November 3, 2017
- Managing Director, Institutional Oversight and Control, TD Ameritrade Institutional
“As Managing Director of Institutional Oversight and Controls, my team and I are committed to helping advisors safeguard and protect client accounts at TD Ameritrade through education, collaboration with industry experts, and building awareness around industry trends.”
-Bryan Baas, Managing Director, Institutional Risk Oversight and Controls
Cybersecurity risks have prompted the Securities and Exchange Commission (SEC) and state regulators to increase oversight and enforcement of advisor security measures. Regulators are focused on how registered investment advisors protect client information as part of their overall fiduciary responsibility.
Here are 11 ways to help protect your clients while meeting today’s higher regulatory standards:
1. Go old school. Since your email system is one of your firm’s most vulnerable access points, the safest way to communicate with clients is on the telephone. If you receive an email request for account information or a funds dispersal, call the client at the phone number you have on record. Don’t just trust your Caller ID—make the call yourself!
2. Establish a verbal password with each client. Explain that you will not release information or make changes to an account over the phone or without that password. Never use that password in an email.
3. Know your clients’ online habits. If it’s unusual for a client to email you, simply pick up the phone and call them.
4. Reinforce your firewall. Make sure the security software on all your computers and mobile devices is updated regularly, including antivirus and antispyware protection.
5. Use encryption software. Encryption software is commonly used to protect databases, but you should also use it for everything from email to texts. Encryption usually is an “add-on” for most email systems, so you may need to specifically request it from your Internet service provider or your software vendor.
6. Secure your backup files. Whether you manage your own backups from a secondary location or use a cloud-based vendor, test backups to make sure they are encrypted. If you use a third party, ask for regular reports on the vendor’s testing procedures.
7. Keep track of systems. Inventory all devices and software that either store or access client data.
8. Have a written firm-wide information security policy. Define where and how information is stored, which employees are allowed to retrieve data, and protocols designated for regularly testing security. Assign the role of Information Security Officer to someone in the office to oversee and manage these efforts.
9. Conduct regular security assessments. Cybersecurity audits can help identify potential threats and pinpoint internal vulnerabilities.
10. Be careful outside the office. Be wary of public Wi-Fi networks, and take advantage of the security features on your smartphone or tablet. Then go to the specialists at your local electronics store to find out what other types of protection you can install.
11. Field potential complaints. Clients may be frustrated by these added security measures, so be ready to explain why they are in place.