First appeared on Reuters
Financial advisers may be overlooking one potential threat
in the rush to develop new client relationships through social media: hackers.
Social media websites like Facebook and Twitter can help
financial advisers tap a rich source of potential business. But there are risks
associated -- beyond the fear of someone posting false information about you --
that can compromise an adviser's reputation and computer network. Some
so-called "friends" could actually be hackers working to take over
profile pages or infect users' computer systems with malware, say technology
professionals.
Hackers, for example, could post embarrassing comments using
the adviser's name. They could also try to harvest tidbits of information,
including names, birthdays and photographs, and use them to help create false
identities which could be used to open credit or other accounts. What's more,
an adviser's hacked account can automatically send messages that contain
malware directly through social networking sites. Or an adviser could
unknowingly infect his or her own business network by opening a malware-laced
link sent via message.
The trouble is, most people do not realize these things have
happened until after the fact. Advisers are no different.
"I don't think advisers have given much thought to
protecting themselves from hacking on social media sites," said Korrine
Kohm, vice president at Ascendant Compliance Management, a consultancy in
Salisbury, Connecticut.
Companies typically have filters and firewalls in place to
protect their internal computer networks. But those types of precautions
usually do not extend to applications, or apps, advisers may run on portable
devices, such as iPhones, to access social networking sites, according to Kohm.
Knowing the risks before jumping in can help advisers
protect themselves from security breaches and possible regulatory trouble,
compliance consultants said.
REGULATION AND RISK
The ramifications extend beyond annoying clients or an
expensive tech clean-up.
Advisers must archive posts and messages they send through
social networking for three years, according to recent regulatory guidance. But
hackers could distort those archives by deleting or rewording prior posts, according
to Conrad Jacoby, a senior attorney at Winston & Strawn LLP in Washington.
That could raise eyebrows among securities regulators, said
Jacoby, who advises clients on managing information that is stored
electronically. Altered posts could be embarrassing or violate securities
industry advertising rules.
Social media monitoring and archiving software can help
advisers keep track of their social media communications, including anything
that is removed or altered. That could help eliminate concerns that regulators
may have if a hacking problem crops up.
Facebook, Twitter and LinkedIn did not respond to emails
from Reuters requesting comment. However, each include security information on
their websites that advisers should review. A Facebook page, for example,
explains threats, such as Koobface, a computer worm, and how to identify them.
LinkedIn audits its system for possible "vulnerabilities and attacks,"
according to its site.
SAVING REPUTATIONS
Compliance programs that raise awareness of social media
issues can help advisers manage hacking risks -- and potential regulatory
trouble, said Glen Gilmore, a social media lawyer and principal at Gilmore
Business Network, a consultancy in Hamilton, New Jersey.
The SEC, in recent guidance, signaled that advisers should
consider social media training "to promote compliance and to prevent
potential violations of the federal securities laws."
Training could include how to recognize sham messages that
may contain viruses, or procedures to follow if a hacker takes over an
adviser's profile page and spouts posts about, say, a new weight-loss
supplement.
Advisers who diligently keep watch over their social
networking profiles are also more likely to avoid problems. Recent guidance to
advisers from Massachusetts Secretary of the Commonwealth William Galvin
suggested reviewing social networking sites daily to ensure that their content
complies with regulations.
Ongoing reviews of social media profiles can help advisers
tackle problems early when they do occur. That could include telling clients --
quickly -- that an embarrassing message about legalizing marijuana really came
from a hacker.
"Companies have to anticipate there will be
problems," Gilmore said. "But how they handle it is what separates
who masters social media and who doesn't."
