<img height="1" width="1" src="https://www.facebook.com/tr?id=1902375720037756&amp;ev=PageView &amp;noscript=1">

How to Start a Cybersecurity Program (Or Convince Your Boss to)

no guard dog-975198-edited.pngOf the 22 SOLUTIONS workshops Charles Schwab conducted in 2016, 90% of RIA business owners surveyed cited cybersecurity as their #1 concern.

Michelle Thetford, moderator of a cybersecurity panel at Schwab IMPACT®, shared two main reasons for why cybersecurity is of increasing concern. First, cybersecurity incidents are becoming more frequent. Second, stolen client data has a direct impact on both the financial risk and reputation of affected RIAs.

Here’s what you should do to lessen the likelihood of a security breach and what you can do to limit the damages if one does happen.

Educate employees on cybersecurity

Employees may pose the greatest security risk of all. Though not with malicious intent, an employee may unwittingly respond to a fraudulent request — like a phishing email — or otherwise compromise security.

In a 2016 Forbes interview with Michael Madon, a recognized leader in the field of cybersecurity, Madon stated: “Too many companies are looking for a technical solution to what is essentially a human problem… Most security professionals agree that awareness training is the best way to tackle the [cybersecurity] problem.”

Don’t assume a cybersecurity policy covers your loss

Several compliance officers at the 2016 Schwab IMPACT® conference took a hard look at cybersecurity insurance policies. They found many policies don’t cover a cybersecurity incident if the reason for the breach is because the firm didn’t follow their policy or procedure.

When you’re reviewing cybersecurity policies, look closely at when coverage is excluded, because there is nothing worse than thinking you’re covered when you’re not. In addition to the increasing risk of a data compromise, pointing out holes in cybersecurity coverage can also help convince firm owners of the need to put a cybersecurity program in place.

Build a cybersecurity program

Here are some steps and resources to get underway. 

  1. Assess risk. When the moderator of a Schwab IMPACT® panel asked authors of cybersecurity programs at two large RIAs what they would do differently, they both said: start a lot sooner, especially with employee training.
  1. Protect against threats. Leverage your IT provider to ensure only appropriate people have rights to certain data, help you determine how you’ll prevent data from being compromised and how you’ll approach employee training and vendor management.
  2. Detect potential problems. Test and troubleshoot. For example, some firms intentionally send out a fake email to their employees to see which of them click on a link. For those who do, the link sends them to a web page with a warning message: “This was just a sample trial to see what you would do. You should not have clicked on this link as it could have resulted in a malicious outcome for the firm.”
  3. Create a response process. Define how your firm will respond when a cybersecurity incident occurs to include what types of incidents require a client notification, how you will notify clients, and what that communication will be (what information will you provide, will you offer credit monitoring service, who should they contact if they have more questions).

Key takeaways

  • Because employees are one of the biggest risk factors for compromised data, make employee training your first step. Many IT firms and service providers now offer cybersecurity education for hire. In an upcoming post, we’ll share tips on how to make cybersecurity everyone’s favorite lunch and learn.
  • Before purchasing a cybersecurity policy, ask to see a sample policy so you can review what would not be covered when you report an incident.
  • Check out the SEC for cybersecurity guidance updates or the Schwab resource center on cybersecurity for more information.

New Call-to-action

Subscribe to our blog


Subscribe to The Efficiency Beat


Jo Day

Jo Day

Jo loves learning about interesting problems and how people are solving them. Jo is well known for connecting people and ideas and is a great catalyst (moo!) to change. Where some people see the world through rose colored glasses, Jo sees the world through processes. When Jo isn't hanging out with her family, Jo's favorite hobbies are being anywhere outdoors and coming up with new business ideas – just for fun!