Cyber-attacks, natural disasters, and system failures should be a source of major concern for LA RIAs because both can result in data loss and service downtime.
These consequences have repercussions of their own: industry penalties, upset clients, and lost business.
Sometimes IT disasters can be predicted and prevented. Routine penetration testing and server maintenance can alert the firm’s tech support that a vulnerability has popped up, or a crucial system is about to crash.
Others strike without warning. LA RIA firms need to have a well-rounded IT disaster recovery plan in place to minimize the damage, no matter what the cause.
Identify All Potential Disasters
Think about negative impacts your business could face. Natural disasters such as earthquakes or wildfires are not unfamiliar to Los Angeles. When it comes to industry-specific threats, cyber-breaches are at the top.
Earlier this year experts warned that banks, investment firms, and other financial services companies would need to increase their data security budgets to cope with the frequency and intensity of hacker attacks.
Each possible threat requires a preemptive move and a contingency plan to prevent business interruption. Some things your LA investment advisory firm could do today include backing up data more often, running firewall vulnerability tests more regularly, and hosting the company servers with a facility fortified against natural disasters.
Identify Critical Hardware and Software
The first step in putting a disaster recovery plan together is to take a complete inventory of the firm’s hardware assets (servers, desktops, laptops, mobile devices) and software applications.
Then the following questions must be answered:
- Which do the RIAs absolutely need to fulfill their business responsibilities?
- If any of these assets are lost, stolen, or corrupted, how is the data protected from unauthorized use?
Put Your Disaster Recovery Plan in Writing
All IT disaster recovery plans must be in writing, so the firm’s department heads and managers know what they are expected to do in the event of an IT disaster. Ideally, the written plan should be available in a secure online location, in case the corporate headquarters is damaged or otherwise inaccessible and include contact information for all key technical personnel.
Test All Security Configurations
Coordinated tests reveal a company’s ability to cope with different types and levels of threat. Testing frequency depends on the firm’s size and factors such as employee turnover, but everything needs to be thorough.
LA RIAs can only prepare for recovery from an IT disaster by identifying potential threats, knowing their security weaknesses, and having a workable action plan in place. Organizations such as FS-ISAC, the Financial Services Information Sharing and Analysis Center, help its members protect themselves by sharing information about new and existing cyber and physical threats so that there are fewer catastrophic surprises.
How prepared is your LA investment firm for physical and cyber threats? Is there an IT disaster recovery plan in place? Let us know your thoughts in the Comments box below.
And to follow-through on the tips introduced in this short article, be sure to download your free guide, Investing in High Net Worth Clients: The LA Investment Advisor's Guide to Using Technology to Manage and Grow Your Firm.