has been compromised. Now what?

Your first reaction may be to fire your financial advisor on the spot. That is the initial reaction from almost everyone we talk to.

However, this is exactly what you should not do. Your financial advisor might be the key to securing your information, and you do not want to destroy that relationship — at least, not just yet.

Instead, talk to your financial advisor about the situation. Gather information and find out everything you can about the breach.

Then take the following steps.

  • Change your passwords and pins. Make sure to change your passwords and pins on all of your accounts. This helps to prevent fraudulent access into these accounts. If you use the same passwords or pins anywhere else, you are going to need to change them as well.
  • Watch your credit reports. Look for accounts or charges you do not recognize. Cyberthieves can use the leaked information to open accounts in your name. Putting a fraud alert on your credit would be a good idea. For even more protection, you can put a security freeze on your credit.
  • Contact your bank and credit card companies. Let these financial institutions know that a breach has occurred with your financial advisor and that your information may have been compromised. Ask them to cancel your account(s) and issue you new account numbers.
  • Set notifications. Log into your accounts and set up your notifications. You can set up text or email alerts to notify you of any activity so you will immediately be made aware of any unauthorized transactions.
  • Get your advisor’s cybersecurity insurance information. Just like when a loss has occurred in a vehicle accident, one of the most important items to get is the insurance information of the other driver; insurance companies have the experience, resources and money to mitigate the damage. So be sure to ask your financial advisor for the details of their cyber insurance policy information. Without proper cyber insurance and an incidence response plan, the financial advisor’s practice more than likely will not survive a breach.

Hindsight, of course, is 20/20, but there are some questions that you should ask your financial advisor before a cybersecurity breach ever occurs. And chances are, you probably do still have time, because your advisor hasn’t been hacked … yet. But the risks do grow every day with the more we rely on technology, so ask these questions before it’s too late:

1. Do you have a WISP, and can I see it?
This is a Written Information Security Plan. The financial advisors of a firm that has a WISP typically have better security awareness. These plans need to include appropriate administrative, technical and physical safeguards to protect your private information.

2. Are all devices that have access to my private information encrypted?
A financial advisor’s WISP plan requires that all devices containing any private information be encrypted. To what extent are these devices encrypted? We recommend devices have Full Disk Encryption. Full Disk Encryption will keep all of the information stored on them safe, preventing unauthorized parties from seeing your private information.

3. Do you have a privacy policy?
If so, can I see it, and is it listed on your website? If a financial advisor collects personal information online, they should have a privacy policy posted. The policy must, among other things, disclose what personal information is collected, how it is used and how it will be protected.4. How do you dispose of records containing private information?
Discarding records that contain private information on them before rendering the information unreadable puts your information at risk. Federal and state laws require that financial advisors take steps to protect private information from unauthorized access or use during disposal. This includes burning, shredding or pulverizing paper records and permanently erasing all electronic media containing your private information.5. How do you select and monitor your service providers (vendors)?
Any vendor that your financial advisor is using that has access to your private information needs to be contractually required to maintain appropriate safeguards to keep your private information safe.6. What custodians or broker-dealers do you use?
Find out about the financial institution. Knowing what custodians or broker-dealers your financial advisor uses can help you decide if they are the right advisor for you.

Asking questions is not enough!

You know the old saying, “Seeing is believing.”What have you observed your financial advisor doing to protect your private information?When your financial advisor receives hard-copy documents from you that contains your private information, do they take the time to express being careful with your private information? If your financial advisor needs to send you an email containing private information, how do they send the email? Are they sending it using a secure email program, or are they just sending it via regular email? Anytime an email is sent containing private information, it needs to be sent using a secure email program.Did your financial advisor take the time to help you set up notifications on your accounts? How do they respond when you have a question?Selecting the wrong financial advisor could be as risky as taking your entire life savings to a casino and betting it on one hand. You wouldn’t want to gamble away your life savings, so you should not hand over the financial reins to someone who is not trustworthy.

Yes, now it might be time to fire your advisor

If you are among the unlucky clients who has never asked these questions, you still need to consider each one after a breach. And once you have gathered all the relevant information, the biggest question of all is still left to answer: Has your financial advisor done everything required in order to protect your private information?If the answer is no and your information is now in the hands of cybercriminals, you are going to want to hire an attorney and, most likely, fire your financial advisor at the end of the process.However, if the financial advisor was taking all of the necessary actions to keep your information safe, you are going to want to get on the team with your financial advisor and work to help resolve this breach.We recognize that a data breach is scary, but you do not have to panic. Data breaches do not necessarily mean that you will become a victim of identity theft. Following the advice above will help make this high-stakes decision of whether to keep or choose a new financial advisor a little easier — and reduce the risk of theft.— By Brian Edelman, CEO at Bloomfield, New Jersey-based cybersecurity company Financial Computer