There is sig­nif­i­cant trust among ad­vi­sors that their firms are do­ing ev­ery­thing pos­si­ble to keep im­por­tant data se­cure

Investment Executive - - FRONT PAGE - BY FIONA COL­LIE

Ad­vi­sors greatly trust their firms’ ef­forts.

the fi­nan­cial ser­vices sec­tor is not im­mune to cy­ber­se­cu­rity breaches, but the fi­nan­cial ad­vi­sors sur­veyed for In­vest­ment Ex­ec­u­tive’s 2018 Re­port Card series are con­fi­dent their firms are tak­ing the right steps to keep ad­vi­sors’ data — and those of their clients — se­cure.

“They do a good j ob and make sure we meet cer­tain re­quire­ments to keep our data safe,” says an ad­vi­sor in Bri­tish Columbia with Oakville, Ont.-based Man­ulife Se­cu­ri­ties.

To get a sense of how well the sec­tor is do­ing in keep­ing a han­dle on cy­berthreats, a sup­ple­men­tary ques­tion added to this year’s sur­veys asked ad­vi­sors across all four distri­bu­tion chan­nels — bro­ker­ages, mu­tual fund deal­ers, banks and in­sur­ance agen­cies — whether their firm’s cy­ber­se­cu­rity ef­forts were ad­e­quate to en­sure their data and those of their clients are pro­tected.

In re­sponse, 97.8% of ad­vi­sors who an­swered the ques­tion said “yes.” These ad­vi­sors are con­fi­dent about their firms’ cy­ber­se­cu­rity ef­forts for the fol­low­ing rea­sons: fi­nan­cial in­vest­ments in cy­ber­se­cu­rity; strong in­for­ma­tion tech­nol­ogy (IT) teams; and the im­ple­men­ta­tion of pass­word­pro­tected de­vices and en­crypted emails.

“Just get­ting into our com­put­ers is a song and dance in the morn­ing,” says an ad­vi­sor in On­tario with Mis­sis­sauga, Ont.based Ed­ward Jones.

“All our emails are en­crypted in­ter­nally,” says an ad­vi­sor in Al­berta with Toron­to­based As­sante Wealth Man­age­ment (Canada) Ltd. “If I don’t want to send some­thing to some­body through email, I can post it on the web [se­curely] and give the [re­cip­i­ent] a pass­word.”

In some cases, though, ad­vi­sors’ con­fi­dence in their firm’s cy­ber­se­cu­rity ef­forts stem from blind faith that the firm is do­ing a good job in this area sim­ply be­cause ad­vi­sors haven’t heard of any­thing bad hap­pen­ing.

“We have a ded­i­cated team [fo­cused on avoid­ing breaches],” says an ad­vi­sor in Bri­tish Columbia with Van­cou­ver-based Canac­cord Ge­nu­ity Wealth Man­age­ment (Canada). “Other than that, I don’t know. We’ve never been hacked.”

“I trust our IT team is do­ing a good job,” says an ad­vi­sor on the Prairies with Toronto-based Richard­son GMP Ltd. “It’s kind of like trust­ing your doc­tor with your health. I’d like to think they’re do­ing a good job. We haven’t got­ten any com­plaints yet.”

Ali Ghor­bani, direc­tor of the Cana­dian In­sti­tute for Cy­ber­se­cu­rity (CIC) — a cen­tre for cy­bertech­nol­ogy re­search at the Univer­sity of New Brunswick in Fred­er­ic­ton — says Cana­dian fi­nan­cial ser­vices in­sti­tu­tions are well aware of the enor­mity of cy­ber­se­cu­rity and have made sig­nif­i­cant in­vest­ments in it. How­ever, he cau­tions ad­vi­sors against be­ing com­pla­cent about their firm’s cy­ber­se­cu­rity ef­forts.

“[Cy­ber­se­cu­rity is] ba­si­cally risk man­age­ment; noth­ing is fool­proof,” says Ghor­bani, who also holds the po­si­tion of Canada Re­search Chair in Cy­ber­se­cu­rity.

In­deed, two of Canada’s banks — Toronto-based Bank of Mon­treal and Sim­plii Fi­nan­cial, a di­vi­sion of Toron­to­based Cana­dian Im­pe­rial Bank of Com­merce — made head­lines this year for ex­pe­ri­enc­ing cy­ber­se­cu­rity breaches.

One of the ways fi­nan­cial ser­vices firms are try­ing to avoid breaches is through in­vest­ments in re­search and part­ner­ships. Toronto-based Toronto-Do­min­ion Bank (TD), for ex­am­ple, joined the CIC in April 2018 and opened a cy­ber­se­cu­rity of­fice in Tel Aviv in 2017.

“I be­lieve we are as strong in [cy­ber­se­cu­rity] as any other bank,” says an ad­vi­sor in On­tario with Toronto-based TD Wealth Fi­nan­cial Plan­ning, a di­vi­sion of TD. “We re­cently pur­chased a firm in Is­rael. We take it se­ri­ously.”

Is­rael is well known for its cy­ber­se­cu­rity prow­ess and has drawn much at­ten­tion from Cana­dian fi­nan­cial ser­vices in­sti­tu­tions, par­tic­u­larly the banks. For ex­am­ple, Toronto-based Bank of Nova Sco­tia be­gan work­ing with an Is­raeli fintech ven­ture fund and cy­ber­se­cu­rity think­tank in De­cem­ber 2017. As well, Toronto-based Royal Bank of Canada (RBC) re­cently in­vested $2 mil­lion in the Ben-Gu­rion Univer­sity’s Cy­ber Se­cu­rity Re­search Cen­ter.

“We’re try­ing to fo­cus some of those strate­gic aca­demic part­ner­ships to help us drive our se­cu­rity agenda and strat­egy,” says Adam Evans, vice pres­i­dent, cy­ber­op­er­a­tions, and chief in­for­ma­tion se­cu­rity of­fi­cer with RBC, “and help us ma­ture our ca­pa­bil­i­ties for what we be­lieve the chal­lenges are com­ing down the road at us over [the next] three years or even five years.”

RBC also trains its em­ploy­ees so they are aware of the po­ten­tial dan­gers to their dig­i­tal in­for­ma­tion. For ex­am­ple, Evans speaks with em­ploy­ees about com­mon tac­tics or breaches that have gained me­dia at­ten­tion. The bank also holds train­ing ses­sions about new tools and tech­niques, such as com­pro­mised emails used by would-be hack­ers to ac­cess the bank’s sys­tems.

“[The firm] is very proac­tive with the phish­ing emails,” says an ad­vi­sor i n On­tario with Mis­sis­sauga, Ont.-based RBC Life In­sur­ance Co. “They test us all time.”

Ed­u­ca­tion is one of the most im­por­tant as­pects of hav­ing a solid cy­ber­se­cu­rity strat­egy and is some­thing that needs to be em­braced by an en­tire firm, ac­cord­ing to the In­vest­ment In­dus­try Reg­u­la­tory Or­ga­ni­za­tion of Canada (IIROC) .

“It’s not just an IT is­sue,” says Louis Pier­geti, vice pres­i­dent, fi­nan­cial and op­er­a­tions com­pli­ance, with IIROC. “It’s a shared re­spon­si­bil­ity of em­ploy­ees who work within the firm.”

To that end, IIROC re­cently held table­top ex­er­cises with se­nior staff at small and mid-size firms to help them strengthen their cy­ber­se­cu­rity ef­forts and to en­sure they have proper frame­works in place.

“Cy­ber­se­cu­rity is not just an IT is­sue. It’s a shared re­spon­si­bil­ity of em­ploy­ees who work within the firm”

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.