-
Limit what employees can do and use. RIAs that permit bring your own device policies do so at their own risk. Allowing access to work email and cloud-based systems from personal or unauthorized devices gives hackers an unsecured and unmonitored entry point into the firm. As cyberattacks continue, RIAs will find that insistence on firm-authorized encrypted and password-protected devices for all transactions is not just a best practice, it is sound business policy.
-
Use best-of-breed technology. Outdated technology may seem penny-wise, but it is no match for the sophistication of today's malware and hacks. As part of ensuring that their systems are up-to-date and secure, RIAs need to understand what is required for accessing and using data in their Web-based applications so that it stays protected.
-
Have cybersecurity policies that account for growth. The goal of any RIA is profitable growth, but as firms get bigger, the threat of a breach increases as well. This is partly because a larger staff has a greater potential for non-adherence to policy. The threat also increases because bigger organizations are more likely to be in a cyberhack's crosshairs. As advisors scale their operations to account for growth, cybersecurity policies and protocols must evolve as well—the needs of a single office RIA with a small staff will be vastly different from a multi-office, multi-state firm.
-
Monitor, monitor, monitor. The best cybersecurity protocols on paper are only as good as the monitoring done to ensure adherence. Advisors cannot solely rely on the technology for prevention and monitoring—someone needs to be watching. Without ongoing oversight of all transactions, RIAs have no assurances that their systems are secure, particularly after a breach has occurred. As the FBI portal breach shows, it could be months later before the hack fully plays itself out.
If there is one thing RIAs can learn from the top hacks of 2015, it is that a cybersecurity policy is only as good as its execution. Though there is not a one-size-fits-all solution to ending cyberattacks, advisors can start by executing on their current technology policies. Breaches occur when sound policy is not observed and when no one is minding the store. And as some of the world's biggest organizations can attest, execution is often harder than one might think.
Wes Stillman is CEO of RightSize Solutions, a provider of intelligent cloud technology and business management solutions for advisors. He can be reached at [email protected].