Cybersecurity Pre-Risk Assessment

Note: Please fill out this document to the best of your ability, the examples in gray are provided to you for your reference. Please insert your answers in the boxes provided. Be as detailed as possible when completing this document, as this will help the Advisor Information Security team better understand what recommendations we can make to help you secure your office.

 

LPL Cybersecurity Risk Assessment

Advisor Information Security Team • AdvisorInfoSec@lplfinancial.com

 
 
 
 
 
 
 

Example: •John Doe •1234 Main Street Executive Drive •AnyTown, CA 12345

 
 

Include any internal IT support or staff.

 
 
 

Example: Website, LinkedIn, Facebook, Twitter etc.

 
 
 
 
 

Example: •1 Conference room •Main lobby •Storage room

 
 
 

Example: •Wi-Fi name: Spectrum375A •WPA/WPA2, WEP, Radius, etc.

 
 

Example: •Wi-Fi name: Home1 •WPA/WPA2, WEP, Radius, etc.

 
 

To include wired and wireless devices such as laptops/desktops, tablets, and mobile devices, cameras, etc.

 
 

Example: •Router located in personal office •Modem is located in telecommunications closet

 
 

Example: routers, firewalls, servers (both physical/virtual), etc.

 
 

Example: •Yes all containers are locked and only I have access to key. •I have 2 Filing cabinets •I use my desk drawers to store documents as well.

 
 

Do you work with any external TPSPs or vendors (this includes an IT provider)?

 

This includes an IT provider.

 

Do any non-employees have access to your office? Example: •Cleaning crew comes every night. •Landlord. •Building manager has access to everyone’s office.

 

Example: •Redtail •QuickBooks •Constant Contact

 
 
 

Example: Windows 7/8, Big Sur OS 11, or older.

 

Example: •No, I use Windows 10 professional.

 

Example: No, I do not know how to check for old or outdated software.

 

Example: •Cloud Storage: Microsoft One Drive •Cloud Storage: Filevault •Local Storage: External Seagate Hard Drive •Local Storage: USB flash drive •Local Storage: NAS Server

 
 

Example: Yes, I have facial recognition enabled on my cell phone and a fingerprint reader on my laptop.

 

Example: •My passwords are 8 characters minimum, I occasionally reuse passwords and I change my passwords every 6 months.

 
 

Example: •Excel Document •Notebook locked in safe •Sticky Note •Password manager

 
 

MFA is a security system that verifies a user's identity by requiring multiple credentials such as text message code/email code.

 

Do you or anyone in your office send emails containing PII? If so, do you use encryption?

 
 

Example: Phishing simulation program, security awareness training sessions, etc.

 
 
 

Example: •McAfee Antivirus, auto update is on. •Avast Antivirus, auto update is off.

 
 
 

Example: •Yes, I have a Seagate external hard drive. No, it is not encrypted.

 

Example: •I use my laptop to conduct business while away from my office. •I use Mobile Hotspot instead of connecting public Wi-Fi. •I charge phone using available USB ports while traveling in the airport. •No, I am not aware of the risks.