What's the biggest cybersecurity vulnerability for RIAs?
Email, absolutely. But every single device you use to access something on the internet becomes a vulnerability point.
How do RIAs ensure that their clients are not at risk from hackers?
That's the $64,000 question. RIAs are in business to provide excellent service, so when they get an email from a client seeking help, they naturally want to make that happen. Most of the fraud cases we see have come from the client side. That's a difficult position for RIAs to have to deal with. Sometimes they will do everything correctly on their end and the bad actors will still get around it.
For example, we know of a case where the RIA did everything they were supposed to do. They called the client to verify all their information, but the hackers had hacked into the client’s account and responded to the advisor with all the valid information, including the client's phone number and signature. The RIA transferred $400,000 to the hacker’s bank account, yet they did everything correctly. The point is you want to be in the best position you can be in to prevent this.
How do you prevent incidents like that from occurring?
You have to have the protocols in place to do the best job you can to protect your client and yourself. We have multifactor authentication and we have conditioned access. Those are two key steps that we enforce. And you have to ensure that your client is coming from a compliant device, otherwise you're not getting in. But even if all that fails, we have reporting that alerts us where people are logging in from. If the email is coming from North Korea, that’s an obvious red flag. We monitor all emails and verify that all account information is valid. All that is being monitored and reported back to us.
Is cybersecurity expensive?
We are a complete IT department at about half the price of what you would pay if you bought everything à la carte or did it yourself in-house. We’re kind of a combination of infrastructure as a service, software as a service, and a managed security service provider all rolled into one. We handle all the licensing; you have access to our help desk and our private cloud. We offer discounts on cybersecurity insurance. More importantly, we save advisors money in terms of time and productivity. For example, what if you lose your laptop or it’s stolen? In our case you can simply go to any computer and securely log into our private cloud platform and continue to be productive until we fix the issue or get you another secure device. You're not just dependent on that individual device. You can continue working without missing a beat.