There are five key guidelines for RIAs to follow while working remotely from home during the coronavirus pandemic, according to Wes Stillman, CEO of RightSize Solutions, a provider of cloud-based cybersecurity and IT management solutions for the RIA industry.
“During difficult times, it’s easy for us to maybe abandon what we believe for the short term,” he said during the recent webcast “Cybersecurity: What You Need to Know When Working from Home.”
Despite the name of the webcast, he and two other industry executives covered best practices in what they called the big “three Cs” that RIAs working from home must concentrate on: cybersecurity, communications and continuity.
The “RSS Five”
- “At the very least, make sure you’re using multi-factor authentication” and be “extremely careful about phishing emails,” Stillman said.
- Adhere to your compliance policies.
- “Keep communicating” with your team and clients.
- Execute on your disaster recovery plans.
- Repeat what is working, document it, refine it and fix what’s not working.
Cybersecurity Best Practices
“We are… seeing a huge increase in cyberattacks that are trying to take advantage of maybe some vulnerabilities presented by our employees trying to work from home,” Stillman said, adding: “Phishing attacks still remain today as the No. 1 attack vector out there.”
Citing FBI findings, he said there has been a rise in fraud schemes around COVID-19, including charitable contributions, general financial relief, airline carrier refunds, fake vaccines and fake testing kits.
“We have seen a huge rise in cases where advisor clients are being hacked first,” he told listeners, warning them that, unless you are expecting an email, “do not enter information or open those files” you receive in those emails because they are probably phishing attacks. Email systems are under attack and bad actors can have full use of RIA clients’ emails if those clients have been hacked, so it is best to follow protocols, he said.
Using multi-factor authentication is “your first line of defense and will help tremendously,” he said.
Meanwhile, virtual private networks provide an extra layer of security. However, advisors should definitely look at their privacy statements because many VPNs will sell your information, he warned. “RightSize has tested several of them,” he said, adding there is another negative to them: “They will slow your internet connection down and may prevent access to some sites that you need to access.” When that happens, however, you can just turn them off while accessing the sites you need, he noted.
“In fact, you may be better off with just using a hotspot right now” while working from home during the pandemic, he said.
While working from home, it is also important to “make sure you have changed the default passwords on your router and your Wi-Fi access points,” he told listeners, adding: “We strongly discourage the use of home-based computers or tablets to access your core business applications right now” because those devices likely lack adequate security protection, he said.
The use of conditional access is also important because it “ensures that only those compliant and known devices can be used to access things like your email, files and applications,” he pointed out. It also helps manage when someone is hit with a phishing attack and accidentally gives away their credentials, he said, adding that when using conditional access, the bad actor cannot get into one’s system because they do not have a compliant device. It also helps a firm’s IT department understand that somebody at the firm has had their credentials compromised and action needs to be taken, he said.
If an advisor is not using a compliant device, “we urge you to use virtual desktops” because they are “much more secure — it puts another layer between you and the bad guys,” he said. However, the “con” with them right now is that the Internet is extremely slow and virtual desktops need good internet connectivity to work best.
The Importance of Communication
It is more important than ever for advisors to make sure they are communicating often with their clients and others at their firms, according to Jeff Groves, president of compliance service provider ComplianceWorks.
It is important to pay attention to the same protocols one uses at the office to communicate with the public, he said on the webcast.
Advisors should avoid using text inappropriately for unapproved, private information, he warned, adding an advisor can get a “five-figure fine” for texting inappropriately.
It is also important to understand the security limitations of clients with whom you are communicating, and their environment should be as secure as yours, he warned.
Five Key Communication Guidelines
- Use business email domains for business communications.
- Confidentiality should be considered when printing and discarding all documents.
- Industry compliance procedures are still in effect while working from home.
- Some remote tech platforms, including Zoom, are not appropriate for private/proprietary material.
- Understand the limitations of home-based systems and allocate accordingly.
The Keys to Continuity
“From a continuity perspective, you want clients to perceive that you are just as organized when working remotely as when everyone is in the office,” advised consultant Sue Glover, president of Sue Glover & Associates. She also stressed the importance of continuing to hold team meetings of some sort while everybody at a firm is working remotely.
It is important that clients perceive that a firm’s staff is working together as a team to ensure their trust in the firm, she said. Consistent client messaging is one way to send a signal to clients that you are working together as a team, she said.
Another important piece of advice all advisors might want to consider: “Make sure all client communications are entered into your” customer relationship management system “so that everyone knows who said what and when,” she said. And the more information that an RIA enters into the firm’s CRM system the better, she said, suggesting they document as much as possible from all client discussions, including the thoughts the advisor had during the talk and the reasons for that thinking because it is highly possible details from the discussion won’t be remembered otherwise.
She also urged RIAs to repeat practices that are working while working remotely, document it all, refine it and fix what’s not working.
— Check out How Advisors Can Unlock Competitive Advantages While Stuck at Home on ThinkAdvisor.