There have been a number of online data breaches in recent years, rightfully sending a chill down the spine of anyone who has ever used their credit card for an online purchase. Notable examples from this year alone include Equifax, Uber, and Deloitte. Thinking about the implications and consequence of these breaches is terrifying enough, but the reality is that hackers are growing more sophisticated.
Receive our weekly updates that focus on educational content and practice management ideas for investment managers.
Financial firms are certainly not immune to this issue. You may recall that JP Morgan suffered from a hack in 2014 that left the information of 76 million households and 7 million small businesses exposed. According to the NY Times, “the hackers gained access to the names, addresses, phone numbers and emails of JP Morgan account holders.” JP Morgan responded very aggressively to develop enhanced security measures, but CEO Jamie Dimon acknowledged that the battle is “continual and likely never-ending.”
JP Morgan obviously has a mighty balance sheet to attack this problem with full force, but many other banks or investment managers are not in the same position. If you are a small or mid-sized RIA, for example, a data breach can wipe out your firm overnight.
The potential threat is real. The potential consequences are grave. Act accordingly.
Here are four things that an investment manager should do to improve the security of their website:
- SSL Certificate: this authenticates a website and encrypts the communication between the website and host (GoDaddy, for example). If your website has a login or client portal, you should similarly utilize a client certificate to ward off bad actors that illicitly obtain client login data. An ancillary benefit is that this also helps with SEO because search engines value the authentication of the website.
- Malware Software: this keeps the site free of some of the more commonplace viruses and removes and/or quarantines any malicious threats. Most of the time, this type of software hums in the background and will run daily without the need for much oversight.
- Firewall Protection: this analyzes the sources and behavior of your traffic to decipher good traffic (prospects and clients) and bad (hackers and spam bots). It will ultimately seek to prevent bad actors from even visiting your site.
- Backup Protection: this is necessary in the event that your website is hacked and the content is changed. For example, we are familiar with an RIA whose site was recently infected with Viagra ads. In this scenario, backup protection permits the website to be reverted back to a time before the hack occurred. Sure, you might have to republish some content -- recent blogs, for example -- but that would be minor concern in this scenario.
With hackers growing more sophisticated, security should be meticulously accounted for in your business plan. This list is a good start, but we expect this issue to grow more complex in the future.