Get More Than ‘Cloud Cover’
Though "the cloud" generally offers security for data and documents stored in it, the level and complexity of the security or encryption varies by vendor. Additionally, accessing or storing data outside the cloud can lead to breaches, particularly when using unsecured devices. There are also no guarantees on information used outside of the cloud.
This means RIA owners should be concerned with how, when and where documents are accessed in addition to where they are stored. Though it is tempting to download information onto personal, unencrypted devices in the name of productivity, doing so can expose the firm to cybersecurity issues and data breaches.
Implement Oversight
Validation and oversight of cybersecurity policies are just as important as creating them. To minimize external threats, small RIAs need to utilize technology to enforce authentication. Firm owners need policies and procedures for monitoring usage of devices, the Internet, social media and email.
Small RIAs permitting the use of personal devices for business should consider their increased cybersecurity risk that comes with doing so. At minimum, firms should implement policies to secure personal devices that access firm data, especially email.
Ultimately, it is the RIA owner's responsibility to ensure the security of the firm's data. System monitoring and policy enforcement through technology can add valuable safeguards and peace of mind. Delegation to a trusted staff member can be a viable option, but only if the owner keeps close oversight on the process and procedures.
Make Client Security A Part Of Client Service
Small RIAs may falsely believe that their deeper client relationships buy them a level of protection against thieves compared to larger firms with more clients. Familiarity can have its benefits, but it can also breed a false sense of security.
In fact, Symantec reports that 43 percent of all phishing attacks in 2015 were on small businesses.