MADISON (6/9/14)--Advanced technology can improve online security but it can't overcome carelessness on the part of financial professionals, and Wall Street brokerage firms are nervous about the potential consequences.
Practices such as taping sensitive passwords to computer monitors and storing them in binders labeled "passwords" compromise the technological advances made in recent years, according to officials from the Financial Industry Regulatory Authority (FINRA), Wall Street's industry-funded watchdog (
Some firms give login information to temporary workers then neglect to cancel their access when the workers move on. Examiners traded anecdotes about how careless brokerage employees were at a recent FINRA conference.
The problems are being highlighted as major online security breaches in other industries are giving Wall Street reason to think twice about online security standards.
Security breaches could trigger privacy law violations and trouble with financial regulators, which have noted a spate of breaches in other sectors and companies, including eBay Inc., Target Corp, Neiman Marcus Group LLC and other retailers.
FINRA and the U.S. Securities and Exchange Commission are looking into measures that brokerages and asset managers have put in place to safeguard against cyber attacks. On June 3, the top Massachusetts securities regulator announced cyberaudits of state-registered financial advisers.
The increased focus on cybersecurity is causing some firms, especially smaller ones, to step up prevention measures, said Joseph Rivela, chief strategist for Breach Intelligence LLC, a Farmington, Conn., information security firm. Many smaller firms lag their large counterparts in terms of security policies and procedures, Rivela said.
But even employees at large firms are vulnerable. For example, scam artists sometimes pose as customers and make wire transfer requests. FINRA has disciplined sales assistants who transferred funds without first verifying those requests with the actual customers.
Scam artists also send "phishing" emails that appear to be from customers and ask for personal data. Another scenario involves fake wireless hot spots that scam artists set up in public spaces to invade firms' systems.
Educating employees about scams is a critical first step, said Rocco Grillo, who heads a global information security unit at Protiviti, a division of California-based Robert Half.