Creating a Cybersecurity Plan for Your Financial Planning Firm
Share this
It is clearly a challenge in the modern era of business to make serious technology decisions. We now see a pace of change that disrupts technology planning on nearly a quarterly basis, less accommodating than the year over year hardware and software updates and releases we have grown accustomed to.
Paired with this breakneck speed of technology is the comprehensive move to the use of Internet-connected applications -- both in the web browser and on smartphones and tablets.
This shift to the web began over a decade ago. And since the emergence of the iPhone in 2007 and iPad in 2010, the acceleration of our business tools becoming a part of the “Internet of Things” has been stunning.
This combination creates complexity for financial planning firm owners and puts pressure on all advisors tasked with protecting data and information for an RIA to make smart technology decisions. You must balance efficiency, risk and profitability.
But cybersecurity is not a new topic. In fact, it has been a part of our conversation on risk since the first systems connected to the Internet. It is just exacerbated now in our digital, always-connected way of doing business.
What to Consider in Your Approach to Cybersecurity
Data security is as much about behavior as it is software and hardware. Train your team in good security practices.
Talk through how you each work, both in office and when mobile. Think through these scenarios when you develop your security practices and policies for employees to read and affirm.
Staying Safe When Connected to the Internet
It is quite rare when anyone works offline. Be certain that all laptops are using personal VPNs for using WiFi on public networks, password managers to ensure strong passwords and reinforcing the need to always be protective of handling and protecting customer information and other vital data. Two-factor (multi-factor) authentication should be used on all accounts where it is available.
All computers, and especially laptops, should be disk encrypted. This is now available at no additional cost on Mac OS X and Windows computers (you can use File Vault and Bit Locker, respectively). In addition, setting a timeout on those computers to re-encrypt when they go into sleep mode (best practice is 1 minute of inactivity).
For manual locking, remind users to lock their computers when walking away from them in any setting (especially in public places – it can be done with a keyboard stroke on both Macs and PCs).
Ensure that antivirus software is set to update and run automatically. Always set computers to auto-update for operating system patches.
Provide firewall security for all Internet connections. These are best used both at the connection level (a router bringing the Internet into your office) and also the individual firewall software included on computers. This includes home and other remote offices.
Your policies should require these to be confirmed and tested at least quarterly.
Dealing with Mobile Security Concerns
Have a strategy and plan for managing mobile devices. Confidential data can leak onto smartphones and tablets. They should be protected with a password or pin to unlock, and set to erase automatically if an incorrect password or pin is entered more than 5 times.
Additionally, a security app should be on each device that protects against malware and viruses. Personal VPNs should be used on these devices as well to secure all WiFi connections. The password managers selected for your computer browser(s) will also extend to your smartphones and tablets.
Finally, where possible, the backup and/or sync process for backing up these devices should be password protected and/or encrypted.
Backups Are an Essential Part of Sound Cybersecurity
Backing up business data is essential. We subscribe to the 3-2-1 backup approach. This means always having three copies of your critical business data, from email to working documents and other data from systems and applications.
Restoring from backup should be tested at a minimum annually. Ideally, you can use this approach:
- The original copy of data are your working files, actively on your computer and/or mobile devices.
- The second copy is your daily backup, which can be local or cloud-based. If local, the data storage should be rotated to be stored in fire and water proof storage.
- The third copy is what we call the disaster recovery backup. It should be backed up on a completely different system and stored in a geographically disparate area. In essence, one should be able to acquire all new equipment and devices and restore all business operations from this third backup regardless of location.
Insurance Doesn’t Solve the Whole Problem -- But Does Matter
You will need to maintain insurance to address cyber security incidents and/or network and data breaches are becoming more commonplace as a foundation to any security strategy. Explore the capabilities for carrying insurance that can assist with notifications, litigation and credit insurance from your existing general and professional liability carrier(s).
This insurance goes along with the steps we have outlined, not as an alternative or replacement.
Today’s technology grows and changes at exponential rates. As you incorporate more technology into the running of your firm, it’s important that you stay educated on best practices for cybersecurity. Keep asking questions, doing your research, and maintaining your awareness of the importance of protecting your -- and your clients’
About the Author
Recognized as an industry leader in financial services marketing, compliance and technology, Blane Warrene has worked in progressive roles for broker dealers, investment advisors and asset managers. He co-founded Arkovi Social Media Archiving in 2009 with Carl Cline and TysonLowery, and sold it to RegEd in October 2012 RegEd. He also co-founded QuonWarrene with Neal Quon, where he serves as a board member today.
Blane additionally serves on the board of the Dennison Railroad Depot Museum, a national historic landmark in Ohio. You can connect with him on LinkedIn, or on Twitter.
Share this
- Advisor Posts (423)
- Fee-only advisor (369)
- Advice (305)
- Blog (300)
- Independent Financial Advisor (194)
- Fee-for-service Financial Planning (133)
- Business Development (125)
- Running a Firm (109)
- Marketing (94)
- What Would Arlene Say (WWAS) (81)
- Firm Ownership (77)
- Practice Management (77)
- Training (76)
- Executive Coaching (70)
- Business (69)
- Business Coach (68)
- Building a Firm (64)
- Compliance (64)
- Financial Planning Firm (63)
- Growing Your Firm (61)
- Financial Advisors (59)
- XYPN LIVE (54)
- RIA Marketing (50)
- RIA Compliance (48)
- From XYPN Members (47)
- Starting a Firm (47)
- Technology (45)
- Fee-only Financial Planning (40)
- Advisors (38)
- Entrepreneurship (38)
- Marketing Your Firm (38)
- Prospecting (36)
- Conference (35)
- XY Tax Solutions (XYTS) (34)
- Investment Management (32)
- Tax Planning (32)
- Interviews and Case Studies (31)
- Marketing Strategy (30)
- Growing Business (29)
- Launching a firm (29)
- XYPN Invest (28)
- Tax Preparation (26)
- Business Owner (25)
- Business Strategy (25)
- Managing a Firm (24)
- Team Building (23)
- Marketing Funnel (22)
- Diversity (21)
- Annual Conference (20)
- Getting Clients (20)
- Sales (20)
- Small Business Owner (20)
- Social Media (20)
- Financial Planning Conference (19)
- Chief Compliance Officer (COO) (18)
- From XYPN Invest (18)
- Marketing Resources (18)
- Business Model (17)
- Client Relationships (17)
- Content Marketing (17)
- Financial Planners (17)
- Hiring (16)
- Independent Financial Planner (16)
- Niche Marketing (16)
- Setting Goals (16)
- Tax Savings (16)
- Website Development (16)
- XYPN News (16)
- Business Vision (15)
- Sales Process (15)
- XYPN (15)
- Business Growth (14)
- Email Marketing (14)
- Financial Advice (14)
- Networking (14)
- Media (13)
- Press Mentions (13)
- RIA (13)
- Tax (13)
- Advertising (12)
- Goals (12)
- Assets Under Management (AUM) (11)
- First Year (11)
- Investing (11)
- Next Generation Financial Planning (11)
- Niche (11)
- RIA Owner (11)
- Sales Pipeline (11)
- Current Events (10)
- Filing Taxes (10)
- Financial Coaching (10)
- Fintech (10)
- Taxes (10)
- XYPN Membership (10)
- Year-End Tax Planning (10)
- Advisor Success (9)
- Client Management (9)
- Inbound Marketing (9)
- RIA Registration (9)
- SEC (9)
- Communication (8)
- How to be a Financial Advisor (8)
- Lessons (8)
- Study Group (8)
- Time Management (8)
- Branding (7)
- Digital Content (7)
- Financial Planning (7)
- Financial Planning Fees (7)
- Financial Planning Process (7)
- Growth (7)
- Mental Health (7)
- Pricing Models (7)
- Virtual Advisor (7)
- Business Plan (6)
- From Our Advisors (6)
- Mentorship (6)
- Motivation (6)
- Risk and Investing (6)
- Tax Season (6)
- Abundance Mentality (5)
- Advisor Website (5)
- Automation (5)
- Behavioral Finance (5)
- Client Experience (5)
- Client Service Model (5)
- Clients (5)
- Connection (5)
- Filing Status (5)
- Inclusion (5)
- Investment Planner (5)
- Marketing Plan (5)
- Michael Kitces (5)
- Money Management (5)
- Outsourced Tax Services (5)
- Processes (5)
- Racism (5)
- Real Financial Planning (5)
- Retirement (5)
- S Corpration (5)
- Support System (5)
- TAMP (5)
- Tax Return (5)
- Transitioning Advisor (5)
- Wealth (5)
- AdvisorTech Expo (4)
- Bear Market (4)
- Broker-Dealers (4)
- CFP Certification (4)
- College Planning (4)
- Continuing Education (4)
- Independent RIA (4)
- Lead nurturing (4)
- Market Volatility (4)
- Marketing Coaching (4)
- Online Marketing (4)
- Outsourcing (4)
- Professional Development (4)
- Scaling Firms (4)
- Search Engine Optimization (SEO) (4)
- Selling a Firm (4)
- Small Business (4)
- Succession Plans (4)
- Tax Forms (4)
- Transitioning Clients (4)
- Virtual Meetings & Events (4)
- XYPN Radio (4)
- Year-End (4)
- Annual Review Process (3)
- Benchmarking Study (3)
- Budgeting (3)
- Client Avatars (3)
- Community (3)
- Company Culture (3)
- ESG Investing (3)
- Emotional Decisions (3)
- Engagement (3)
- Fiduciary (3)
- Financial Life Planning (3)
- Getting Leads (3)
- Google Analytics (3)
- How to be a Successful Entrepreneur (3)
- IRA (3)
- Industry Trends (3)
- Initial Sales Call (3)
- Life planning (3)
- Lifestyle practice (3)
- Market Downturn (3)
- Membership (3)
- Monthly Retainer Model (3)
- Paid Marketing (3)
- Partnership (3)
- Pricing (3)
- RIA Audit (3)
- Recordkeeping (3)
- Risk Assessment (3)
- Scaling Up (3)
- State Registration (3)
- Staying Relevant (3)
- Tax Extension (3)
- Tax Firm (3)
- Tech Stack (3)
- Unhappy Clients (3)
- Value Proposition (3)
- Wellness (3)
- Work Life Balance (3)
- Workplace Issues (3)
- Advice-Only Planning (2)
- Bookkeeping (2)
- Certified Public Accountant (CPA) (2)
- Changemaker (2)
- Charity (2)
- Coaching (2)
- Community Property (2)
- Conflict Management (2)
- Design (2)
- Differentiation (2)
- Employee Benefits (2)
- Entrepreneurial Operating System (EOS) (2)
- Exchange-Traded Funds (ETF) (2)
- FINRA (2)
- Feminism (2)
- FinTech Winner (2)
- Finding Your Why (2)
- George Kinder (2)
- Graphic design (2)
- Growing Income (2)
- Health Care (2)
- Ideal Clients (2)
- Inflation (2)
- Investment Adviser Representative (IAR) (2)
- Key performance indicator (KPI) (2)
- Keynote (2)
- Learning (2)
- Local Meet-ups (2)
- Mastermind Group (2)
- Members (2)
- Monthly Subscription Model (2)
- Negative Rates (2)
- Organization (2)
- Outsourced Asset Management (2)
- Outsourced Bookkeeping (2)
- Personality Types (2)
- Portfolio Management (2)
- Productivity (2)
- Psychology (2)
- QuickBooks Online (QBO) (2)
- Recommended Reading (2)
- Registered Representative (2)
- Registration (2)
- Restricted Stock Units (RSU) (2)
- SEC Regulation (2)
- Scott Snider (2)
- Solo Advisor (2)
- Start Ups (2)
- Stock Options (2)
- Target Market (2)
- Tax Refund (2)
- Team Communication (2)
- Value of Financial Planning (2)
- Video Production (2)
- Virtual Assistant (2)
- Virtual Paraplanner (2)
- Yields (2)
- Accounting (1)
- Advisory Board (1)
- Analogies (1)
- Anti-harassment (1)
- Arlene Moss (1)
- Assistant (1)
- Behavior Gap (1)
- Bonds (1)
- Books and Records (1)
- Broker Protocol (1)
- Broker Recruiting (1)
- Bull Market (1)
- Buying a Firm (1)
- Career Changers (1)
- Careers (1)
- Carl Richards (1)
- Carolyn Dalle-Molle (1)
- Cassandra Worthy (1)
- Charitable Donations (1)
- Charitable Giving (1)
- Childcare (1)
- Common Financial Mistakes (1)
- Compassion (1)
- Consulting (1)
- Consumerism (1)
- Continuity Plan (1)
- Creatives (1)
- Credit (1)
- Cryptocurrency (1)
- Custodians (1)
- Custody Rule (1)
- Dan Sullivan (1)
- Data (1)
- Definitions (1)
- Designations (1)
- Direct Indexing (1)
- Disasters (1)
- Dr. Sean Stephenson (1)
- Earn More (1)
- Education (1)
- Elizabeth Dunn (1)
- Enrolled Agent (EA) (1)
- Entity Election (1)
- Entrepreneur Myth (1)
- Equity (1)
- Event Planning (1)
- Events (1)
- Family (1)
- Fee-Based Financial Planning (1)
- Fidelity (1)
- Finance (1)
- Financial Freedom (1)
- Financial Goals (1)
- Financial Life Management (1)
- Financial Planning Platform (1)
- Financial Preparedness (1)
- Financial Wellness (1)
- Form 8606 (1)
- Form 8915-E (1)
- Form ADV (1)
- Gen X (1)
- Gen Y (1)
- Gen Z (1)
- Google Search Ads (1)
- Graduates (1)
- Grief (1)
- Guide (1)
- How I Did It series (1)
- How to Budget (1)
- Human Resources (HR) (1)
- Impact Investing (1)
- Impostor Syndrome (1)
- International financial planning (1)
- Interns (1)
- Introverts (1)
- Investor Policy Statement (IPS) (1)
- Job burnout (1)
- Job description (1)
- Job posting (1)
- LLC (1)
- Lead conversion (1)
- Lending (1)
- Liquidating your business (1)
- Loans (1)
- Merging Practices (1)
- Michael Gerber (1)
- Miguel Gomez (1)
- Millennials (1)
- Mission (1)
- Moira Somers (1)
- Moving Forward (1)
- New Planner Recruiting (1)
- NextGen (1)
- NextGen Clients (1)
- Online Courses (1)
- Orion (1)
- Part Time (1)
- Paying Yourself (1)
- Paystub (1)
- Perfectionism (1)
- Professionals (1)
- Project Management (1)
- Projecting Returns (1)
- Purpose (1)
- Quarterly Estimated Payments (1)
- ROI (1)
- Recession (1)
- Recruiting (1)
- Referrals (1)
- Regulators (1)
- Reinvention (1)
- Relationships (1)
- Remote (1)
- Required Minimum Distributions (RMD) (1)
- Retreats (1)
- Risk Management (1)
- Roth Conversations (1)
- Roth IRA (1)
- Sabbatical (1)
- Saying No (1)
- Scaling (1)
- Schedule Management (1)
- Schwab (1)
- Sean Stephenson (1)
- Sequence Risk (1)
- Slow Season (1)
- Small Business Bookkeeping (1)
- Socially Responsible Investing (SRI) (1)
- Spending (1)
- Stop Saying Should (1)
- Strategy (1)
- Supervisory Procedures (1)
- Supporting Clients (1)
- Systems (1)
- Target Audience (1)
- Teamwork (1)
- Terms (1)
- Tim Maurer (1)
- To-Do List (1)
- Total Return Approach (1)
- Traditional IRA (1)
- Transitions (1)
- Virtual (1)
- Vulnerability (1)
- WRAP Programs (1)
- Women (1)
- XY Learning Center (XYLC) (1)
Subscribe by email
You May Also Like
These Related Stories

Why Financial Planning Conferences Don't Attract Young Advisors - and How FinCon Can Save Them

Questions to Ask Before Integrating Investment Management into Your Planning Firm
