RIA Workspace

Blog

  • Microsoft Authenticator: Secure authentication for RIAs and financial advisors

    Microsoft Authenticator: Secure authentication for RIAs and financial advisors

    Registered investment advisors (RIAs) and financial advisors like you are always looking for the best way to protect your online accounts and your clients’ data. You want to make sure that only authorized individuals can access confidential information, and that if someone tries to hack into any of your accounts, they won’t be able to do so.

    One way to add an extra layer of security to your login process is to enable multifactor authentication (MFA). MFA requires users to provide two or more pieces of evidence — also called “factors” — to verify their identity before they can access an account. These factors include:

    • Knowledge factors – something you know, like a password or a personal identification number
    • Possession factors – something you have, like a one-time password (OTP) sent to your mobile phone number or a unique code generated by an authentication app
    • Inherence factors – something inherent to you as an individual, like a fingerprint or a retina scan
    • Location factors – somewhere you are, like your IP or MAC address
    • Behavior factors – something you do, like recreating a specific pattern or picture password

    SMS-based authentication has been the most popular form of MFA, but it’s not the most secure. Hackers can intercept the text messages containing the OTPs and use them to access accounts. For RIAs and financial advisors like you, using the Microsoft Authenticator app is a more secure alternative.

    Related reading: Biometrics authentication for data security at your RIA

    What is Microsoft Authenticator?

    Microsoft Authenticator is a mobile app that provides an extra layer of security when you’re logging in to your Microsoft account or other accounts that support two-factor authentication. You can use the app in multiple ways, including:

    • As a replacement for text message-based OTPs – When you’re logging in to your account, Microsoft Authenticator will generate a unique code that you’ll enter as the second factor.
    • To sign in without a password – When you’re logging in to your work or personal Microsoft account, you can choose to use the app as your primary login method. You’ll enter your username and then scan your fingerprint or face or enter your PIN on your mobile phone.
    • To approve sign-ins – You can set up Microsoft Authenticator so that you’ll get a notification on your phone whenever someone tries to sign in to your account. You can then approve or deny the sign-in attempt with just a tap.

    What are the benefits of using Microsoft Authenticator?

    The Microsoft Authenticator app is more secure than SMS-based authentication because hackers can’t intercept the time-based codes generated by the app. Unless they have your phone, they won’t be able to access your online accounts. What’s more, Microsoft regularly updates the app with new security features, so you can be sure that your logins are as safe as possible.

    In addition to being more secure, Microsoft Authenticator is also more convenient because the codes and prompts are generated automatically. This means you can sign in to your account right away without having to wait for a text message with the OTP.

    And because the Authenticator app is part of the Microsoft platform, it’s easy for RIAs and financial advisors like you who are already using Microsoft products to add an extra layer of security to your login process. You can be sure that the setup process will be painless and integration with your existing workflow will be seamless.

    Related reading: Why your RIA should use multi factor authentication tools from Microsoft

    How do you set up Microsoft Authenticator?

    Before you can start using Microsoft Authenticator, you’ll need to download the latest version of the app from the App Store or Google Play.

    You’ll also need to add your work, personal, and third-party accounts to the app. Here’s how to do this:

    1. Open the Authenticator app.
    2. Tap the plus sign (+) in the upper-right corner.
    3. Scan the QR code or follow the instructions provided in your account settings.

    For detailed instructions on how to set up different accounts, check out the following Microsoft support pages:

    Once you’ve added your accounts, you’re ready to start using Microsoft Authenticator for secure sign-ins.

    Stay ahead of the curve with Microsoft Authenticator

    As more and more companies move to adopt MFA, it’s important to choose a solution that is both secure and convenient. Microsoft Authenticator meets both of these criteria, making it the ideal choice for RIAs and financial advisory firms that constantly handle sensitive data.

    If you need help getting started or want more information on how to secure your RIA or financial advisory firm, contact RIA WorkSpace today.

  • How to secure your personal information on Facebook and Twitter

    How to secure your personal information on Facebook and Twitter

    Millions of people use social media every day to stay connected with friends, family, colleagues, customers, and more. However, many don’t realize that they are also putting their personal data at risk by not taking the proper precautions to safeguard their accounts. In this blog post, we will discuss some tips on how to protect your Facebook and Twitter accounts from hackers.

    Lock your screen

    Always lock all your devices as soon as you stop using them. This way, you are safe from the simplest hack of all: someone opening a social media site on your device while your account is still signed in.

    Locking your phone is easy enough, but in case you didn’t know, here’s how to lock your computer:

    On a Mac:

    • Press Ctrl+Command+Q.
    • Click the Apple logo on the top left corner of the screen, and select Lock screen.

    On a Windows device:

    • Press Windows key+L.
    • If there are multiple users using the device, click the Start button on the bottom left corner of the screen, then select User > Lock.

    Use strong passwords

    One of the easiest ways for hackers to gain access to your account is by launching brute force attacks to guess a weak or easily guessed password. Be sure to use a strong password that is at least eight characters long and includes a mix of uppercase and lowercase letters, numbers, and symbols. It’s also a good idea to change your password regularly to further reduce the risk of someone gaining access to your account.

    It is best to use a password manager like 1PasswordLastPass, or Dashlane, as these allow you to generate, save, and retrieve complex passwords.

    You can also enable multifactor authentication, which requires users to fulfill at least one more identity verification step after entering their username and password. The extra step or steps can involve scanning your fingerprint or entering a one-time passcode on an authentication app. Even if hackers have your password, they won’t be able to log in to your account without the additional authentication requirements.

    Enable social media security features

    Facebook can help you monitor who’s accessing your account and from where. On any web browser, log in to Facebook and click on Your profile, which is the icon located at the upper-right corner of the page. Select Settings & privacy, then click Settings > Accounts Center. From the Accounts Center, choose Password and security to get more information.

    Under the “Where you’re logged in” section, you’ll see a list of the places and devices you’re logged into. If you don’t recognize a particular location or device, that means someone else has logged in as you and is likely using your account for fraudulent or malicious purposes. Log them out by clicking the checkbox on the row indicating the malicious login and selecting Log out, and then report the incident immediately.

    Unfortunately, as of this writing, Twitter doesn’t have the same option of checking unrecognized logins. This makes implementing two-factor authentication even more necessary.

    Hackers can also take over your Facebook and Twitter accounts through third-party services to which you’ve given access to your profiles, so make sure to double-check what you have approved. Here’s how to do it:

    • Facebook: Go to Settings > Accounts Center > Password and security > Apps and websites to view and manage third-party services that use Facebook to log you into the accounts you have with them.
    • Twitter: Go to Settings and privacy > Security and account access > Apps and sessions to check and edit the list of third-party apps linked to your account.

    Lastly, check the permissions Facebook and Twitter have on your smartphone or tablet.

    • Android: Go to Settings > Apps > App permissions.
    • iOS: Go to Settings and find Facebook and Twitter under the app list to manage which parts or features of your phone (such as the camera and speaker) they have access to.

    Post less personal information online

    As much as we all love to share our lives with others on social media, it’s important to remember that not everything needs to be shared online. Hackers can use information like your birthdate, home address, and phone number to gain access to your accounts or even steal your identity. So, limit the amount of personal information you share on social media and think twice before posting anything that could be used against you.

    By following these tips, you can significantly prevent Facebook and Twitter hacking.

    Cybersecurity is a sprawling issue — and social media privacy is but one of the many things you need to stay on top of. For 24/7 support, call our team of experts today.

  • Donation scams – SCAM OF THE MONTH

    Donation scams – SCAM OF THE MONTH

    Lola has been scammed! She donated to a charity through social media without doing any pre-emptive research, and now she’s lost over a thousand dollars in gift cards and believes her personal information may have been stolen.

    Lola has watched enough TV Scam Dramas to know that there were a lot of red flags she ignored, and probably shouldn’t have. She’s completely embarrassed and has kept her indiscretion quiet amongst family and friends, fearing that she’ll be judged.

    Now she’s beating herself up, suffering in silence, and just wants to forget this ever happened. This was a lot of money to lose, but the social media page seemed so official, and the cause really spoke to her. Lola feels so silly and can’t believe that she was actually caught up in a situation she only had ever seen on TV.

    Did you spot the red flags?

    • Lola ignored the red flags. In hindsight it’s easy to see the clear red flags, but even when going through the motions, it’s important to listen to those little feelings of uncertainty.
    • Lola kept the incident to herself. Not only is the support of family and friends something that could benefit her at this time but sharing her story may help others not fall for the same scam.
    • Lola also feared her personal information was stolen. Documenting this incident and reporting it to the proper agencies is an important next step that Lola needs to take.

    What you should know about this scam

    People fall for scams all the time, and it can feel embarrassing, but when you share your story with friends and family, you’re better preparing your loved ones should a similar scam come their way.

    When you do fall for a scam, it’s important to also share the incident with your local agencies / authorities, as well. Your report can help these agencies track scam patterns and keep others from experiencing the same thing.

    Scammers thrive when those they’ve scammed stay silent. Word of mouth and the sharing of scam stories is a simple way you can help break this cycle, bringing these scams to light so that others will not have to navigate the internet in the dark.

  • Migrating from AWS to Microsoft Azure: A guide for RIAs

    Migrating from AWS to Microsoft Azure: A guide for RIAs

    A reliable cloud platform is essential to the success of any modern small- or mid-sized business. And while Amazon Web Services (AWS) is a popular choice for many businesses, Microsoft Azure is an equally excellent, if not better, option for Registered Investment Advisors (RIAs) and financial advisors like you. You need a platform that’s productive, secure, and compliant — and Azure hits all those marks. 

    Here’s a look at why migrating from AWS to Azure makes sense for RIA and financial advisory firms, as well as how to make the transition painless.

    Which is better for RIAs: AWS or Azure?

    Amazon and Microsoft are two of the biggest names in cloud computing, and for good reason. They are both reliable, offer a ton of features, and are constantly expanding their offerings. However, there are several reasons why Azure may be a better fit for RIAs and financial advisors.

    First and foremost, Azure is built on a true hybrid cloud infrastructure. It can make it easy to connect your on-premises applications and data to the cloud. In contrast, AWS is more focused on delivering a pure public cloud experience. That is, it’s designed to run applications and store data exclusively in the cloud.

    If you’re like most RIA firms, you probably have some legacy applications and business or client information that you can’t or don’t want to move to the cloud. Azure makes it easy to keep those applications running while also taking advantage of the cloud’s scalable and flexible storage.

    Related reading: Best Cloud Storage for Businesses

    Azure also comes with a number of features and services that are specifically designed for compliance-sensitive industries like financial services. For example, Azure Active Directory and Azure Information Protection can help you meet stringent data security and privacy requirements set by the Securities and Exchange Commission and the Financial Industry Regulatory Authority.

    Learn more about Microsoft supporting your IT compliance with email archiving and Microsoft Teams.

    Additionally, Azure offers a number of productivity-enhancing features, such as built-in machine learning and artificial intelligence capabilities. And because Azure is part of the Microsoft ecosystem, it integrates seamlessly with other Microsoft solutions like Microsoft 365 apps and Power BI. This can boost productivity by making it easy for your employees to access the tools and information they need, when they need it.

    Finally, Azure is more cost-effective than AWS if you already use Microsoft products and services. AWS is five times more expensive than Azure for Windows Server and SQL Server workloads. By migrating to Azure, you can take advantage of your existing Microsoft licenses and save a significant amount of money.

    How to make the move to Azure

    Now that we’ve looked at some of the reasons Azure is a great fit for RIAs and financial advisors, let’s talk about how to transition from AWS to Azure.

    The first thing you need to do is take inventory of your applications and data. This will help you determine which software and information can be moved to Azure and which need to stay on premises.

    You also need to consider how you will connect your on-premises applications and data to Azure. There are a number of different options available, so it’s important to work with your IT provider to find the best solution for your needs.

    The next step is to perform the actual migration process. This is where working with an experienced IT provider can really come in handy. They will be able to help you move your applications and data quickly and efficiently, with minimal business disruptions and downtime.

    Finally, you need to think about how you will manage and monitor your Azure environment after the migration. Azure provides a number of tools and services to help you do this, but working with an experienced IT provider can make the process much easier. They’ll help you create a plan to ensure that your cloud applications and data are always available and secure.

    Working with the right provider is key

    Migrating from AWS to Azure doesn’t have to be a daunting task. By working with an IT provider that specializes in technology solutions for RIAs, like RIA WorkSpace, you can transition quickly and painlessly. And by taking advantage of Azure’s many features and benefits, you can significantly improve your RIA or financial advisory firm’s productivity, security, and compliance.

    If you’re ready to learn more about how Azure can benefit your business, contact RIA WorkSpace today. Our experts will be happy to answer any questions you have and help you get started with your cloud migration.

  • RIA Firm Goes from Managing Their IT Vendor to a Vendor Managing Their IT

    RIA Firm Goes from Managing Their IT Vendor to a Vendor Managing Their IT


    Download as a PDF

    A New Jersey-based RIA firm made the decision to partner with RIA WorkSpace after struggling with their existing IT vendor.  This company, whose name is withheld for confidentiality, interviewed multiple vendors in their search for a replacement MSP but their decision to work with RIA WorkSpace came down to three main things: 

    • RIA WorkSpace was intimately familiar with their industry 
    • They felt it was important to have a proactive and process-driven IT partner
    • The RIA team was competent, courteous, and assigned specifically to them

     

    This RIA came to RIA WorkSpace with three primary challenges, the biggest of which was the amount of time they spent managing their IT and their previous vendor.  Today, they have a comprehensive solution that is fully and proactively managed and requires very little commitment from them. 

    3 Key challenges

    As an RIA firm of around 25 employees with multiple locations, they had their business down to a science — except when it came to their IT management.  They were working with a managed service provider (MSP) to manage their IT, but it was obvious the provider did not fully understand their needs. 

     
    1. Their Chief Financial Strategist had to manage their IT vendor

    The main point of contact with their previous MSP was the firm’s Chief Financial Strategist (CFS).  Because the MSP was not providing strategic advice or proactively making recommendations for ongoing improvements, the burden was on the CFS. 

    • The CFS was spending half his time on IT instead of other responsibilities where he was needed and added more value
    • The CFS and management team were always worried about potential IT security or compliance risks
    • Management felt that their IT was “all over the place” with frequent changes because there was no strategic, technical direction
    • All important recommendations and decisions were coming from the CFS instead of the MSP. For example, he and his team proposed to their MSP that the firm needed email encryption, even though this technology should have already been in place.
     
    2. Their existing vendor didn’t understand the unique needs of RIAs and financial advisors

    Because RIAs and financial advisors have such high standards to meet for security and compliance, a properly secured network is crucial.  It was clear that their previous vendor didn’t understand these unique needs and the RIA knew there were some vulnerabilities in their network.  The RIA knew there was a better, more comprehensive way to do things but weren’t getting it from their vendor.  In particular, they needed improvements with the following:

    • Data loss prevention tools. They started down this path but stopped because nobody understood how to implement it properly
    • Tools like email encryption, email archiving, and single sign on were not configured or being used properly
    • Not all endpoints were secured properly. Multiple devices were accessing the network without proper security
    • When an employee left the company they were unsure how to ensure their personal devices could no longer access company data or networks.
     
    3. They wanted a single solution, not a patchwork

    The RIA was aware of some of the tools and solutions they needed to be secure, productive, and compliant.  However, they aren’t IT professionals and looked to their MSP to catch inconsistencies and gaps in the system.  Their existing vendor was not helping them meet their high standards for their RIA IT compliance, which resulted in the following:

    • They had to rely on a patchwork system that used multiple third-party programs.  This did not feel comprehensive, and their firm wanted a single solution for every IT-related issue.
    • They didn’t have a standardized solution for all devices across multiple locations.  Some of their offices had different setups and many devices were not secured properly yet had access to their network.
    • They needed help understanding the best practices for their IT management.  They are a tech-savvy firm that wanted to have the best solution in place and were interested in learning how to use their technology to be progressive.
    • Remote offices and contract employees were set up with remote access that didn’t work for them.
    • Their vendor had a lack of reliable customer service, especially with regard to their remote offices.

    The solution

    When this RIA started working with RIA WorkSpace, they immediately appreciated that it understood the RIA industry and their needs.  It was a seamless transition to the RIA WorkSpace platform because they were already using Microsoft.

    The switchover of all offices, users, and devices happened over a one-month period.  The RIA lost little time and experienced no interruptions during the onboarding phase.  RIA WorkSpace even accounted for the firm’s different locations and time zones to prepare for their cutover — a solution that required no downtime.

    A single, consistent solution that’s secure and compliant

    With their new setup, they no longer have a patchworked network and everything is managed with a single solution.  All offices and devices are set up consistently. Everything has been properly configured to meet their security and compliance requirements, including:

    • Single sign-on
    • Email encryption
    • Email archiving
    • Data loss prevention
    • Multi-factor authentication

    Related Reading: RIA Cybersecurity Checklist: 29 Priorities to Secure Your Firm

    Microsoft tools instead of third-party apps 

    Many of the third-party apps this RIA was using were doing things that their existing Microsoft subscription could do for them — and in some cases, do better.  The RIA WorkSpace platform includes properly configured Microsoft tools for endpoint security, backup, and email archiving so that third-party apps were not required. 

     
    A dedicated team managing IT strategy and customer service

    The RIA firm was assigned a dedicated team of capable technicians.  The primary technician, Fred, acts as their go-to person whenever they have questions about their IT.  He also makes recommendations about new tools and necessary improvements.

    Key outcomes

    Peace-of-mind security and compliance 
    • The RIA knows that they have best-in-class solutions for their security, and they meet all SEC IT Compliance requirements.
    • When the RIA started working with RIA WorkSpace, their Microsoft Secure Score was 22. Within 90 days of transitioning to the platform, RIA WorkSpace was able to achieve a score of over 70.
     
    Cost-effective and efficient single solution 
    • The patchworked network has been replaced with a single solution managed seamlessly by the RIA WorkSpace team. 
    • The RIA no longer needs to pay or manage the third-party apps they had in place previously.
     
    Less time spent managing their IT 
    • The chief financial strategist has moved from spending almost half his time on IT to spending virtually no time on it. He’s now only required to make strategic decisions based on recommendations from RIA WorkSpace.
    • The RIA assigned a new liaison to work with RIA WorkSpace when necessary for day-to-day needs. This only requires a small-time commitment.
     
    Improved customer service 
    • Since May 2021, the average response time for an IT service request is under 6 minutes. This is a response time, which means RIA WorkSpace acknowledges the request, reviews it, and assigns it to the right technician.  All service requests are assessed for their urgency and critical issues are prioritized.
    • In 2022, RIA WorkSpace received 18 comments on their service tickets, all of which were 100% positive. Examples of feedback on service tickets include:
      • “Fred was prompt, courteous, and got to the bottom of the problem.”
      • “Fred did great, he handled my issues quickly and explained things along the way.”
      • “Responding via email was much easier for quick items!”
      • “Fred is always very helpful and always finds a resolution to every issue, regardless of how long it takes.”
      • “Everything added to my computer and is working perfectly.”
      • “Excellent customer service and response time.”
      • “Very quick response time & helpful information.” 

    Serving the IT needs of RIAs

    The RIA firm went from managing their IT vendor to having their vendor manage their IT.  They were given proper instruction on how to use their tools and received a comprehensive solution that remedied their IT problems — no matter the location, device, or complexity.  RIA WorkSpace knew about the RIA firm’s high standards when it came to cybersecurity and the importance of their business continuity.  At the end of the day, RIA WorkSpace helped them be productive, secure, compliant, and less focused on their IT.

    Learn more about RIA WorkSpace and how it can support your firm.

  • Social quizzes scams – SCAM OF THE MONTH

    Social quizzes scams – SCAM OF THE MONTH

    Peter practically lives on Social Media. It’s so convenient to stay connected with friends and family, and he loves that he can easily access other websites by connecting to his social media account with the click of a button.

    In his free time, Peter enjoys the quizzes and community building activities that circle the platform. Just this week, he joined in to wish this year’s graduating seniors well by posting his own graduation picture with #CongratsGrads. And the week before, he discovered that his Hogwarts house was Gryffindor, along with 7 of his other friends who took the quiz.

    Now, he’s been tagged to do an “about me” challenge, to see if his friend’s really know his favorite color, mother’s maiden name, or his first car. But, when trying to sign in, he realized he’s been blocked out. He also can’t access several other accounts, including his social media, bank, and even work accounts. He’s been hacked!

    It’s hard to pinpoint what activity led to the breach, but since Peter never took the time to adjust his privacy settings, nor come up with a unique password, anyone, including hackers, were free to lurk around his personal information and easily brute force their way into his account.

    Did you spot the red flags?

    • Peter never adjusted his privacy settings, allowing for hackers to view his personal information. His graduation post, for example, was not only easily searchable through the hashtag, but also included his picture with his school and year of graduation, which is often used as a credential.
    • Peter had a weak password. He then, used his social media credentials for a quick sign-in to third-party sites. This is often a recipe for disaster.
    • Oversharing tends to coincide with social media quizzes and challenges. Peter should have further considered the information he was disclosing before hitting “post.”

    What you should know about this scam

    Though not all social quizzes are maliciously gathering your personal information, it is smart to read a quiz’s terms of service before playing so that you’re aware of the type of information the company is collecting, and how it will be used.

    It’s also good to consider the kinds of questions a quiz is asking. Even simple ones like: where were you born, where did you go on your first flight, or who’s your childhood best friend, are the exact same questions asked when setting up your accounts’ security questions.

    Only 44% of Americans utilize/take advantage of privacy settings on accounts. At a minimum, best practice is to hide these key pieces of PII from public view on your social media accounts: your phone number, birth date, email address, and location.

  • How to Protect Client Data

    How to Protect Client Data

    Protecting client data is critical to your customer and supplier trust and loyalty, so it’s important to know how to protect that data. Running a company or owning a business means you deal with important information and customer data all the time — and it’s pivotal that you protect it. 

    If you have no steps in place to protect your customer data, you’re exposed to hacks and data breaches, which could lead to customer dissatisfaction, loss of business, lawsuits, and so much more.  

    Protecting client data is also a big factor for regulatory compliance requirements, and not adhering to these regulations could put your business at risk. We work with registered investment advisors (RIAs) and financial advisors, who are highly regulated and have to set high standards for their IT compliance. The best strategy is to protect your documents with appropriate policies, access management, and permission portals. But, without the right software, this may be difficult to achieve. 

    That’s where data loss prevention tools come into play. When these tools are configured properly, you can prevent accidental or intentional data loss.  

    Let’s look at some straightforward tools Microsoft has in place to keep your client data protected and safe from security breaches. 

    Microsoft Data Loss Prevention 

    A company as monumental as Microsoft needs to ensure data protection for its customers and guarantee that it has top-of-the-range security. That’s why Microsoft has a feature called Data Loss Prevention (DLP). 

    DLP is geared by policies that determine how certain information is regulated and how it is stored. These conditions work through emails, files, and attachments and create rules, exceptions, and actions for users in the admin center. This allows you to examine which content meets these guidelines and policies and which does not. 

    In-tune Mobile Application Management Without Device Enrollment 

    Microsoft Office 365 takes initiative when it comes to preventing data loss and creating a pleasant end-user experience for its customers. 

    This is achieved through the creative capabilities of a feature called Microsoft Intune. Intune is designed to automatically enhance security through Microsoft applications. This includes features like encryption, cut, copy, paste, and save, which are already enforced through personal and work accounts. 

    We work with RIAs and Financial Advisors who manage a great deal of confidential information for their clients, indicating that data protection is crucial for the end user. We’ve learned that Microsoft offers many data management solutions for RIAs as well as solutions to prevent data loss for their users. 

    Intune allows for work data to be protected while personal data remains untouched in the same Office 365 applications. Essentially, it can be customized by the end user, for the end user, optimizing security according to their needs.

    An additional benefit is that this whole feature is simple to configure. All you need to do is 

    • Enable Office 365 and EMS subscriptions 
    • Log into the new Azure portal
    • Create an Intune mobile application management policy 

    By setting up data loss prevention and user groups, you are minimizing your risk of data breaches. 

    In-transit Data Protection

    In addition to Microsoft’s efforts to protect data loss and incorporate Intune features, the company also provides several options for end users when it comes to keeping their data safe in transit. 

    In brief, data is in transit when any of the following happens: 

    • A client device communicates with a Microsoft server
    • One Microsoft server communicates with another
    • A Microsoft server communicates with a non-Microsoft server

    Microsoft Office 365 has made sure that the end user’s data is concealed so that no one has access to the data when in transit, which guarantees security. Additionally, it makes use of Media Access Control security (MACsec) for further security and confidentiality. 

    At the end of the day, your business relies on protecting end users’ data, whether it be credit card details or Social Security information. There’s no better time than now to make sure your systems are not vulnerable and ensure that your data is being protected.  

    The well-trained specialists at Ria WorkSpace are always available to assist you with data loss prevention and more. Contact us today for an assessment!

  • RIA IT Compliance Requirements Checklist

    RIA IT Compliance Requirements Checklist

    Financial services are among the most heavily regulated industries, with plenty of laws and policies to ensure everyone operates legally and fairly. Consequently, there are many procedures and guidelines to help financial service providers, including registered investment advisors (RIAs), stay in compliance with the law.

    The U.S. Securities and Exchange Commission (SEC) is the main overseer of this industry and proposes as well as supervises the regulation of the security industry. RIAs have to abide by SEC’s Rule 17a-4(f), which defines the requirements and standards for storing books and records electronically in order to be IT compliant. 

    IT Compliance With Microsoft

    IT compliance can be quite a challenge to maintain. Using Microsoft tools such as Azure and Office 365 can make it easier to improve and maintain compliance with these regulations. For example, Microsoft Azure Immutable Blob Storage with Policy Lock and Microsoft Office 365 with Preservation Lock can help RIAs and financial advisors maintain non-rewritable and non-erasable data.

    Immutable storage for Azure Blob storage allows users to store data in a write once read many (WORM) format, ensuring that data cannot be modified once stored. Additionally, the data cannot be deleted for a specified period, enabling users to meet SEC’s record retention policies. 

    Microsoft can also help with the 90-day notice required before you employ electronic record storage. Customers can get the Attestation of Electronic Storage Media Services letter by sending a support ticket on the Azure portal. The required assurances and compliance representation are also offered alongside the 90-day notification. 

    Microsoft 365 also has archiving features that enable customers to retain data such as emails, documents, and third-party data. Customers can also set archival policies that define what data to store, the data storage period, and keep the archive non-rewriteable and non-erasable. 

     

    IT Compliance Requirements Checklist

    Record requirements

    The SEC has plenty of regulations to monitor how you store your data. Some of these requirements include:

    Non-Rewriteable, Non-Erasable Record Format

    Your records must be stored in a non-rewriteable, non-erasable format. The rule is designed to guarantee that should the data be required later, you can accurately reproduce it without changes. You should store the records for the required retention period as well as beyond, in case it is required for special circumstances like external investigations and legal matters. 

    Accurate Recording Process

    The records on your system should be precisely the same as the ones recorded during the transaction. This requirement demands that the quality and accuracy of your data capture and storage processes be verified. 

    Duplicate Copy of the Records Stored Separately

    You’ll need to store a duplicate copy of your records in a separate medium from your original, in case something happens to the original copy. This requirement is important to maintain access to accurate information even when the primary copy is lost or damaged. 

    Serialize the Original and Duplicate Units of Storage Media 

    While storing your data, you’ll also need to capture the order in which they are saved. Serializing both the original and duplicate records ensures their accuracy and improves accessibility. If you know the order in which your records were stored, you can easily locate specific records. Records stored in their proper order also helps you make sure that your storage process works as intended.

    Index Requirements

    An index is a unique identifier that differentiates records from each other. The SEC’s requirements for these indexes include:

    Organization and Accuracy of Indexes 

    You are required to organize all your data, both original and duplicate copies, and assign indexes to them appropriately. By doing this you make sure that all records can be uniquely identified, searched, and retrieved easily. 

    Duplicate Copy of the Index Stored Separately 

    Just as with the records, the SEC also requires that you store a duplicate copy of the index separately from the original. By doing so, you ensure that the index can still be accessed should the original be lost or damaged. 

    Preservation of Indexes

    Since the SEC requires that records be kept for a specified period, the original and duplicate indexes should also be available during this period. When you comply, you ensure that as long as the records are stored, they can be searched and accessed using the index. 

    Availability of Indexes for Examination

    In addition to keeping these indexes, you need also to make your indexes available to the SEC or other regulatory organization upon request. Electronic copies of the index may also be needed and should be available for examination. 

    Capacity to Download Indexes and Records

    Besides accessing your records and indexes, the SEC or other regulatory organizations may sometimes need to get a copy of them. Your system must be able to download records and indexes in the specified format whenever needed. 

    Production of Information

    Production of Images for Examination.

    Images are the electronic records as they are stored on your system. Some of the formats data is stored include CSV, JSON, and XML. Since they cannot be directly read in these formats, you are required to provide a human-readable form or reproduction of your records through a website, an application or any other available method. 

    Reproduction of Images Provided to Regulators

    This requirement stipulates that the SEC or other regulatory body should have access to your records in paper or any other format or medium as needed. It’s important that if requested, you’re able to locate and retrieve those records.  

    Availability of Information to Access Records and Indexes

    This requirement stipulates that you maintain current information on the system required to access records and indexes and provide it on request from the SEC or other regulatory body. 

    Audit System 

    This requirement specifies that you must have an audit system to ensure accountability in your record input process. The audit system ensures that data such as the time, staff member, and any action taken on the system are recorded to track both the inputs and any changes made on the records. 

    Availability of Audit System for Examination 

    This provision ensures that your audit system and its results are available for examination whenever requested by the SEC or other regulatory organizations. You also need to store the results of your system audit for as long as you’re keeping the records. 

    90-Day Notification and Compliance Representation

    You’ll need to inform the relevant regulatory organizations at least 90 days before you begin storing records electronically. You must also prove that your selected storage system complies with SEC policies. You can do this yourself, or your storage medium vendor or any other qualified third party can represent you. 

    Designated Third Party Requirement

    You’ll need to have at least one third party, also known as the undersigned, who has access to and can download all the data on your electronic system. This requirement makes sure that the regulatory body can still access the records and indexes should you be unavailable. 

    Conclusion

    IT compliance is essential to any RIA firm, ensuring that it operates within the law while offering clients the confidence that all transactions are appropriately regulated. No matter the size of your firm, there is no escaping the regulations and policies that govern the industry. With this RIA compliance requirements checklist, you’re on your way to understanding what you need to do to maintain compliance with the SEC. 

    At RIA WorkSpace, we understand that IT compliance can be a challenge alongside all the daily operations that you have going. Most RIA firms have to deal with plenty of IT compliance issues, from handling SEC interactions to being compliant with financial advice. Compliance doesn’t have to be a daily headache, however. RIA WorkSpace can take care of IT  compliance for you. 

    Using the RIA WorkSpace platform, powered by Microsoft, gives you the peace of mind that your IT compliance is taken care of, freeing you to focus on your key business priorities. Data retention and archiving functionalities are built into the system, so that compliance standards are met. RIA WorkSpace provides admin access to and control of your data, as well as the comprehensive reports required in case of an SEC audit. 

    Talk to our team today to discover how you can benefit from the RIA WorkSpace IT compliance solution. 

  • Up your schedule management game by using Microsoft 365’s Bookings feature

    Up your schedule management game by using Microsoft 365’s Bookings feature

    Are you struggling to keep track of your tasks and events? Microsoft 365’s new Bookings feature may be just what you need. With this feature, you can easily create and manage appointments for yourself or your team. Here is some key information on how to use the Bookings feature and some of its benefits.

    Visibility

    Bid goodbye to the days of scribbling on Post-its and frantically going through your schedule to find out where you’re heading for lunch. Bookings provides you with a unique scheduling app that is compatible on both desktops and mobile devices. Here, customers can select times and dates based on current availability — simply enter the contact information and then book it. The system then fully automates the process of managing your appointments.

    No more rain checks

    Cancellations and missed appointments mean wasted time slots unless you’re able to fill them up with new bookings. Avoid lost income by controlling how much advance notice is required to make a cancellation. With Bookings, appointments appear immediately in staff calendars and can be added or revised by customers in their own personal calendars.

    Additionally, a confirmation email is automatically sent to the customer, followed by another automatic email reminder before the appointment time. The web page also offers a rescheduling service: customers can simply click on the link on the confirmation email and pick a time that’s better for them.

    Synchronization

    Once completed, the booking is then synced to a centralized calendar where businesses are given the option to reschedule, cancel, or reassign the appointment to other staff members as they see fit.

    Should you decide to reassign a booking to staff members, Bookings offers a nifty feature known as “split view.” This shows which staff members are booked at which times, and lets you compare everyone’s schedules side by side. The appointments are synced not only to your calendar but to the staff members’ calendars as well. Moreover, this versatile system accommodates Office 365, Outlook, and even Google Calendar, so clients and staff can keep whatever calendaring service they prefer.

    Double duty

    Appointment setting might be the primary function of Bookings, but the system can also be utilized to build your company’s customer list. Once customers input their information into the system, it automatically creates contact entries for those customers. The contact card contains personal information such as your customer’s name, address, phone number, and email address.

    And as your company grows, you can add more staff members as well as create additional booking pages for free. Furthermore, staff members aren’t required to have Office 365 subscriptions to be a part of the service.

    Efficient tech resources aren’t enough to maintain a successful business anymore. To really stand out from competitors, you need comprehensive appointment management. Give us a call if you need any questions answered or issues addressed. We’re more than happy to help