Defending Your Financial Practice in the Digital Age

October 25, 2024

Technology has revolutionized the financial advising landscape, enabling advisors to deliver real-time information and empowering clients with greater control over their accounts. Yet, with these advantages comes a considerable increase in potential liabilities. Cybersecurity has become a mission-critical concern for financial practices. A single breach can cause irreparable harm — not only to your reputation but also to your clients' trust and financial well-being. So, why does cybersecurity matter for financial advisors, and how can you protect your business from threats?

Why Cybersecurity Matters for Financial Practices

Financial advisors are custodians of vast amounts of personal, financial, and tax-related data. This information is invaluable to cybercriminals, who can use it to commit identity theft, fraud, or even ransomware attacks. Beyond the immediate risks to your clients, a breach can also lead to steep fines, lawsuits, and regulatory action.

In our business, trust is everything, and a cybersecurity breach can destroy that trust in an instant. Clients rely on knowing their personally identifiable information (PII) is fully protected under your care. Implementing strong cybersecurity practices protects your firm from legal and financial repercussions and reinforces your clients' confidence in you.

Cybersecurity Threats Facing Financial Advisors

Cybersecurity threats come in many forms, and they are constantly evolving. Here are some of the top risks facing financial practices:

Phishing Scams: Cybercriminals pose as trusted contacts to trick advisors or clients into revealing PII.
Malware and Ransomware: Hackers can infiltrate a firm's systems through malware, locking access to vital files and demanding a ransom to unlock them.
Insider Threats: Disgruntled employees or inadvertent actions by staff can lead to breaches, making internal cybersecurity protocols just as important as external defenses.
Data Breaches: With sophisticated hacking techniques, cybercriminals can access client databases, use them for financial crimes, or sell them on the dark web.

The bottom line is that financial practices are an appealing target for hackers. The consequences can be devastating to an advisor, ranging from financial loss to reputational damage.

How To Protect Yourself and Your Clients

While the cybersecurity landscape is challenging, financial advisors can take several proactive steps. Here's what you can do to strengthen your defense:

Train Employees: Conduct regular cybersecurity training for all employees to raise awareness of phishing scams, password security, and safe online practices.
Report Phishing: Add the Report Phishing button to your Outlook for a secure way to report malicious or fraudulent emails to LPL's Security Awareness Team for review.
Cybersecurity Pre-Risk Assessment: Complete this document to receive recommendations from LPL's Advisor Information Security Team about how to help secure your office.
Security Incident Response Plan:Complete this document as this plan provides a framework for your practice to identify and respond to a potential cybersecurity incident. This plan outlines specific steps that should be taken for specific types of incidents.
Implement Multi-Factor Authentication (MFA): Requiring MFA for all sensitive logins adds an extra layer of protection, ensuring that unauthorized access is prevented even if passwords are compromised.
Use Strong Passwords: Weak passwords are one of the simplest entry points for hackers. Ensure that all employees and clients use complex passwords and update them regularly. Consider using password management tools.
Encrypt Client Data: Encrypt sensitive PII so that if it is intercepted, it cannot be read without the proper decryption key.
Install Security Software (and Keep it Updated): Ensure that you have robust anti-virus, anti-malware, and firewall protections in place — and that these systems are updated regularly to defend against the latest threats.
Perform Regular Security Audits: Regularly audit your systems for vulnerabilities. Penetration testing, where cybersecurity professionals attempt to hack your system, can help you identify and patch weak spots before real attackers find them.
Have a Response Plan: Create and regularly update a detailed incident response plan that outlines how your firm will respond to a cyberattack or data breach.

What to Do If There's a Breach

Despite your best efforts, breaches can still happen. Having a clear plan for how to respond is essential for minimizing damage. Here's what to do if your financial practice experiences a cyberattack:

Contain the Breach: Immediately disconnect affected systems to prevent further access to PII.
Assess the Damage: Identify what information was compromised, which systems were affected, and whether the breach has been fully contained.
Complete the LPL Incident Submission Form: This form should be used to report all potential, suspected, or confirmed privacy incidents involving LPL systems, LPL financial professionals, and LPL data. Privacy incident(s) may be deemed reportable "data breaches" under applicable law(s). Should any new information be discovered after submitting the form, please contact the investigator assigned to the incident or contact the LPL Privacy Office at PrivacyResponseTeam@lplfinancial.com.
Follow steps within the Security Incident Response Plan based on which type of incident occurred.
1. Malware
  1. Complete and submit the LPL Incident Submission Form.
  2. Scan the device to confirm malware on the computer and remove the malware. If possible, provide LPL with proof that malware was on the device and successfully removed. Do not wipe the computer and its data, as LPL will need to assess what data may have been compromised.
  3. Change passwords on all LPL accounts.
  4. (Optional) Request a fraud alert on your account (reportfraud@lplfinancial.com).
2. Ransomware
  1. The FBI does not support paying a ransom.
  2. Complete and submit the LPL Incident Submission Form.
  3. Contact a local IT service provider for assistance.
  4. Have the IT provider scan the device to remove the ransomware. If possible, provide LPL with proof that malware was on the device and successfully removed. Please instruct the IT provider not to wipe the computer and its data, as LPL will need to assess what data may have been compromised.
  5. Change passwords on all LPL accounts.
  6. (Optional) Request a fraud alert on your account (reportfraud@lplfinancial.com).
3. Lost/Stolen Device (Desktop/Laptops)
  1. (optional) File police report of theft as applicable (e.g. home break-in).
  2. Complete and submit the LPL Incident Submission Form. Provide the encryption status of the lost/stolen device.
  3. Change passwords on all LPL accounts.
4. Lost/Stolen Device (Mobile)
  1. (Optional) File a police report of theft as applicable (e.g., home break-in).
  2. If the device is lost, utilize built-in location tracking services as applicable (e.g., FindMy app).
  3. Notify the phone service provider to remotely disable/shut down the device.
  4. If the device is used for LPL business (e.g., email, myRepChat), complete and submit the LPL Incident Submission Form.
  5. Change passwords on all LPL accounts.
5. Business Email Compromise
  1. Complete and submit the LPL Incident Submission Form.
  2. Advisor should change their password on the compromised account.
  3. Advisor should enable/confirm that MFA is enabled.
  4. Scan the computer for malware.
  5. Change passwords on all LPL accounts.
6. System Compromise
  1. Complete and submit the LPL Incident Submission Form.
  2. Scan the device to confirm malware on the computer and remove the malware. If possible, provide LPL with proof that malware was on the device and successfully removed. Do not wipe the computer and its data, as LPL will need to assess what data may have been compromised.
  3. Change passwords on all LPL accounts.
  4. (optional) Request a fraud alert on your account (reportfraud@lplfinancial.com).
7. Remote Access to System
  1. Complete and submit the LPL Incident Submission Form.
  2. Scan the device to confirm malware on the computer and remove the malware. If possible, provide LPL with proof that malware was on the device and successfully removed. Do not wipe the computer and its data, as LPL will need to assess what data may have been compromised.
  3. Change passwords on all LPL accounts.
  4. If any payment information (e.g. credit/debit card, Google/Apple Pay) is stored on the device, contact the bank/institution to freeze/replace cards.
  5. Request a fraud alert on your account (reportfraud@lplfinancial.com).
8. Third-Party Vendor Compromise
  1. Complete and submit the LPL Incident Submission Form.
  2. Change passwords on all LPL accounts.
  3. Ensure MFA is enabled on third-party compromised account.
  4. If SSN was compromised, contact the 3 major credit bureaus to freeze your credit (identity.gov).
9. Social Engineering
  1. Complete and submit the LPL Incident Submission Form.
  2. Scan the device to confirm malware on the computer and remove the malware. If possible, provide LPL with proof that malware was on the device and successfully removed. Do not wipe the computer and its data, as LPL will need to assess what data may have been compromised.
  3. Change passwords on all LPL accounts.
  4. (optional) Request a fraud alert on your account (reportfraud@lplfinancial.com)
10. Phishing Attack
  1. Report the suspicious email using the Report Phishing Button. If you don't have the button, send the email to AdvisorSOCmailbox@lplfinancial.com.
  2. If advisor interacted with the email (e.g., opened attachment, clicked link in email), complete and submit the LPL Incident Submission Form.
  3. Scan the device to confirm malware on the computer and remove the malware. If possible, provide LPL with proof that malware was on the device and successfully removed. Do not wipe the computer and its data, as LPL will need to assess what data may have been compromised.
  4. Change passwords on all LPL accounts.
  5. (optional) Request a fraud alert on your account (reportfraud@lplfinancial.com).
11. Data Breach
  1. Complete and submit the LPL Incident Submission Form.
  2. Change passwords on all LPL accounts.
  3. Ensure MFA is enabled on third-party compromised account.
  4. If your SSN was compromised, contact 3 major credit bureaus to freeze your credit.
Follow directions from LPL's Privacy Response Team: This team will provide step-by-step instructions on how to handle the incident.
Review and Strengthen Security Protocols: After a breach, conduct a full review of your cybersecurity measures to identify weaknesses and prevent future incidents.
Communicate With Clients: Rebuilding trust after a breach can be challenging, but open, honest communication with clients about how you are addressing the issue will help reassure them that you're committed to protecting their data.

Cybersecurity is not just an IT issue; it's a core business responsibility for financial advisors. By understanding the threats, proactively protecting your systems, and having a plan in place for handling breaches, you can safeguard your clients' data (PII) and your firm's reputation. At Pilot Financial, we're committed to maintaining the highest levels of security, ensuring that your financial future is protected. Refer to our Security Incident Response Plan for more details.