5. Misunderstanding The Virtues Of The Cloud
One of the biggest mistakes advisors make is overestimating the protection offered by the cloud environment. The cloud can generally offer security for data and documents stored within it, though the level and type of encryption varies by provider.
When information is used outside of the cloud, there are no guarantees. RIA owners should be concerned with how, when and where documents are accessed regardless of where they are stored. Information that is downloaded and used on unsecure, unencrypted devices has the potential to expose the firm to cybersecurity issues once put back to the cloud.
4. Client Service Overrides Client Security
It is natural for advisors to want to help clients with transactional requests that seem to merit an immediate response. But excellent client service also means the RIA has policies that validate these requests to ensure they are legitimate. In its sweep exam of RIAs, OCIE found that almost half reported receiving fraudulent emails seeking to transfer client funds.
Advisors must have procedures for validating email and telephone requests for wire transfers, and for identifying and confirming clients. Clients must also know how the RIA handles these types of inbound requests. For example, a client who has forgotten their account login can be directed to re-register themselves and answer their own security questions, rather than being given a password prompt or other personal information over the telephone.