There are five key guidelines for RIAs to follow while working remotely from home during the coronavirus pandemic, according to Wes Stillman, CEO of RightSize Solutions, a provider of cloud-based cybersecurity and IT management solutions for the RIA industry.
“During difficult times, it’s easy for us to maybe abandon what we believe for the short term,” he said during the recent webcast “Cybersecurity: What You Need to Know When Working from Home.”
Despite the name of the webcast, he and two other industry executives covered best practices in what they called the big “three Cs” that RIAs working from home must concentrate on: cybersecurity, communications and continuity.
The “RSS Five”
- “At the very least, make sure you’re using multi-factor authentication” and be “extremely careful about phishing emails,” Stillman said.
- Adhere to your compliance policies.
- “Keep communicating” with your team and clients.
- Execute on your disaster recovery plans.
- Repeat what is working, document it, refine it and fix what’s not working.
Cybersecurity Best Practices
“We are… seeing a huge increase in cyberattacks that are trying to take advantage of maybe some vulnerabilities presented by our employees trying to work from home,” Stillman said, adding: “Phishing attacks still remain today as the No. 1 attack vector out there.”
Citing FBI findings, he said there has been a rise in fraud schemes around COVID-19, including charitable contributions, general financial relief, airline carrier refunds, fake vaccines and fake testing kits.
“We have seen a huge rise in cases where advisor clients are being hacked first,” he told listeners, warning them that, unless you are expecting an email, “do not enter information or open those files” you receive in those emails because they are probably phishing attacks. Email systems are under attack and bad actors can have full use of RIA clients’ emails if those clients have been hacked, so it is best to follow protocols, he said.
Using multi-factor authentication is “your first line of defense and will help tremendously,” he said.
Meanwhile, virtual private networks provide an extra layer of security. However, advisors should definitely look at their privacy statements because many VPNs will sell your information, he warned. “RightSize has tested several of them,” he said, adding there is another negative to them: “They will slow your internet connection down and may prevent access to some sites that you need to access.” When that happens, however, you can just turn them off while accessing the sites you need, he noted.
“In fact, you may be better off with just using a hotspot right now” while working from home during the pandemic, he said.
While working from home, it is also important to “make sure you have changed the default passwords on your router and your Wi-Fi access points,” he told listeners, adding: “We strongly discourage the use of home-based computers or tablets to access your core business applications right now” because those devices likely lack adequate security protection, he said.
The use of conditional access is also important because it “ensures that only those compliant and known devices can be used to access things like your email, files and applications,” he pointed out. It also helps manage when someone is hit with a phishing attack and accidentally gives away their credentials, he said, adding that when using conditional access, the bad actor cannot get into one’s system because they do not have a compliant device. It also helps a firm’s IT department understand that somebody at the firm has had their credentials compromised and action needs to be taken, he said.