Why RIAs Need Network Penetration Testing

Craig Pollack | Mar 23, 2015

Top 3 Reasons Why LA Investment Advisors Need Network Penetration TestingInvestment advisory firms make attractive targets for cyber attackers, so security compliance practices are mandated the SEC and other regulatory bodies. To properly assess the effectiveness of a company’s IT security and response time, its managers should plan for an annual and recurring network security assessment.  And one of the core components of this is the “penetration test”.

Also known as a ‘pentest’, network penetration testing is a scheduled assault on a network from outside the network with the intention of locating security weaknesses, testing defenses, and assessing any potential impacts to the business.

This article reviews the top three reasons why Los Angeles investment advisors should undergo network penetration testing.

Identification of Vulnerabilities That Automated Scanning Software May Miss

Penetration tests simulate real-life cyber-attacks and identify vulnerabilities in both procedural and software defenses. Business risks that may not be evident through vulnerability assessment reports are recognized and identified.

By clearly showing how vulnerabilities can be exploited to obtain access to confidential data and key business systems, penetration tests provide better insight into the existing but previously undetected risks.

Assessment of the Magnitude of Potential Impacts of a Successful Attack

Once the loopholes are exposed, the severity of a successful hack attempt can be estimated with a reasonable degree of certainty. From there, the firm’s most important business processes at risk can be identified impacting such things as operations, delivery of service, and revenue, and those jeopardized by the loopholes can have added security measures applied.

These business impact analyses, made available after network penetration testing, help managers make informed decisions about business continuity strategies.

Testing the Ability of Network Security Software to Detect and Respond to Attacks

To put together a strong security system, a firm needs to evaluate the ability of its current setup to detect and respond to intrusions. Penetration testing simulates an attacker attempting to gain local or remote access to the firm’s network and logs the incident response capabilities of the system.

These exercises reproduce actual incidents that may affect resources and data. After penetration testing, weaknesses can be improved upon, keeping client and company information safe.

Bottom Line

Penetration tests can determine whether a financial advisory firm’s system is vulnerable to attack, if its IT-based defenses are strong enough, and which defenses failed during the testing. Any security problems that the test uncovers can be addressed before they become a serious liability.

Potential impacts on the company are also assessed so that countermeasures can be taken to reduce risk and ensure business continuity.


Does your firm’s network been through penetration testing? Let us know your thoughts in the Comments box below.


And to follow-through on the tips introduced in this short article, be sure to download your free guide, Investing in High Net Worth Clients: The LA Investment Advisor's Guide to Using Technology to Manage and Grow Your Firm.


New Call-to-action


Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 25 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best secure and leverage their technology to achieve their business objectives.