Fourteen years ago, when thousands of financial and client records were destroyed in the 9/11 attacks on The World Trade Center, the big worry for the financial services industry was how to safely maintain and back up all of the paper copies of their books and records required to be maintained by the rules and regulations under which they operate. In 2015 maintaining required books and records and backups in hard copy format is becoming almost unheard of.
One would think that the digital age would make record keeping easier, cheaper, efficient and safer to maintain all of the records required to be maintained by the Securities and Exchange Commission (“SEC”), the Financial Industry Regulatory Authority (“FINRA”) and all of the state regulatory bodies’ rules and regulations. Typically this is the case. However, one big issues most small investment advisers fail to take into consideration is the safekeeping of all of the electronic records, both those maintained locally and backed up offsite; records that contain confidential, non-public information regarding their clients and the Adviser itself. Theft of these records could cause financial ruin for both the Adviser and its clients.
In a recent blog post we discussed an SEC action against a registered investment adviser for failing to have reasonable policies and procedures in place to protect sensitive client information. Due to the lack of procedures there was an intrusion into the adviser’s network, which left all of its clients’ personal, non-public information vulnerable to theft. Over the past few years these types of intrusions have become quite prevalent. So much so that President Obama has designated October as National Cyber Security Awareness Month. You can find out more about National Cyber Security Month on the U.S. Department of Homeland Security’s website.
One final note; having a cybersecurity policy is only a good start to protecting your and your clients’ personal and confidential information. Designing a cybersecurity policy that provides safeguards that your adviser or broker-dealer will realistically be able to implement AND enforce is the only way to truly keep your electronic data safe.
If you have any questions or need help with your cybersecurity policy, please contact us. Red Oak stands ready to help you.