Hacked: What to do when facing a data breach

October 19, 2016 3:31 PM

Cybercriminals stealing clients’ personal information would be a nightmare for all planners.

In the event of a hack, advisers need to know what to do right away — in the first five minutes, the first hour, the first day. We talked to planners and industry experts about the steps planners should take if they discover they've been compromised, as well as best practices for preventing future breaches from occurring.

Bill Kowalski

Director of Operations
Rehmann Corporate Investigation Group
Troy, Michigan

Hire a forensics firm
"The first thing you do is close the barn door," Kowalski says. A digital forensics firm can help you stop information from being stolen.

If that firm determines that a hacker may have clients' personal information, he says, "you need to contact an attorney who specializes in data breach management. Those clients need to know, and state laws about notifying individuals of the breach of their information vary."

However, situations where a client's email gets hacked are more common than full-scale breaches of financial firm data, says Kowalski.

Roger Pine

Financial Adviser, Partner
Briaud Financial Advisors
College Station, Texas

Isolate infected machines immediately
What you do in the first five minutes matters, Pine says.

“In case it’s ransomware — malware that encrypts your data, holding it for ransom until payment is given — work with your network administrator to isolate infected machines," says Pine. It might be possible to quarantine the affected computer(s) before the malware spreads. If your backups are good, you might even be able to wipe the infected computers and restore the data to the backed-up version."

Next, determine the extent of the damage and whether the breach is ongoing, Pine says. Decisions at this stage should be escalated to the highest levels of the company. Involve law enforcement if necessary.

In the hack’s aftermath, research what went wrong.

“You need full transparency,” Pine says. “Was client information compromised? Review all available short-term security measures. If you have to unplug from the internet entirely while you sort out the problem, so be it. Clients and regulators might forgive the first breach, but they rightfully would find a second breach unacceptable.”

Create an internal team to focus on electronic firm security immediately after the hack, Pine says. “The team should report directly to company management.”

In the cleanup stage, notify custodians about any affected clients. “Often there are extra security procedures available for clients who have been victims of fraud,” Pine says.

Notify clients of the incident and explain the steps you’ve taken to resolve it,” Pine says. If necessary, you should also offer to assist clients with ongoing credit monitoring.

Last but not least, Pine says, make sure this doesn’t happen again.

Work with an expert to design a more robust security setup. For on-site hardware, review firewalls and backup regimes. “If your backups are good enough, you could wipe all computers and start over.”

For cloud-based solutions hosted on vendor hardware, Pine says, ask if two-factor authentication is available.

Richard Durso

Director of Financial Planning
RTD Financial Advisors
Philadelphia

What to tell clients
Advisers need to find out what was hacked, Durso says, and alert clients accordingly. Planners should tell affected clients to change their passwords and PIN numbers for online banking and investment accounts. They should also “notify credit bureaus and credit card companies; ask them to add alerts. Consider credit monitoring services as an added precaution.”

To eliminate the possibility of tax-return refund theft and employment fraud, clients should notify the Social Security Administration.

Next, tell your chief compliance officer and compliance team what happened. “Depending on the case, our chief compliance officer may inform everyone at the firm,” Durso says.

Alert the custodian that holds client money. The custodian should add extra levels of security and follow their own protocols for a data breach,” Durso says.

“We would also add alerts to our client relationship management software,” Durso says.

Craig Morsehead

Vice President
National Compliance Services
Delray Beach, Florida

Document and discuss
Every planning firm should have an incident response plan, Morsehead says. “At a minimum, the plan will first call for an investigation to identify the information that was disclosed and the source of the data breach.”

Planners should discuss the breach with their attorney, alert regulatory authorities such as the SEC, the FINRA Contact System and law enforcement. Consultants can help contain a breach and prevent any future hacking attempts, Morsehead says.

Document the data breach, “including the actions taken in response,” Morsehead says. A record of the event can inform future security upgrades and help you deal with any future hacks, if you’re unlucky enough to have one.

John M. West III

Chief Operating Officer, Chief Compliance Officer
Spraker Wealth Management
Maitland, Florida

Alert custodians
Spraker Wealth Management has disaster recovery protocols already in place, West says, and shares responsibility with its custodian — an arrangement in place for most planning firms. “We’d obviously alert the custodians involved and make sure there was appropriate monitoring in place,” he says.

Dena Minning

Principal
Personal Asset Management
Treasure Island, Florida

Freeze credit
If a hacker has client information, a credit freeze is an important protection, Minning says. “I suggest clients put a hold on their credit file so hacks are less able to steal their identity, since that can be very costly and take years to correct.”