4 ways RIAs can protect themselves from cyberthieves

Making smart technology decisions can serve as a pre-emptive strike against the potential fallout from future cyberattacks.
JUN 09, 2017

As Wannacry showed us, taking time out for proper technology management only seems cumbersome until your firm is hit. RIA owners can follow these four steps to get the most out of technology while protecting themselves from cyberthieves. When advisers make smart decisions about technology usage, they are engaging in a pre-emptive strike against potential fallout from future cyberattacks. 1. Firm specs should dictate technology spend. The numbers of employees and office locations should be key factors in determining the firm's technology strategy. A decentralized environment means every function and application — such as CRM, financial planning, portfolio management, billing, archiving or marketing — is managed independently and directly with vendors. This is a cost-effective and adequate route for a two- or three-person firm, assuming everyone is a trusted employee or partner. A centralized approach means that one IT service provider manages security and access to all applications, which can help large firms or those with multiple offices. Centralization offers the opportunity to balance productivity with compliance and security by streamlining firm-wide supervision of routine and complex tasks — i.e., new software installations or updates, user control or security patches. RIAs do not have to choose between these two extremes, however. Advisers who want oversight over certain applications to remain in-house but use an outside provider to manage the rest can seek out a hybrid IT environment for their firm's needs. (More: Cyberattack should prompt advisers to ask their IT professionals hard questions) 2. For maximum ROI, stick to clear technology policies and procedures. Developing consistent and enforceable policies and procedures is the most important thing an adviser can do to prevent cybersecurity breaches. It is also the most complex and time-consuming part of technology management. RIA office manuals should contain concrete plans for managing a cyberattack. Preventative and reactive items should be clearly spelled out and understood by the entire firm. Advisers should create action plans for dealing with each of the firm's constituencies: employees, clients, partners, media, law enforcement and government. When developing policies, advisers should consider all levels of security within the firm, who has access to what and control administrative privileges accordingly. Limiting the ability to install and execute applications will help control what gets onto the firm's network and prevent ransomware attacks. 3. Create specific policies for social media. Social media is one way for today's advisers engage with clients and promote themselves. It is also a direct portal to cyber-incidents. Consider how much business and personal information is available online, and recognize that this is source material for advanced phishing campaigns. RIAs should monitor social media for public and employee comments, and firm policies should restrict what can be said on professional and personal social media accounts, which are a treasure trove for cyberthieves. Advisers should also include any firm social media accounts in the archive process for auditing purposes. (More: SEC alerts advisers on WannaCry ransomware cyberattacks) 4. Run disaster recovery and continuity planning drills. For the most security, everyone must buy into the RIA's policies and procedures. Advisers should train everyone in the firm to realize the critical role each person plays and that everyone is equally capable of causing major issues. Consider conducting mock cybersecurity drills, or scheduling periodic test phishing emails or phone calls to test working knowledge and how to handle clients. Everyone can be trained to recognize red flags such as emails asking for personal or credit card information, requests for immediate action regarding unfamiliar situations, or emails that include suspicious attachments. RIA owners should also lead by example. Discuss technology matters in staff meetings and in other internal communication. Monitor and test for understanding of the firm's cybersecurity protocols. Be sure everyone knows when an incident occurs, and equally important, positively affirm the individuals who report mistakes early. No RIA firm can be 100% cybersecure, but advisers are still on the hook for protecting themselves. Any adviser who has been the unwitting victim of a cyberattack knows that investing in time and resources up-front is well worth it. Protocols that were once dismissed as inconvenient or inefficient will either be the lifeline an RIA needs to protect itself, or a series of "woulda, coulda, shoulda" regrets as hindsight becomes 20/20. (More: Editorial: Ransomware attack underscores importance of cybersecurity) Wes Stillman is the chief executive officer of RightSize Solutions, a provider of cybersecurity and technology management services for wealth management firms.

Latest News

LPL building out alts, banking services to chase wirehouse advisors, new CEO says
LPL building out alts, banking services to chase wirehouse advisors, new CEO says

New chief executive Rich Steinmeier replaced Dan Arnold on October 1.

Franklin Templeton CEO vows to "do what's right" amid record outflows
Franklin Templeton CEO vows to "do what's right" amid record outflows

The global firm is navigating a crisis of confidence as an SEC and DOJ probe into its Western Asset Management business sparked a historic $37B exodus.

For asset managers, easy experience is key to winning advisors' businesses
For asset managers, easy experience is key to winning advisors' businesses

Beyond returns, asset managers have to elevate their relationship with digital applications and a multichannel strategy, says JD Power.

Why retaining HNW clients ultimately comes down to one basic thing
Why retaining HNW clients ultimately comes down to one basic thing

New survey finds varied levels of loyalty to advisors by generation.

Stocks drop as investors digest Microsoft, Meta earnings
Stocks drop as investors digest Microsoft, Meta earnings

Busy day for results, key data give markets concerns.

SPONSORED Out with the old and in with the new: a 50% private markets portfolio

A great man died recently, but this did not make headlines. In fact, it barely even made the news. Maybe it’s because many have already mourned the departure of his greatest legacy: the 60/40 portfolio.

SPONSORED Destiny Wealth Partners: RIA Team of the Year shares keys to success

Discover the award-winning strategies behind Destiny Wealth Partners' client-centric approach.