For RIAs flexing between some balance of remote and in-office operations — in other words, all RIAs — this spring is a great time to revisit your cybersecurity policies to ensure your protocols still make sense given the way you do business today.
Keeping in step with regulatory guidance on data protection while staying one step ahead of bad actors and cyberattacks can seem like a daunting task for a financial advisor, but like anything else, very often the hardest part is just getting started. As we shift gears into a new iteration of work in the COVID-19 pandemic, here are a few pointers to help you think through what’s necessary to keep your cybersecurity program on track and up to regulatory par.
Update cybersecurity compliance policies for remote employees
Thanks to COVID-19, we now know firsthand the big difference between occasionally working remotely and being set up to handle remote work at a regular clip. Your firm may now have the technology in place to support remote work for any length of time, but do you have updated cybersecurity policies and protocols in place that will protect client and firm data offsite? Have you put these policies to the test to see if they’ll pass regulatory muster?
Truly integrate the firm’s fintech and tech stacks
Better management and integration of your fintech and tech stacks result in better cybersecurity and data protection. (The firm’s fintech stack includes core advisor tools and applications, whereas the tech stack is the backbone that supports the fintech stack — for example, PCs, laptops, internet and technology.) True integration typically is achieved through a hybrid approach to technology management, enabling your firm to comply with SEC cybersecurity guidance even when your team is working remotely on personal devices.
Budget for potential risk as well as growth
RIAs typically allocate 1% of their annual gross revenues to their technology spend. The majority of this tends to be allocated to the firm’s fintech stack, but 20% to 25% typically goes to the tech stack. To meet today’s cybersecurity and operational demands, it makes sense for most firms to plan for a 5% to 10% increase in spending on the tech stack, as compared to 2020.
The all-virtual event for senior wealth management executives takes place on May 12 and 13.
Consciously communicate on cybersecurity with clients
Cybersecurity breaches and data hacks aren’t reserved for large social networking platforms — they happen to organizations across every industry, including financial services. Has your firm reached out to clients recently to update them on the cybersecurity upgrades you’ve made to keep their information secure during the pandemic? When are you planning to let them know about the ways your firm is keeping their data safe? Similarly, are you offering clients tips on what they should do to protect themselves?
Foster a firm culture of cybersecurity
Creating a culture of cybersecurity starts from the top. Cybersmart RIAs go beyond having new hires sign a standard technology policy agreement — they revise these policies regularly to adjust for changes in the business. They also require everyone at the firm to review and sign the updated technology policy documents annually. Their leaders share headlines on data breaches with employees, with reminders on why certain policies are in place, and celebrate the firm’s cybersecurity successes. This could include the number of phishing emails that the firm safely quarantined, attempted firewall breaches that failed, or staff who actively red-flagged suspicious activity.
Know your vendors
RIA owners need to understand how and where their tech vendors store and protect their data. If you’re not doing so already, make it a priority to do regular due diligence on your vendors regarding their own cybersecurity protocols so, if there’s ever an issue, you’re able to communicate some assurances to your clients.
As we roll toward a summer of opportunity, RIAs need to dedicate time to cybersecurity and understand how best to fill in the gaps. In the end, a strong cybersecurity program can only elevate your current level of client service, while offering protection from potentially devastating data breaches that could ultimately upend your firm or your clients.
