What You Need to Know
- Of the 6.3 billion global web attacks in 2020, 736 million targeted the financial services business.
- The most likely cybersecurity threats for a small office are manageable, even for a non-technical employee.
- Beware of non-computer items that offer gateways to your network, like coffee makers.
For RIAs, the biggest risk heading into 2022 isn’t stock market volatility. A much greater risk lies in cybersecurity.
Online attacks increased threefold over the last year, according to Akamai Technologies. Of the nearly 6.3 billion web attacks globally in 2020, over 736 million targeted the financial services sector.
While many of these targeted large institutions, RIAs are not immune to cybersecurity threats. RIAs hold valuable information about their clients. If a firm’s data is breached and shared, it may end the relationship.
Even when firms can avoid the worst-case scenario of stolen client data, a cyberattack or virus could be disruptive for clients and advisors alike. For these reasons, strengthening cybersecurity should top any RIA’s list of New Year’s resolutions.
The good news is that the most likely cybersecurity threats for a small office are manageable, even for a non-technical employee. The checklist below provides some baseline steps to help secure your technology in 2022.
Risks generally fall into three groups: 1) the risk of a “drive-by” hacker or automation-driven operation that scans the internet and email systems looking for a way into your systems, 2) the risk of an employee taking information, and 3) the risk that a natural disaster or other event disrupts business continuity.
The checklists below should help protect against each type of risk.
1. Minimize cybersecurity risk.
Enable hard drive encryption. Most operating systems make hard drive encryption easy, and this one small step makes it much more difficult for a hacker to reach your data. Just be sure to turn on encryption on all devices.
Install antivirus software … and keep it updated. Over-the-counter antivirus software protects against many of the computer viruses, trojans and ransomware. However, a small RIA firm might fall flat on systematic implementation and updates of this software. Establish policies for installing antivirus software before you provide devices to employees, and have a process for routinely updating the software across the organization. Don’t leave updates and renewals up to individual employees.
Don’t mix business and personal use on an office computer. Train employees not to check personal email on the company laptop. This is how attackers get to many systems. Firms also should prevent employees from downloading and installing new apps. How a firm establishes this culture varies. Some will use firewalls or “nannyware” that block access to non-work-related websites. However, such actions require discretion from management, as blocking too much of the web can be unpopular and bad for morale.
Back up data and systems … preferably in the cloud. If a work computer is locked up by ransomware, having systems and data backed up allows the firm to wipe the compromised computer clean without paying the ransom. In a matter of hours, the firm and employee could have information restored and be up and running again.