On Monday morning, a very comprehensive breakfast workshop at the 2022 NAPA 401(k) Summit in Tampa, Fla., explored current cybersecurity trends/threats, the SEC’s proposal of the first Cyber rule for advisors, and how advisors can protect themselves from cyberattacks.
Titled Make Cybersecurity Your Superpower: Three Topics You Should Know About, presenter Trish McGinity, Head of Cybersecurity Communications with Empower, provided an exhaustive list in a pre-session interview of topics to be covered in the 60-minute session. They included vulnerability management, how to track risks and incidents and preparing for proposed compliance rules.
Lastly, she instructed attendees on “how to keep a watchful eye” and what to do to stay ahead of the threats while improving security.
Cybersecurity trends
Immediately presenting attention-getting statistics, she said 50% of ransomware attacks now include “data exfiltration.” Data exfiltration means things like usernames, passwords, and personal finance information potentially stolen by hackers for resale on the dark web.
“There have been over 50 billion records stolen in the last two years,” McGinity added. “That’s the usernames and passwords that will get you other types of information.”
She noted that the No.1 crime cybercrime reported by the FBI is business and personal email compromises.
“That’s the number one crime type,” she explained. “And then the No.1 crime vector is through phishing, vishing, and smishing. The first is email phishing, the second is voice fishing, and the third is SMS or text message phishing.”
Patch, patch, patch
McGinitythen provided proactive, preventative measures for plan sponsors and participants.
“For companies or plan sponsors, I would say patch your systems,” she emphasized with a Beetlejuice-like touch. “Patch, patch, patch. You can say it three times; patch, patch, patch your system, and then educate your users with training and awareness.”
The first step for participants—which both Empower and the Department of Labor (DOL) have as their No. 1—is to register and routinely monitor their accounts. The second step is to use strong and unique passwords.
SPARKing change
McGinity highlighted the SPARK Institute’s “instrumental” role in helping the DOL develop and release recent cybersecurity best practices. She said SPARK members, including the nation’s banks, mutual fund companies, insurance brokers, and competing record keepers, meet every three weeks to compare current security and fraud trends.
“We think that if one of us has a breach or suffers from an event, it will negatively impact all of us,” she concluded. “We feel we’re all in this together.”
With more than 20 years serving financial markets, John Sullivan is the former editor-in-chief of Investment Advisor magazine and retirement editor of ThinkAdvisor.com. Sullivan is also the former editor of Boomer Market Advisor and Bank Advisor magazines, and has a background in the insurance and investment industries in addition to his journalism roots.
