RIA Workspace

Blog

  • 5 Reasons to move away from text message authentication for multi-factor authentication

    5 Reasons to move away from text message authentication for multi-factor authentication

    As a registered investment advisor (RIA) or financial advisor, you are always looking for ways to better secure your clients’ data. One specific way is by using multi-factor authentication or, as it’s sometimes called, two-step verification. This adds an extra layer of account security by requiring not just a password, but also a second factor, such as a text message or a code from an app, to log in.

    For a long time, SMS or text message has been the most common authentication method. However, there are many reasons why text message is no longer the best option for multi-factor authentication

    Text message is less secure than other authentication factors

    While text message is better than not having a multi-factor authentication factor, it is not as secure as other authentication methods, like biometrics or security tokens. This is because text message is reliant on a physical device that can be lost, stolen, or compromised. By contrast, other authentication factors are more difficult to replicate or steal. For instance, biometrics are unique to each individual, while security tokens can be locked in a safe when not in use.

    Text messages are not encrypted

    SMS messages are sent as plain text, which means anyone can intercept and read these messages if they have access to the phone’s network. If a hacker manages to get access to your texts, they could easily find your login codes and use them to log in to your accounts. This is an especially serious security concern for an RIA or a financial advisor like you who often deals with sensitive client information.

    Text messages can be synced to potentially unsecured or compromised devices

    Most phones today allow users to sync text messages across multiple devices. This is convenient, but it also means that if a hacker gets access to one of your devices, they can easily get your text messages and login codes as well.

    Hackers can port a phone number to a new device

    In a SIM swapping attack, a hacker tricks your service provider into transferring your phone number to a new device. This gives the hacker access to any accounts that are linked to that phone number, including your email, social media, and other accounts you use for business. Once they have access to your accounts, they can do a lot of damage, such as steal your money or your clients’ confidential information.

    Hackers can intercept text messages using SS7 attacks

    SS7 (Signaling System 7) attacks exploit the way mobile networks route calls and text messages. This flaw allows hackers to intercept and read text messages, even if they are encrypted, as well as eavesdrop on calls and track users’ locations. SS7 attacks can be difficult and expensive to carry out, but they are a serious security concern, especially for high-profile targets like RIAs and financial advisors.

    What’s the best alternative to text message?

    Given all these security concerns, it’s clear that text message is no longer the best option for multi-factor authentication.  So what is a better choice? We at RIA WorkSpace recommend Microsoft Authenticator.

    Microsoft Authenticator is a free app that you can use for multi-factor authentication with your Microsoft account and other online accounts, such as Facebook, Google, and Dropbox. You can download it on your phone or tablet from the App Store or Google Play.

    Microsoft Authenticator is more secure than SMS because it uses a time-based one-time password (TOTP) instead of a simple text message. TOTP is a computer algorithm that generates a unique code at set intervals, such as every 30 seconds. Each code can be used only once and expires after a short period, so even if a hacker manages to intercept a code, they can’t use it to log in if the code has expired.

    Microsoft Authenticator is also convenient and easy to set up. Once you’ve downloaded the app, you simply need to add your accounts and turn on multi-factor authentication. Whenever you sign in to one of your accounts, you’ll enter your username and password as usual, and then you’ll be prompted to open Microsoft Authenticator and enter the code that it generates. You can simply copy and paste the code, or, if you’re using a Microsoft account, you can even approve the sign-in with a single tap.

    So if you’re looking for a better way to secure your online accounts, we encourage you to ditch SMS authentication and give Microsoft Authenticator a try. It’s easy to use and effective in protecting your accounts from hackers.

    Related reading: Microsoft Authenticator: Secure authentication for RIAs and financial advisors

    For other ways to keep your accounts and clients’ information safe, get in touch with our experts at RIA WorkSpace. We specialize in all things IT for RIAs and financial advisors and can help you implement the best solutions for your firm.

  • Pet adoption scams – SCAM OF THE MONTH

    Pet adoption scams – SCAM OF THE MONTH

    Walter has always wanted a dog, and now that his new job lets him work from home, it is the perfect time to find a furry friend.

    He started searching online and found one woman who was moving to a new apartment that didn’t allow pets. She was hoping to re-home her pup as soon as possible so that he would not have to go to a shelter.

    The ad did not include much information about the dog, but Walter didn’t think anything of it because the pictures were so cute. He reached out to the woman to express his interest in adopting the pet, and even offered her references. She never asked any questions of him, but did request that he pay a “holding fee” and cover the charges to ship the animal from her location. Walter asked if he could just go pick up the dog so that they could meet in person, but the owner refused claiming she was too busy with the move.

     

    Did you spot the red flags?

    • Rehoming ads that do not include information on the pet, their personality, or health information can be a cause for concern.
    • A legitimate rehoming often involves the owner asking questions of the adopter or includes an adoption application.
    • Limiting in-person contact by not allowing a meet[1]and-greet is often a bad sign that the animal does not exist.

     

    What you should know about this scam

    One common pet adoption scam requires the adopter to pay for the “shipping cost” of the animal. The adopter is sent to a fraudulent website to input their information. The money is taken from their card, but the animal never arrives.

    Another way that scammers can easily steal money from potential adopters is by requiring a deposit to “reserve” the animal. Keep an eye out for suspicious forms of payment, as well, such as cash, wire transfer, or gift cards.

    Many classified / advertising websites ban the sale of animals, however, sellers can often skirt these rules by using the term “rehoming.” The easiest way to avoid pet adoption scams and stop the use of online forums to buy and sell animals, is to adopt from a reputable animal rescue / organization or from your local animal shelter.

  • Podcast: What’s the best email archiving solution for your RIA?

    Podcast: What’s the best email archiving solution for your RIA?

    Until recently, most RIAs had limited options for email archiving.  They choose between Smarsh and Global Relay.  However, Microsoft has emerged as a world-class player in this space – plus their email archiving features are part of the Microsoft subscription you’re already paying for.  In this podcast we discuss the Microsoft option and why Gartner has named it’s email archiving tools as a leader in their 2022 Magic Quadrant for Enterprise Information Archiving

     

    Tune in to learn more about the Microsoft option for email archiving at your RIA.

    • If your RIA is using Microsoft, you’re already paying for the email archiving features
    • Microsoft’s email archiving is SEC compliant and helps you meet your requirements
    • Gartner has named Microsoft as a leader alongside Smarsh and Global Relay for email archiving
    More information about email archiving for your RIA

    If you’re looking for more information on email archiving, we have these blogs that you might find helpful.


    Staying SEC-compliant with Microsoft’s email archiving

    SEC compliance is a critical aspect of any RIA practice in the United States. Failing to adhere to these rules can result in fines or …


    Read More →



    Smarsh vs. Global Relay vs. Microsoft: What should your RIA use for email archiving?

    Email archiving is a critical part of compliance for registered investment advisors (RIAs) and financial advisors like you. For one, the Securities and Exchange Commission …


    Read More →


    img blog IT staff at work teams 05


    Smarsh vs. Global Relay vs. Microsoft: Which is the superior eDiscovery solution?

    There are a number of eDiscovery solutions that come with robust search and filtering capabilities, but the most commonly used by financial services firms are …


    Read More →



    Email archiving at your RIA is about more than just compliance

    A lot of RIAs look for an email archiving solution to meet their compliance requirements. But the right solution will also help you deliver better …


    Read More →

    Need help with your email archiving?
    We can help you assess your email archiving needs and get you set up to work seamlessly and meet your IT compliance requirements.
    Get in touch today with your questions !


    Contact Us

  • Smarsh vs. Global Relay vs. Microsoft: Which is the superior eDiscovery solution?

    Smarsh vs. Global Relay vs. Microsoft: Which is the superior eDiscovery solution?

    There are a number of eDiscovery solutions that come with robust search and filtering capabilities, but the most commonly used by financial services firms are Smarsh, Global Relay, and Microsoft. Registered investment advisors (RIAs) and financial advisors like you need eDiscovery tools to automate and streamline the data review process, making it easy to find the data you need in the event of an audit or investigation.

    We talked about the email archiving solutions from each of these providers in a previous blog post, but in this article, we will focus on their eDiscovery features.

    We at RIA WorkSpace have used all three of these solutions and can say from experience that they are all reliable platforms. However, we recommend Microsoft to the RIAs we work with because:

    • Microsoft is constantly innovating and expanding its archiving and eDiscovery capabilities
    • Microsoft’s archiving solution captures data from various Microsoft 365 applications, giving you a complete picture of your firm’s electronic communications data
    • Microsoft’s eDiscovery tools come at no additional cost with certain Microsoft 365 subscriptions

    Still, we recognize that there are other solutions on the market that may be a better fit for your firm. Let’s take a look at what Smarsh, Global Relay, and Microsoft each have to offer so you can make an informed decision about which eDiscovery solution is right for you.

    Smarsh

    The Smarsh Enterprise Platform is a unified set of cloud-native capturing, archiving, and supervision tools that help you manage risk and draw insights from your electronic communications data.

    Enterprise Discovery is the platform’s eDiscovery solution. You can use it to collect, preserve, and review all your electronic communications data, including email, social media, and mobile communications. It indexes all of your content and maintains it in its originally captured format with context, so you can be confident that the data you’re reviewing is an accurate representation of what was actually said or written.

    The solution also touts extensive tagging and filtering capabilities and export options. These help you easily find the data you need, no matter how large or complex your data set may be. In addition, Enterprise Discovery integrates with Enterprise Warehouse and Enterprise Archive, so you can efficiently manage all your data from a single dashboard.

    Global Relay

    Global Relay Archive is an all-in-one cloud archiving system that captures, stores, and manages your business communications and other electronic data. It comes with a host of compliance-ready features, such as holistic surveillance, tamper-proof storage, and AI-powered eDiscovery.

    Specifically, Global Relay offers Discovery-as-a-Service (DaaS) that can help you find, gather, and present essential records for litigation, investigation, and compliance purposes. The company’s Data Services specialists work with you to understand your specific requirements, ensuring that you promptly retrieve all relevant documents and information. Additionally, your search data will be sent to you in your preferred format and secured with minimum AES-256 encryption.

    Global Relay’s DaaS offering is a cost-effective way to outsource your eDiscovery needs. This is especially helpful if your firm doesn’t have the budget or resources to manage eDiscovery in house.

    Microsoft

    If your RIA or financial advisory firm is subscribed to a Microsoft 365 plan, chances are you already have access to powerful eDiscovery tools. You can use these to search for, preserve, and export data from Exchange Online, OneDrive for Business, SharePoint Online, Microsoft Teams, Microsoft 365 Groups, or Yammer teams.

    In particular, Microsoft Purview offers three eDiscovery solutions: Content search, Core eDiscovery (Standard), and Advanced eDiscovery (Premium).

    • Content search – This solution enables you to find content across various Microsoft 365 data sources and download search results to a local computer.
    • Core eDiscovery – Besides letting you run content searches, this tool allows you to create and manage eDiscovery cases and place holds on content to preserve data indefinitely.
    • Advanced eDiscovery – In addition to content search and case management, this tool provides an end-to-end workflow to identify, preserve, collect, review, analyze, and export relevant data. It also offers analytics and machine learning-based predictive coding models to help you prioritize data for review.

    And because these tools are part of Microsoft 365, you can be confident that your data is stored and processed securely and compliantly in the cloud. Not only that, but you can also take advantage of Microsoft’s extensive support network for help with any eDiscovery-related concerns or questions you may have.

    So, which is the superior eDiscovery solution?

    Smarsh and Global Relay may have been the go-to archiving solutions for RIA and financial advisory firms. However, Microsoft is fast becoming a major player in this space with its comprehensive and user-friendly eDiscovery tools.

    Smarsh and Global Relay both offer reliable archiving and eDiscovery capabilities, but they haven’t really pushed the envelope in recent years. By contrast, Microsoft has been constantly innovating and expanding its offerings to meet the ever-changing needs of its users.

    In terms of features, Microsoft has significant advantages over its competitors. For instance, Microsoft lets you create company standards for data collection, which can be enforced across all users and devices. Microsoft’s archiving solution also doesn’t just archive email communications — it captures data from a variety of other Microsoft 365 applications, making it a more holistic solution that can give you a complete picture of your firm’s electronic communications data.

    Finally, Microsoft’s eDiscovery tools come at no additional cost if you have the right Microsoft 365 subscription. And while other vendors like Smarsh and Global Relay impose usage-based fees, Microsoft’s pricing is transparent and predictable.

    So, if you’re looking for a comprehensive, user-friendly, and cost-effective eDiscovery solution, Microsoft is hard to beat.

    If you’d like to get started with Microsoft’s archiving and eDiscovery solutions, RIA WorkSpace can help. Our team of experts can guide you through the process of setting up and using Microsoft’s tools, so your RIA or financial advisory firm can compliantly capture and preserve all your electronic communications data. Contact us today to learn more.

  • Is Google Cloud SEC-compliant?

    Is Google Cloud SEC-compliant?

    Many registered investment advisors (RIAs) and financial advisors use the Google Cloud Platform for email and data storage. This is because Google’s services are often more secure and reliable than traditional on-premises solutions. But can RIA and financial advisory firms be certain that their communications and data in Google Cloud are safe and compliant with relevant regulations and guidelines?

    In this article, we’ll explore how Google Cloud, when properly configured and used, can help RIAs and financial advisors like you comply with the Securities and Exchange Commission’s (SEC) requirements.

    SEC Rule 17a-4(f), CFTC Rule 1.31(c)-(d), and FINRA Rule 4511(c)

    Financial service institutions based in the United States are subject to a number of regulations with specific requirements on electronic records retention. These requirements include how long records must be kept, what format they should be kept in, and how easily they can be accessed in the event of an audit, among others.

    For example, under SEC Rule 17a-4(f), organizations must preserve certain records in a non-rewritable and non-erasable format — often referred to as “write once, read many,” or WORM format — for at least six years. Similarly, CFTC (Commodity Futures Trading Commission) Rule 1.31(c)-(d) requires firms to retain records related to commodity futures and options transactions in a format that cannot be altered, for at least five years.

    Meanwhile, FINRA (Financial Industry Regulatory Authority) Rule 4511(c) specifies that organizations must keep customer account information, including communications and transactions, for at least six years, in a format and medium compliant with SEC Rule 17a-4. And if the records pertain to an account that is still active, they must be kept for as long as the account remains open and six years following account closure.

    To meet these requirements, your RIA or financial advisory firm can take advantage of Google Cloud Storage Bucket Lock. This feature prevents objects in your Google Cloud Storage buckets from being modified or deleted for a certain amount of time, providing a WORM-compliant solution for long-term data storage and retention.

    You can find the steps for configuring Bucket Lock here. If you aren’t familiar with Google Cloud Storage and would rather have a certified professional do it for you, you can engage a Google Partner to configure Bucket Lock instead. They can help you ensure that your data is properly stored and secured, and that your organization meets all relevant compliance requirements.

    SEC Regulation SCI

    In 2014, the SEC adopted Regulation Systems Compliance and Integrity (Regulation SCI) to address “systems compliance and integrity risks” in the securities markets.

    Under the regulation, organizations that process accounting or financial information themselves or on behalf of their clients must establish, maintain, and test policies and procedures for the effective operation and monitoring of their systems. They must also have procedures in place for taking corrective action if any issues are identified and for promptly notifying the SEC of any significant problems.

    Google Cloud can help your RIA or financial advisory firm meet these obligations through a number of features and services. For instance, Google’s global infrastructure is designed for high availability and can help ensure that your systems remain operational in the event of a natural disaster, a public health crisis, and any other wide-scale disruption. Google also tests its business continuity and disaster recovery plans regularly, so you can be confident that your data is safe and accessible following an emergency or unforeseen outage.

    In addition, Google Cloud delivers cutting-edge security capabilities, such as identity and access management, data encryption, and malware prevention, to help you protect your systems and data from unauthorized access and malicious attacks. If any issues or potential incidents are detected, Google’s incident response team will immediately take corrective action and notify you of the situation.

    Finally, Google applications, systems, and services undergo regular reviews by both internal and external auditors to verify compliance with industry-standard security and privacy requirements. And by offering continuous assistance and support, Google can help you ensure that your own systems and processes meet the SEC’s requirements under Regulation SCI.

    All your RIA or financial advisory firm has to do is put the proper policies and procedures in place and utilize Google Cloud’s compliance-related features and services. Having an IT partner that knows the ins and outs of Google Cloud and how its features help RIAs, in particular, can be invaluable in getting everything set up correctly. They can also assist you with ongoing compliance monitoring and provide guidance if there are any changes to the SEC’s rules or regulations.

    SOX Act

    The Sarbanes-Oxley (SOX) Act of 2002 is a federal law that mandates organizations to observe certain practices in financial record keeping and reporting. Specifically, SOX Section 404 requires organizations to establish and maintain internal controls over their financial reporting processes, and to review these processes regularly. And while SOX compliance is typically associated with larger public companies, it also applies to private companies that process accounting or financial information on behalf of their clients.

    If your RIA or financial advisory firm falls into this category, then you need to take steps to ensure that the specific Google services you use meet SOX obligations. This could mean, for example, implementing Google’s security and access controls to restrict who can view or modify financial data stored in your firm’s Google Docs, Sheets, and Drive files. Or, it might involve setting up auditing and logging to track changes made to this data over time.

    But even though Google offers a number of services, features, and controls that can help you comply with SOX and other regulations, you still need to configure and use these correctly in order to achieve compliance. That’s why it’s crucial to partner with IT professionals who have experience working with RIA and financial advisory firms, like our team of experts at RIA WorkSpace. We can help you assess your specific needs and ensure that you’re using Google Cloud in the most secure and efficient way possible.

    Contact us today to learn more about how we can help make sure your IT infrastructure is compliant with SEC regulations.

  • Housing websites scams – SCAM OF THE MONTH

    Housing websites scams – SCAM OF THE MONTH

    Georgia was planning to move to a new city for her job, and so she started the search for a rental. Every day she checked top housing websites, keeping her eye out for the perfect one. To her dismay, there wasn’t much that her budget could afford in the area, but she kept looking.

    Until, she found it!

    A cute one bedroom with a park view. The price was listed well below other rentals in the area, but the Agent would be able to show her the property within the week (for a small fee). The owner was out of the country on business and so they did not want a lot of people in and out of the house unless they were serious.

    Before Georgia could respond to the Agent’s outreach with potential times to view the property, they replied that the week had already booked up with viewings. The Agent said the location wouldn’t last long with it’s low price, and recommended that Georgia skip the formalities and sign the lease, directly wiring the deposit to the owner, so that should could lock in the space.

     

    Did you spot the red flags?
    • The rental was much lower in price than that of the other properties in the area.
    • Georgia was requested to pay for a viewing, which is not a typical practice of viewing rental properties.
    • The Agent used high-pressure tactics to urge Georgia into placing a deposit quickly.

     

    What you should know about this scam

    Even legitimate housing websites can be host to fraudulent homes and rentals. Should you encounter such a scam, be sure to report it to the website or app where the post was listed.

    Wiring money is essentially the same as sending cash. Once it’s sent, it’s gone. If you wouldn’t feel comfortable sending cash for something like a deposit, think twice before agreeing to wire money.

    Scammers typically like to stay on-trend. And since summer is peak moving season for those considering a change in residence, use caution when looking into properties during these warmer months, or when searching around areas that have seen a lot of recent growth or an increase in population.

      
  • VoIP eavesdropping: How your SMB can prevent it

    VoIP eavesdropping: How your SMB can prevent it

    One of the biggest threats that can affect your company is Voice over Internet Protocol (VoIP) eavesdropping. This occurs when someone uses a software program to record or listen in on your VoIP calls without your permission. This can be done for malicious reasons, such as stealing trade secrets or committing fraud. To protect your business from such attacks, here are five handy tips:

    Change default usernames and passwords

    The first thing you need to do is to change the default password and username of your VoIP system. Many businesses don’t bother to do this, but it’s an essential security measure. By changing the default login credentials, you make it harder for hackers to gain access to your system. You can do this by logging into the admin panel of your VoIP system and changing the password.

    Keep your VoIP system updated

    Hackers are always looking for vulnerabilities in software. As such, it’s important to keep your VoIP system up to-date with the latest security patches. Check with your handset vendor regularly for updates and install them as soon as possible.

    Keep your session border controllers (SBCs) updated

    By doing so, you’ll be updating your VoIP’s antivirus software, which means your systems are better protected from all known types of malware. This also helps to ensure that your calls aren’t being rerouted through malicious VoIP servers, which could be used to eavesdrop on conversations.

    Use a VPN or SRTP

    Phone calls made over the internet are transmitted in the form of data packets. If these packets are intercepted, anyone can listen in on your conversations. To prevent this from happening, you need to encrypt your VoIP calls.

    You can do this by using a virtual private network, which encrypts all the data passing through your device. Alternatively, you can use Secure Real-Time Transport Protocol, a VoIP security protocol that encrypts voice calls.

    Train your employees

    Your employees need to be aware of the dangers of VoIP eavesdropping. Teach them not to give out confidential information over the phone and make sure they know how to spot signs that someone may be trying to listen in on their conversations.

    VoIP eavesdropping is a serious threat, but these steps you can take to protect your conversations. If you want to know more about how to secure your business, feel free to contact us today.

     

    Published with permission from TechAdvisory.org. Source.

  • Common cybersecurity terms explained

    Common cybersecurity terms explained

    With so many different IT security terms and concepts that you need to learn when running a business, where should you start? Diving into cybersecurity can be challenging, but learning about the most commonly used terms in IT security is a good place to start. Understand these basic terms so you’ll be better prepared to protect your business against cyberthreats.

    Malware

    For a long time, the phrase “computer virus” was misused to refer to any type of attack that harmed computers and networks. The more appropriate term for these harmful programs and files is “malicious software,” or “malware.” Whereas a virus is a specific type of malware designed to replicate itself, any software created for the purpose of destroying or accessing networks and data with the intent to steal, corrupt, or encrypt these should be referred to as malware.

    Ransomware

    Don’t let all other cyberthreats ending in “-ware” confuse you; they are all just subcategories of malware. Currently, one of the most notorious of these is ransomware, which is malware that encrypts valuable data until a ransom is paid for the decryption key. In a ransomware attack, the victim organization may feel compelled to pay the ransom to regain access to their data.

    Intrusion prevention system (IPS)

    There are several ways to safeguard your network from malware, but an IPS is one of the nonnegotiables. An IPS sits behind your company’s firewall and monitors for suspicious and malicious activity that can be halted before it can exploit or take advantage of a known vulnerability.

    Social engineering

    Not all types of malware rely solely on fancy computer programming. Experts agree that the majority of attacks require some form of social engineering to succeed. Social engineering is the act of tricking people, rather than computers, into revealing sensitive or protected information. For some cybercriminals, it’s less tedious to convince a potential victim to give them the data they need than to create and deploy complicated software to obtain the same information.

    Phishing

    Phishing is a type of social engineering scheme that involves defrauding people using an app or a website that impersonates a trustworthy or often well-known business in an attempt to obtain confidential information. Just because you received an email that says it’s from the IRS doesn’t mean that it is. Don’t take such emails at face value — always verify the source, especially if the emails are requesting your sensitive data.

    Antivirus

    Antivirus software is often misunderstood as a way to comprehensively secure your computers and workstations. These applications are just one piece of the cybersecurity puzzle and can only scan the drives on which they are installed for signs of well-known malware variants.

    Zero-day attacks

    When a vulnerability is found within a piece of software, vendors will release an update to fix the gap in security. However, cyberattackers can release a piece of malware that exploits the security vulnerability before software developers can address it. This is known as a zero-day attack.

    Patch

    When software developers discover a security vulnerability in their programming, they usually release a small file to update and “patch” this gap. Patches are essential to keeping your network secure from the vultures lurking on the internet. By checking for and installing patches as soon as these become available, you keep your software protected from the latest malware.

    Redundant data

    When antivirus software, patches, and intrusion prevention fail to keep your information secure, there’s only one thing that will: quarantined off-site storage. Duplicating your data offline and storing it somewhere other than your business’s workspace ensures that even if your systems get infected with malware, you’re equipped with backups to keep your business running.

     

    Our cybersecurity professionals are always available to impart more in-depth knowledge of the many different kinds of cyberthreats. Get in touch with us today and find out how we can help you with your IT security woes.

  • Smarsh vs. Global Relay vs. Microsoft: What should your RIA use for email archiving?

    Smarsh vs. Global Relay vs. Microsoft: What should your RIA use for email archiving?

    Email archiving is a critical part of compliance for registered investment advisors (RIAs) and financial advisors like you. For one, the Securities and Exchange Commission (SEC) requires that RIA and financial advisory firms preserve email communications for up to six years. The data must also be kept in a “write once, read many,” or WORM, format that cannot be altered. And if specific email data needs to be produced in an audit, having a system that can index and search content quickly and easily is key.

    Therefore, it’s crucial that you choose an email archiving solution that is both reliable and easy to use. In this blog post, we’ll compare three of the most popular email archiving solutions for RIAs and financial advisors and help you decide which is the best for your firm.

    Smarsh

    Smarsh offers a slew of comprehensive capturing, archiving, eDiscovery, supervision, and surveillance solutions for email, social media, and mobile communications. Smarsh’s Professiona l Archive, in particular, is a platform designed for small teams and businesses that need to archive email and meet compliance requirements.

    Smarsh has a few key features that make it a good email archiving solution for RIA and financial advisory firms. First, its email retention policies can be customized to meet regulatory requirements set by the SEC, the Financial Industry Regulatory Authority (FINRA), and other regulatory bodies. Second, email data can be exported in a variety of formats for easy review and analysis. Third, Smarsh integrates with leading email platforms like Microsoft Exchange and Redtail Email, so you can continue using the email client you’re already comfortable with.

    Finally, Smarsh continually updates its software to support new communication channels and custom or third-party content, allowing you to implement new technologies and compliance strategies as needed.

    Global Relay

    Global Relay’s main archiving product is Global Relay Archive, which offers compliance-ready capture, storage, and search for unstructured data like email, instant messages, voice calls, and files. It has supervisory and eDiscovery tools powered by artificial intelligence (AI), as well as real-time analytics and timeline visualizations to help you unearth actionable business insights.

    The features that make Global Relay Archive especially useful for RIAs and financial advisors are its embedded workspaces and workflows. These and the archive’s integrated collaboration capabilities allow you to manage email data more efficiently and comply with regulations more smoothly. And with Global Relay’s flexible, AI-enabled tools, you can easily conduct investigations, monitor employee behavior, and uncover hidden risks and opportunities.

    Global Relay Archive is designed to meet the strict recordkeeping requirements of the SEC, FINRA, and the Commodity Futures Trading Commission, among other regulatory organizations. It also integrates with email platforms like Microsoft Exchange and Gmail, as well as popular collaboration apps like Microsoft Teams and Slack. These features make it a good email archiving solution for firms that use a variety of email and collaboration tools.

    Microsoft

    Microsoft’s email archiving solution, Exchange Online Archiving, is a cloud-based, enterprise-class service that helps you meet email retention requirements and discover email data with ease. It offers a variety of features that make email archiving easier, including policy-based retention, in-place holds, and automatic patching. If your firm has deployed Microsoft Exchange Server 2013/2016/2019 or is subscribed to certain Exchange Online or Microsoft 365 plans, then you already have Exchange Online Archiving.

    Security and compliance are two of the main reasons RIAs and financial advisors need to archive email, and Microsoft’s archiving solution offers both. It’s designed to meet the email retention requirements of the SEC, FINRA, and other organizations, and it integrates with Microsoft 365 security and compliance solutions like Azure Information Protection and Advanced Threat Protection.

    Not only is Microsoft’s archiving solution easy to use and manage, but it’s also compatible with a wide range of email clients and apps. This means it’s also a good choice for firms that use email platforms other than Microsoft Exchange. What’s more, Exchange Online Archiving is constantly updated to support new email technologies and compliance requirements, so you can be sure that your email archiving solution will keep up with the latest changes.

    The verdict

    So, which email archiving solution is the best for RIAs and financial advisors? All three email archiving solutions discussed here have their own strengths and weaknesses, so the answer to this question depends on your firm’s specific needs and requirements. However, if your firm uses Microsoft products and services extensively, Exchange Online Archiving may be your best bet. It’s easiest to use and manage if you’re already familiar with the Microsoft environment, plus you get to save on email archiving costs since you may already have a subscription to the service.

    It will do you good to carefully assess your email archiving needs or ask for expert advice before making a decision.

    Our specialists at RIA WorkSpace can help you learn more about email archiving solutions and find the one that suits your RIA or financial advisory firm the best. Get started by scheduling a consultation with us today.