Every four years, Heron Financial Group completely tears down and rebuilds its technology platform.
One big focus: A review of how every vendor handles clients’ private data, says David Edwards, head of the New York-based advisory firm.
Not all contracts are renewed.
“We’ve told vendors, 'We can’t work with you anymore because we’re not confident our data is secure,'” Edwards says. “They don’t like it, but there it is. We’re fiduciaries. That means protecting your client against every threat.”
From all sides, independent advisers are told that, to stay current, they must integrate the latest technology tools into their practice. They hear regular warnings, too, about cybertheft schemes and protecting their businesses against malicious electronic attacks.
Few advisers, however, are cautioned about the risk they face when plugging in those same tools. An exposure of client data can trigger tough regulatory action and costly lawsuits, not to mention reputational harm, even if the firm wasn’t the source of the error.
It’s not just hackers or a rogue employee RIAs have to be vigilant about. In its annual report on data breaches, Verizon deemed unintentional breaches so common that it created a category for them: miscellaneous errors. Verizon counted over 11,300 incidents last year, with almost 200 confirmed breaches. In a majority of cases, a client discovers personal data has been made public before the firm does. The financial sector suffered over 1,300 data breach incidents last year, Verizon says.