Reassessing cybersecurity in a changing world

Reassessing cybersecurity in a changing world
As the industry waits for the Securities and Exchange Commission’s final rules on cybersecurity, RIAs can take steps now to better safeguard themselves and their clients.
JUN 09, 2022

There are two main forces changing the way registered investment advisers think about cybersecurity and operating a firm — regulators and remote work.

As the industry waits for the Securities and Exchange Commission’s final rules on cybersecurity, RIAs can take steps now to better safeguard themselves and their clients. In addition, advisers and staff need to be able to switch between applications securely, regardless of whether they are working in the office or elsewhere.

Remote work shines a spotlight on the issue of controlling access to data and applications. Although the in-office environment affords RIAs the most control over technology and systems, the majority of us are not going back to the office 100% of the time.

Protecting access to the firm’s technology, core business applications and systems goes beyond antivirus software and policies. It means multifactor authentication and encrypted passwords so that login credentials cannot be easily compromised. It also includes artificial intelligence-enabled data protection technology that actively studies user behavior to establish patterns and flag aberrations or disruptions as potential cyber-events so they can be immediately stopped and contained before cyberthief has successfully hacked into an entire system.

BUDGET FOR AN INCREASE IN CYBERSECURITY-RELATED SPENDING

It takes time and resources to protect a firm from breaches and comply with SEC rules. The increase in number and severity of cybersecurity attacks, coupled with a rise in enforcement, can only mean that RIAs will need to increase their IT budgets.

Outside of the costs of having the right technology and support in place, there are costs associated with cybersecurity assessments, which are based on audits of the firm’s actual security policies. There are also premiums for cybersecurity insurance to consider.

RIAs may also need to account for a loss in overall productivity from advisers and staff as a by-product of having to complete cybersecurity assessments and related regulatory requirements.

DOCUMENT YOUR CYBERSECURITY POLICIES AND HOW THEY'RE BEING USED

The SEC’s longstanding recommendation to document cybersecurity policies and procedures may finally become a rule. Firms will need to write down how they address cybersecurity risks specific to their clients and operations.

Firms must also be able to show how policies are being implemented and demonstrate that they are protecting clients’ interests. This includes minimizing risks that can lead to operational disruptions or lost or theft of client information.

RIAs should already be documenting their cybersecurity policies and tracking incidents as part of business continuity planning and for insurance purposes. In the event of a data breach or cybersecurity attack, insurance companies want firms to provide a written record of their actions, policies and protocols.

A remote or virtual work environment means change for RIAs that were configured to have everyone in the office. Different technology is needed to secure a remote workforce, which has unique cybersecurity challenges. Remote work mandates that certain levels of security are in place to protect the firm.

Simply picking a product off the shelf without careful thought or change management will lead to frustration. The technology decision will influence how the firm works, shaping everything from workflows to security policy and operational protocols. Thoughtful, strategic implementation and management is critical. 

Wes Stillman is founder and chief technology officer of RightSize Solutions, which provides IT and cybersecurity management solutions to RIAs and other wealth management firms.

Trading in private companies greatly expanded

Latest News

 Younger Americans fear AI's retirement impact, Thrivent finds
Younger Americans fear AI's retirement impact, Thrivent finds

AI-driven job fears are weighing on retirement confidence, especially among Gen Z and Millennials, Thrivent survey finds

FINRA spanks Centaurus with $1.1 million penalty over variable annuity switches
FINRA spanks Centaurus with $1.1 million penalty over variable annuity switches

It’s the second time in as many years regulators have penalized Centaurus Financial for lack of compliance with Reg BI.

Wells Fargo touts AI Teammate to streamline advisors’ workloads
Wells Fargo touts AI Teammate to streamline advisors’ workloads

AI Teammate is embedded within Wells Fargo’s Advisor Gateway desktop platform.

Advisor moves: &Partners reels in $524M RayJay team, Focus firm Eton Advisors welcomes Northern Trust alum
Advisor moves: &Partners reels in $524M RayJay team, Focus firm Eton Advisors welcomes Northern Trust alum

Elsewhere, Ameriprise added a $470 million Wells team in New York, while an ex-Morgan Stanley advisor bolsters UBS' Austin, Texas office.

The exit planning conversations advisors need to have with business owners
The exit planning conversations advisors need to have with business owners

Financial advisors play an essential role in helping small business owners navigate their transition out of the company — and into retirement.

SPONSORED Direct indexing webinar targets tax-loss harvesting amid market swings

Northern Trust’s Ken Lassner shows advisors how to convert volatility into after-tax portfolio gains

SPONSORED Who builds the income when the pension disappears?

Dan Biagini of American Equity says the steady decline of pensions, longer lifespans and a reset in interest rates are rewriting how advisors build retirement income