With robust end device management, all log-ons to an RIA’s virtual private network or virtual cloud can be tracked and monitored, and access patterns can be established and tracked. The firm can also control what its staff can access and monitor when access is being attempted from outside the norms.
When those patterns change, the red flags will go up, and security blocks will prevent fraud at the access level. For example, an end user attempting to create a new rule to forward e-mails outside of the firm’s Outlook would be blocked from doing so because the firm’s policies explicitly prohibit e-mail forwarding to external addresses.
The RIA can also monitor network log-ins from strange locations, as well as for attempts to delete e-mails—things that may signal phishing messages or multifactor authentication breaches.
This is the hybrid’s effective security equivalent of logging into a remote desktop, which is a centralized environment that is highly secure and requires special connectivity to get into it.
Working From Anywhere Doesn’t Mean Changing Cybersecurity Standards
Whatever the “new normal” looks like, RIAs must approach all aspects of their cybersecurity plans as if they were in the office—everything from security training, staff onboarding and network access and device management.
With a hybrid approach, the RIA can be compliant with SEC cybersecurity guidance even though staff are working off personal devices and may not have the same bandwidth capabilities they would have at the office. The key lies in knowing who is using what devices, their normal log-on patterns and what they are typically accessing.
The better a firm can manage its tech stack, the better its security gets. The end goal for RIAs is to corral their risk and actually push costs down over time.
Wes Stillman is the founder and CEO of RightSize Solutions.