3. Not leveraging Secure Single Sign On (SSO). Often, RIAs are using a plethora of web- based applications. If you are using a SSO solution, most likely you are paying for a 3rd party tool that is not as good as Microsoft. Or if you are not using a SSO solution, you’re dealing with a lot of pain when it comes to managing all the logins and passwords, along with access for all these web-based applications for your employees. You might even save these in a spreadsheet for each employee. There’s much better productivity and security with Microsoft’s SSO. Imagine hiring a new employee, and they have secure access to all their web-based applications without the need to remember all the user names and passwords. Even more important is when you let go of an employee. All you have to do is disable their Microsoft account, and they cannot access their computer, work email, or any of the web based applications. Throw out that spreadsheet and start using Microsoft’s SSO!
All three of these situations come down to an inexperienced IT provider not maximizing opportunities to leverage all the great security tools a firm is paying for.
Data Loss Prevention—It’s No Longer Just For The Big Guys
Like everyone, you’re using anti-virus and firewall protection. That’s great. What about data loss prevention? This is another enterprise-class security solution that every RIA must have.
Fifteen years ago, data loss prevention solutions easily cost over $100,000 for purchasing, licensing, and implementation. Only the largest RIAs could afford it. Today, even a firm with five employees can access these same solutions because they’re now built into the Microsoft enterprise-class package.
I’ll share two examples for why data loss prevention is such an important feature.
Working with an RIA or any financial management firm, an IT provider should know how to set up certain "categories" of sensitive data or information (such as account numbers or social security numbers). This can actually prevent those categories from going into email – and being sent out through email. If this is set up correctly, then anyone trying to insert an account number into an email, for example, should receive a message warning that the email cannot be sent. Another option here is to automatically encrypt the email if it detects that sensitive data in the email.
Data loss prevention also prevents certain types of files and data from being deleted, downloaded, emailed or printed. It also can prevent certain people from seeing certain types of information. For example, if you're not involved in Human Resources, you cannot see the personnel files for employees.
Check with your IT provider to confirm which data loss prevention solutions have been set up within your RIA. Chances are, if you’re not using them, they may be readily available in your Microsoft Enterprise package.
All You Need Is Five Minutes
Now I’m going to give you something tangible.
If you’re wondering about your firm’s IT situation, then take the 5-Minute IT Risk Scorecard. My team developed this test based on years of observing four common IT areas challenging RIAs today: Email, security, applications and data, and infrastructure. You can find it here.
You don’t need to be an IT expert to take the test, nor do you have to pay an arm and a leg for it. It’s FREE and only takes 5 minutes. Once completed, you’ll quickly receive a custom score revealing how your RIA firm is doing, where your weaknesses are, and what needs to change or improve.
Take your scorecard to an IT provider who knows how to implement these improvements. Then come back after six or eight months and take the test again. See what’s improved. You’ll get validation that your RIA is more secure, and I guarantee you’ll sleep better at night.
David Kakish is CEO of RIA WorkSpace, a provider of Cloud and managed IT services for RIA firms most often with five to 25 employees. As an author, entrepreneur and IT expert, Kakish is committed to helping RIAs navigate their way through the world of ever-changing technology and complex IT environments. For more information, visit RIAWorkspace.com or connect with David at [email protected].