Cybersecurity and data breaches are hitting American businesses, including RIAs, more frequently than ever. A 2022 report from Gartner reveals that 88 percent of executives now consider cybersecurity to be a direct threat to their business operations.
If your RIA were to experience a security breach, what would your clients do? Most likely, they would lose confidence in your ability to keep their money safe and secure. They would leave you for another financial advisor. It’s more than fines; the biggest concern is losing clients and ultimately going out of business. Nearly two-thirds (60%) of small and mid-sized businesses with a security breach don’t recover or go out of business within 6 months. This number is likely a lot higher for RIAs.
If you’ve spent some sleepless nights worrying about what would happen if you lost clients, you’re probably not alone.
For the roughly 32,000 RIA firms in the United States, IT risks run high, especially for RIAs with five to 25 employees. Unlike very large RIA firms that might have more experienced teams managing their IT, small and midsized firms often are not aware of the resources available to them, or they cannot access them. Their IT is not as secure, either.
Is your RIA maximizing all the enterprise security tools available? If you’re unsure, it’s likely time to do a gut-check on your IT. Let’s begin.
Start With Your IT Provider
A trusted IT service provider is critical for RIA firms, especially those with 5, 10 or 15 employees. Unlike other businesses of the same size, RIAs manage hundreds of millions of client dollars. Does your IT provider have a successful track record of working with financial advisors and RIA firms? All too often, IT providers treat small RIAs as they would another small business; they set them up with basic, off-the-shelf versions of Microsoft, whose security solutions just aren’t good enough for an RIA or any financial services firm.
Unlike the business next door, you’re managing millions of client dollars. Your small or midsized employee-sized RIA firm is a lot different than another similar employee-sized company.
I see this as a 1 to 4 ratio. If you’re an RIA with 10 people, you’re equivalent to another professional services business with 40 people. Maximizing your security, SEC compliance and reducing IT risk are exponentially more important. IT providers without a good understanding of the needs of an RIA often understand this; they don’t know how to effectively protect RIAs.
Maximize Your Enterprise Security
In over 15+ years of running a cloud and managed IT services company, I’ve seen roughly 80 percent of RIAs using the Microsoft platform such as Office 365 or Microsoft 365 subscription. This encompasses Microsoft Teams, email and calendar sharing, as well as Office applications like Word, Excel and Powerpoint. That’s all good – but beware.
Microsoft is SEC compliant and ideal for RIAs, but there are some common mistakes that can occur. Let’s take a look.
1. Using OneDrive instead of SharePoint for file storage and sharing. OneDrive is considered a consumer-class solution; it’s fine for many consumers and very small businesses, but not for firms managing client money. Instead, SharePoint is the preferred solution because it comes with the necessary security features. It can still look and function like OneDrive, but there are fewer risks.
2. Paying for third-party apps when Microsoft can do it for them. This is the case for email encryption, email archiving, data loss prevention, and instant message archiving. The common excuse I hear is that Microsoft archiving is not SEC compliant and that’s simply not true. The vast majority of RIAs and IT providers don’t know this; part of what I do is educate these RIAs.