Once upon a time, firewalls and antivirus software were considered the norm for effective cybersecurity. But today, conventional firewalls and antivirus programs are no longer a strong defense against threats in a constantly evolving virtual landscape. These systems can only protect your network and devices against known threats. As a result, the sophisticated attacks that are being launched against businesses, governments, and individuals around the world require a more strategic approach
The same can be said for Los Angeles investment advisor firms, which are entrusted by clients to protect their sensitive data and personally identifiable information (PII) — they need a adopt better, more in-depth approaches to their cybersecurity.
In some ways, cybersecurity is an ongoing state of mind. Although cyber awareness continues to grow, attacks are still reaching record numbers each year for the past several consecutive years. According to the Identity Theft Resource Center (ITRC), there already have been 140 reported attacks that have left 2,882,725 records exposed so far in 2018 (as of Feb. 21). This number doesn’t even include data breaches that have yet to be reported or still have remained undiscovered!
These attacks are expensive, costing millions of dollars to individual businesses each year. According to the Ponemon Institute’s 2017 Cost of Data Breach Study: Global Overview, which involved 1,900 employees at 419 organizations across 11 countries, a data breach can:
- Cost an average of $3.62 million per breach (including post-data breach costs);
- Cause an average loss of $141 per lost or stolen record;
- Severely impact customer trust and loyalty in a company or brand; and
- Result in lost customers.
Single-layered security can be effective against specific forms of attacks. However, these singularly-focused approaches are rendered ineffective when it comes to the broadness of most modern malware. What does this mean for registered investment advisors (RIAs) who are looking for more practical and effective ways to protect their networks, devices, and data? This is where a layered security approach can benefit these advisor firms.
Layered Security: A Defense-in-Depth Solution
Because there is no way to prevent 100% of all cyber attacks, cybersecurity is about reducing the likelihood that your firm will experience a security breach. Firms that use a multi-layered security are better equipped to identify vulnerabilities and protect their investment advisor technology and data from a variety of threats — worms, viruses, malware, ransomware — using a multifaceted approach.
How Layered Security Works
A multi-vectored or layered approach to cybersecurity involves a lot of different integrated software, maintenance, and monitoring components. The goal is to slow down and deter attackers so they can be detected and dealt with before dealing any serious damage to your infrastructure and data.
Layered security can include the use of:
- Risk assessments;
- Antivirus software;
- Antimalware software;
- A firewall;
- Network monitoring;
- Automated alerts and responses;
- Regular network, server, and device updates and patches; and
- Remediation recommendations and implementations.
As an IT professional with more than 25 years of experience in the industry, I can’t stress enough the importance of taking a proactive approach to your cybersecurity practices and procedures. Cyber criminals are smarter are increasingly well-educated, organized, and well-funded. Shouldn’t your RIA security be well organized, prepared, and carefully implemented as well by experienced IT professionals?
Layered security provides coverage against threats that attack across a variety of endpoint user routes of access. These can include malicious emails, social apps on personal devices, infected files, virus-laden websites, and web browser-related security weaknesses.
While we know that cybersecurity is important, how does using layered security help investment firms remain compliant with national industry and government standards?
How Layered Security Aids Helps with SEC Compliance
The U.S. Securities and Exchange Commission (SEC) holds a critical role when it comes to ensuring that investment advisor firms are operating in compliance with security standards. Because cybersecurity is one of the top compliance risks for financial firms, the SEC provides cybersecurity guidance to help RIAs and other market participants protect their clients. Additionally, the organization holds irresponsible individuals and firms — or “bad actors” — accountable through enforcement initiatives.
Because the SEC views investment advisors as “fiduciaries” for their advisory clients, this means that they have the responsibility of acting in the best interests of their clients. This includes safeguarding their assets, information, and other data from both internal and external threats through:
- The creation and implementation of policies and procedures;
- Maintaining up-to-date security software;
- Actively monitoring and keeping an up-to-date inventory of all systems and endpoint user devices; and
- Creating and implementing cybersecurity awareness training for employees.
As a managed security service (MSS) and managed IT service provider (MSP), FPA’s team of experienced and knowledgeable cybersecurity and IT experts serve to protect LA investment advisor firm’s systems, client data and PII. This is partially done by scheduling critical network and system upgrades for their firms for off hours to keep network downtime to a minimum.
Furthermore, FPA is all about taking a “business before technology” approach. We understand SEC and Financial Industry Regulatory Authority (FINRA) compliance requirements and have developed custom programs and reports to help us provide critical information to our RIA clients need.
What are your thoughts about implementing a layered security approach for your investment advisor firm? Share your insights and experiences with us in the comments section below. Otherwise, feel free to send me an email to speak with me about this topic more in-depth.