Mon, May 23, 2016
When it comes to protecting the data they hold, many businesses mistakenly believe they don’t have anything a hacker would want. However, there are sophisticated hackers for whom credit card numbers or similarly exploitable information holds no interest. These data thieves go mining for proverbial gold in attorneys’ notes, accountant spreadsheets, and unreleased quarterly or annual reports, looking for any information they can manipulate to their advantage in the stock market. They are taking “insider trading” to a new level.
Trading on information stolen from professional advisors is more insidious than credit card or wire transfer fraud, where victims are alerted fairly quickly that a hacker has compromised their data or networks. Day-to-day activity in the stock market always has a certain amount of volatility. Likewise, one individual’s purchase or sell-off might not trigger any immediate alarms. Taken in the aggregate, however, the financial impact can be enormous, in the hundreds of millions of dollars.
Professional advisors may not lose money directly in these schemes, but the ultimate costs can be devastating. Successful lawyers, accountants, and financial advisors all work hard to build excellent reputations and trusted relationships with clients. If clients are able to trace fraudulent trading back to information that was easily hacked from a specific advisor because of insufficient data protection, those relationships can be irretrievably damaged and reputations destroyed.
Any person or firm that is trusted to be a steward of sensitive information must follow the example of those in highly regulated industries and take multiple precautions to protect the data they hold. Four recommendations are especially effective for improving data protection:
The unscrupulous are always looking for insider information they can use to their advantage for stock trades. Unfortunately, fraudsters are easily finding what they need in the networks of professional advisors. In order to protect their clients’ interests, as well as their own reputations and financial well-being, professional services firms should know they do indeed have data worth stealing, and take steps to protect it today.
Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.
The Kroll Investigations, Diligence and Compliance team are experts in forensic investigations and intelligence, delivering actionable data and insights that help clients worldwide make critical decisions and mitigate risk.