How RIAs Can Tackle Cybersecurity to Fit Their Firm Size and Growth

In today’s world of web-based solutions and mobile devices, it’s more likely that investment advisors will be cyberattacked, than they will be audited by the Securities and Exchange Commission, at least according to research from RightSize Solutions, a provider of cloud-based solutions to the wealth management industry.

“Unlike an SEC audit, which only a small percentage of RIAs face every year — just 13% of SEC-registered firms in 2017, according to the SEC’s FY 2018 Congressional Budget Justification — online attacks occur daily and the scope and severity of their attacks are increasing,” writes Wes Stillman, founder and CEO of RightSize Solutions, in his white paper, The Cyberpolicy Policy Upgrade Imperative for RIAs.

Although SEC Regulation S-P requires RIAs to adopt written policies and procedures on safeguards for the protection of customer data, last year the SEC’s Office of Compliance Inspections and Examinations (OCIE) stated in an alert that although RIAs may have put together documentation on procedures, “what is on file is either woefully inadequate or not being implemented, or both.”

And though RIAs need those to follow those policies, “focusing solely on compliance misses the mark: The most compelling reason for RIAs to implement ironclad policies is to survive cybersecurity attacks and protect firm and client data,” writes Stillman, who has contributed to ThinkAdvisor.

Starts at the Top

SEC Chairman Jay Clayton has said that “focus by senior management on cybersecurity is an important contributor to the effective identification and mitigation of cybersecurity risks.”

In other words, the C-suite must be involved to help prevent RIAs from being cyberattacked.

With that in mind, RightSize announced this week its RightSize Shield, which is an operating platform with technology management, planning, implementation and monitoring abilities that covers cybersecurity, compliance and technical support. The company noted Shield  “addresses the widening gap between RIAs’ need for increasingly secure and sophisticated data and technology security and their lack of quality bandwidth to be able to handle these issues efficiently, cost-effectively and in compliance with regulatory guidelines.”

Included within the cybersecurity package is a policy template, an integrated cloud platform, continuous systems monitoring, device and vendor management, privately hosted applications and a private network.

RightSize sees the Shield as a cost-effective method for RIAs to follow regulatory guidelines and protect important client data, stating that it combines the advantages of centralized and decentralized computer network architecture in one secure, centrally managed platform. It also allows firms to scale operations as their business grows.

“Putting everything ‘in the cloud’ is not a cybersecurity plan,” Stillman said in a statement. “RIAs need to stay ahead of potential breaches, but their reliance on web-based solutions and mobile devices means that firms, client data and assets are at increasingly greater risk of an attack.”

—Related on ThinkAdvisor:

• GAO Urges Government Action to Combat Cybersecurity Risks
• Wealthy Investors Have a Big Cybersecurity Problem