FINRA Fines Financial Firm for Advisor Data Breach
Are you prepared for a data breach? Data breaches and cybersecurity have become a major concern over the last few years as hackers have penetrated the IT infrastructure of small to medium businesses with increased frequency and sophistication. You might want to consider utilizing the NAIFA Cyber Security Program designed to help you make the process simple and affordable.
FINRA Fines Financial Firm for Advisor Data Breach By James Harrison
Like other federal agencies exercising regulatory power in the data privacy and security arena, the Financial Industry Regulatory Authority (FINRA) is cracking down on firms that fail to meet required data security practices.
Recently, FINRA imposed a significant fine upon a firm after a financial advisor with the firm lost a laptop containing confidential customer information, even though the lost data had not yet resulted in any known identity theft or customer financial loss. FINRA reached a settlement with the financial-services firm located in Alabama.
The firm agreed to certain sanctions, including public censure and a $225,000 fine. FINRA’s enforcement action stemmed from the firm’s loss of a laptop computer that contained unencrypted customer confidential financial and personal information. FINRA concluded the firm’s "written supervisory procedures were not reasonably designed to protect confidential customer and proprietary information." (See Financial Industry Regulatory Authority Letter of Acceptance, Waiver and Consent No. 2014041619501.)
Although the firm had previously established policies relating to data management, access controls, confidentiality and integrity, infrastructure, acceptable use, threat and vulnerability management and education and awareness, it failed to follow through on a key data-protection protocol: encryption of its laptop computers that contain confidential customer data.
Are you prepared for a data breach? Data breaches and cybersecurity have become a major concern over the last few years as hackers have penetrated the IT infrastructure of small to medium businesses with increased frequency and sophistication. The growth of mobile and IT devices and lack of data security and training have increased exposure of protected data, as well. Advisors need to prepare by complying with data- protection laws and regulations for putting proper IT security in place and mitigating the risk of a breach through cyber security insurance. If you and your staff haven’t made this your number-one priority during the past 12 months, then you have fallen behind.
Consider the following:
- Cost of a data breach — up to $215 per record.
- The financial-services industry is second to healthcare in reported cyber insurance claims.
- Nearly 60 percent of small to mid-sized businesses go out of business after a data breach.
- Assess compliance with state laws and federal regulations.
- Put together an information security plan with training.
- Implement and test proper IT security.
- Maintain in place a comprehensive cyber insurance policy.
The NAIFA Cyber Security Program
You might want to consider utilizing the NAIFA Cyber Security Program designed to help you make the process simple and affordable. Options available through the program include:
- Comprehensive data security compliance program with training
- IT security software and penetration tests
- Cyber security insurance coverage for insurance and financial advisors
- Access to 24×7 data breach hotline
- Premiums start as low as $200 a year
- A 4-question online application — immediate coverage available (pay with credit card or electronic check)
(Sources: Poneman Institute Cyber Research Report; National Cyber Security Alliance and Symantec; BreachLevelIndex.com; FINRA Financial Industry Regulatory Authority.)
James Harrison is the founder and CEO of INVISUS, a leading cyber-security and identity-theft protection risk management company. He is the creator of the InfoSafe data breach compliance program and other cyber-security and identity theft protection programs. For more information, visit http://www.naifa.org/practice-resources/prp/naifa-cyber-security-insurance-program
This article appeared in Advisor Today.
Topics: Practice Management