Stanganelli's firm also uses encrypted and password-protected hard drives and keeps sensitive equipment in locked offices.
Karl F. Frank, CFP and president of A&I Financial Services, said his firm uses a program called Security Snapshot to monitor all the other software and make sure it is always up to date. The program issues an alert to take action if, within the first 24 hours, a software has not been automatically updated.
In addition, "we have different team members perform the audits of each other to make sure we are in compliance with our processes," Frank said.
The bar has been raised, said Jacko. While there are no regulatory changes pending, expectations are higher and so are consequences.
"The first thing the regulators look for is if you have a cybersecurity plan in place. If you have one, it has to be well thought out and effective," she said.
She added: "I think you'll see increases in regulatory actions, such as audits and fines. Not only that, a poorly protected firm may be on the hook for paying the client back for any losses."
— By Deborah Nason, special to CNBC.com