A succinct guide to how to think about cyber-security has been published, with obvious relevance to the wealth management sector in the US, and beyond.

The almost-daily diet of stories about cyber-security breaches has created a substantial industry in fighting hackers, and financial services realize the issue is a high priority. A survey issued earlier this year by Duff & Phelps, for example, showed that companies planned to boost spending on foiling cyber-crooks. 

And there is plenty of literature out there to peruse. A pair of security industry experts, Jim Shaeffer and John Paul Cunningham, have decided to get away from some of the “techno-speak” that can sometimes obscure necessary understanding, and get down to fundamental principles of security, good governance, and management. Their book, entitled Wolves, Sheep, and Sheepdogs: A Leader’s Guide To Information Security, is 130 pages long and can be read in a single sitting. At the core of it is an understanding of the respective “types” one finds in life: the assets of a firm/business, which might be thought of as a flock of “sheep”; those who may attack such assets for various reasons (desire for money, revenge, ideology or plain malice), who are the “wolves”; and those who are hired or trained to stop the attackers and stand on guard over the flock: the sheepdogs. The authors apply these concepts to today’s modern commercial and organizational world, exploring how groups should address security, think about the assets they might need to protect, and anticipate the type of “wolves” that exist.  The book is engagingly written and contains a nice set of action points and principles for any reader to digest. 

The book is not directed specifically at the wealth management or family offices sector, however, and this publication asked Cunningham to set out some further pointers for the industry. He notes, for example, that FINRA and the SEC have both given high priority to cyber-security. For example, when these bodies audit a firm, they will want to confirm that wealth advisors have clear security protocols in place and that these are being regularly tested. New York State and Colorado have imposed cyber-security regulations on financial services firms that could be a template for the rest of the US. 

When it comes down to the need to bring in a chief information security officer, Cunningham also points out that regulators such as the SEC require such a person to be in place. In other words, firms must hire a sheepdog. For example, in September last year, the New York State Department of Financial Services proposed the nation’s first cybersecurity regulation to protect state financial institutions and their customers, which includes the key mandate that someone fill the role of CISO, he said. 

Shaeffer and Cunningham’s book may not have exhaustive amounts of detail, but their study is an excellent overview of the overall picture and creates a good set of mental tools for how any organization, whether it be a family office or a logistics firm, should think about the threats from cyber-space.