Close Close
Sign In
Newsletters
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards
Podcast Center Video Center Webcasts Resource Center Events
About ThinkAdvisor Contact Us Advertise With Us Asset & Logo Licensing Sitemap Terms of Service Privacy Policy Copyright © 2024 ALM Global, LLC. All Rights Reserved.
ThinkAdvisor

Regulation and Compliance > Cybersecurity

How RIAs Can Tackle Cybersecurity to Fit Their Firm Size and Growth

By Ginger Szala

X
Your article was successfully shared with the contacts you provided.

In today’s world of web-based solutions and mobile devices, it’s more likely that investment advisors will be cyberattacked, than they will be audited by the Securities and Exchange Commission, at least according to research from RightSize Solutions, a provider of cloud-based solutions to the wealth management industry.

“Unlike an SEC audit, which only a small percentage of RIAs face every year — just 13% of SEC-registered firms in 2017, according to the SEC’s FY 2018 Congressional Budget Justification — online attacks occur daily and the scope and severity of their attacks are increasing,” writes Wes Stillman, founder and CEO of RightSize Solutions, in his white paper, The Cyberpolicy Policy Upgrade Imperative for RIAs.

Although SEC Regulation S-P requires RIAs to adopt written policies and procedures on safeguards for the protection of customer data, last year the SEC’s Office of Compliance Inspections and Examinations (OCIE) stated in an alert that although RIAs may have put together documentation on procedures, “what is on file is either woefully inadequate or not being implemented, or both.”

And though RIAs need those to follow those policies, “focusing solely on compliance misses the mark: The most compelling reason for RIAs to implement ironclad policies is to survive cybersecurity attacks and protect firm and client data,” writes Stillman, who has contributed to ThinkAdvisor.

Starts at the Top

SEC Chairman Jay Clayton has said that “focus by senior management on cybersecurity is an important contributor to the effective identification and mitigation of cybersecurity risks.”

In other words, the C-suite must be involved to help prevent RIAs from being cyberattacked.

With that in mind, RightSize announced this week its RightSize Shield, which is an operating platform with technology management, planning, implementation and monitoring abilities that covers cybersecurity, compliance and technical support. The company noted Shield  “addresses the widening gap between RIAs’ need for increasingly secure and sophisticated data and technology security and their lack of quality bandwidth to be able to handle these issues efficiently, cost-effectively and in compliance with regulatory guidelines.”

Included within the cybersecurity package is a policy template, an integrated cloud platform, continuous systems monitoring, device and vendor management, privately hosted applications and a private network.

RightSize sees the Shield as a cost-effective method for RIAs to follow regulatory guidelines and protect important client data, stating that it combines the advantages of centralized and decentralized computer network architecture in one secure, centrally managed platform. It also allows firms to scale operations as their business grows.

“Putting everything ‘in the cloud’ is not a cybersecurity plan,” Stillman said in a statement. “RIAs need to stay ahead of potential breaches, but their reliance on web-based solutions and mobile devices means that firms, client data and assets are at increasingly greater risk of an attack.”

—Related on ThinkAdvisor:

Ginger Szala

@gingerszalaink

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.