Blog

As technology becomes more and more ingrained in our professional lives, it’s more crucial than ever to secure the devices we use for work and the data they contain. This is especially true for registered investment advisors (RIAs) or financial advisors like you, who handle sensitive client data on a daily basis.

But securing devices doesn’t have to be complicated or time-consuming. By following a few simple steps, you can help ensure device security and data integrity that will keep you compliant with industry best practices and regulations.

Read on to learn what your RIA or financial advisory firm can do to lock down devices and protect data.

Device security checklist

Having a device security checklist is a great way to get started. Here are some measures that your advisors and staff should take to secure their devices, whether they’re laptops, smartphones, or tablets.

☐ Lock the screen when the device is not in use

A good number of people tend to forget to lock their screen when they step away from their computer for just a few minutes. Setting devices to automatically lock screens after a few minutes — 15, at most — of inactivity is a good way to make sure unauthorized users can’t access devices that are left unattended. Doing so effectively helps protect against data loss or theft.

☐ Do not install peer-to-peer software

Peer-to-peer (P2P) file sharing applications like eMule, Vuze, and uTorrent are a security risk, as they can be used to download and share content that can be potentially laced with malware. What’s more, P2P networks are often insecure, leaving users vulnerable to data breaches and other malicious attacks. That’s why it’s important to prohibit your employees from installing any P2P software or remove any existing P2P apps on their work devices.

☐ Use antivirus, anti-malware, and firewall applications

These security tools help protect devices from being infected with malware or hacked. An antivirus program detects and removes viruses, while an anti-malware software protects against malicious software like spyware, adware, Trojans, and more. Meanwhile, a firewall blocks unauthorized access to a device or network.

It’s prudent to install these three solutions on top of existing built-in security to implement multilayered protection. These security solutions should also be updated regularly to ensure they remain effective at protecting against the latest threats.

☐ Only use trusted Wi-Fi networks

Public Wi-Fi networks are convenient, but they also put your data at risk. That’s because these networks are often unencrypted, making it easy for cybercriminals to intercept data being transmitted over them.

When using public Wi-Fi, your employees should only access sites that use SSL/TLS encryption (i.e., site URLs prefixed by “https”) and avoid entering any sensitive information, like login credentials or credit card numbers. Better yet, instruct your employees to avoid using public Wi-Fi altogether and only use their device’s data plan when they’re out and about.

☐ Use a VPN

A virtual private network (VPN) encrypts all the traffic going to and from a device, making it much more difficult for cybercriminals to intercept data. This is especially important when you’re using Wi-Fi networks other than your home or office network, as a VPN adds an extra layer of protection.

Many VPNs also come with other security features like malware protection and ad blocking, which can be a big help in blocking unwanted content and keeping devices safe. And because there are thousands of VPN choices in the market, be sure to select one that’s reputable and has a good track record in terms of security and privacy.

Related reading: Does your RIA have a hybrid work environment? Make sure it’s secure

The importance of updating your software and devices

Besides ensuring that your employees are following best practices for device security, it’s important that your RIA or financial advisory firm has a robust update policy in place. This means ensuring that all devices are kept up to date with the latest software releases, security patches, and virus signatures.

In particular, your IT team or partner should do the following:

• Take inventory of all software installed on work devices. Doing so allows them to track which software is outdated and needs to be updated, making it easier to identify and remove any unauthorized apps.
• Constantly update antivirus and malware signatures. Outdated virus and malware signatures can leave devices susceptible to newer attacks. That’s why it’s important to have a system in place that automatically updates these signatures on a regular basis.
• Push operating system and software updates or enable automatic updates. Many devices have the option to automatically install updates, which helps ensure that they are always running the latest software versions and security patches.
• Regularly check device settings. Settings like password strength, autofill options, and location services can all impact the security of a device. By checking and updating these settings weekly if not daily, your IT team or partner can help ensure that your devices are as secure as possible.

While no cybersecurity strategy is impenetrable, following these best practices can help you create a strong defense against the most common cyberthreats. And by taking steps to secure your devices and data, you can help reduce the risk of a breach or data theft.

If you have any questions about device security or would like assistance implementing these best practices to help you protect your RIA or financial advisory firm’s data, RIA WorkSpace can help. Contact us today to learn more.

Tyler was fascinated with the huge rise in bitcoin and other cryptocurrencies. He’s recently been using his phone application to invest in small portions of cryptocurrencies with some of his leftover money from his allowance and his paper route. Although he was seeing some positive returns, he wanted more. When on social media one day, Tyler saw a post by a popular influencer. The post mentioned they would triple anyone’s cryptocurrency in one week with their proven method. Tyler was ecstatic and followed the steps to send the cryptocurrency to their account. Tyler waited patiently, but the week went past, and he didn’t see his returns or original investment. The influencer later posted that their account had been compromised, and the criminal had posted the message about this cryptocurrency scam. Tyler was embarrassed and chose not to tell his parents or authorities.

Did you spot the red flags?

• The influencer claimed they could triple any investment in one week.
• Tyler was too eager to make quick returns on his investments.
• Tyler’s embarrassment after falling for this scam led him to not take any additional action.

What you should know about this scam

This was an example of a cryptocurrency multiplier scam. Scammers lure in investors who want faster returns by promising to multiply any deposit made. But more often than not, these deposits go right into the wallet of a scammer with no intention of returning a cent
These types of scams are very popular on social media platforms. Scammers have been known to impersonate celebrities, influencers, and popular investors to push their scams. Additionally, as seen in Tyler’s case, real accounts can be compromised and used to push out these scams.
Teach children and teens in your life about the pros and cons that come with investing. Everyone should be aware that scams and other such fraud can, and should, be reported to local authorities or consumer protection agencies. It is possible that some, or all, of the stolen money, can be returned.

Remote working has proven to be invaluable in maintaining day-to-day operations during the pandemic, but many RIA practices are now considering how to safely and efficiently reopen their offices. Rather than simply returning to their existing brick-and-mortar establishments, RIAs are adopting hybrid work models to enhance employee experiences and create a more productive work environment.

What is hybrid work?

Hybrid work is a flexible working model in which employees split their time between working from home and the office. It brings together the most desirable attributes of in-office and remote work: the structure and sociability of the former, and the independence and flexibility of the latter. This is one of the reasons why 82% of company leaders intend to permit a degree of remote working as employees return to the workplace.
But while adopting a hybrid work model can ensure a prudent post-pandemic return to the office, it also opens a Pandora’s box of cybersecurity concerns. For one, RIAs and staff work between different locations, so they’re constantly moving in and out of the company network. An employee might use unsecure devices or practice poor security hygiene while working remotely and compromise your network once they use the same devices to reconnect to it.
It’s not enough that your IT provider secures and manages your on-site infrastructure — it’s equally important that you provide employees with the necessary tools and resources to keep data safe in your hybrid work environment.

Related article: OneDrive and SharePoint for RIAs: Which one to use?

How to secure your RIA practice’s hybrid work environment

It’s crucial that your RIA implements a long-term, robust security strategy that addresses endpoint device security and data protection needs to mitigate threats targeting your hybrid workforce. Here are some key measures to consider:

Use an enterprise-grade VPN

Companies often leverage virtual private networks (VPNs) to provide employees working off-site with secure access to network resources. Basically, a VPN acts like a tunnel that protects the data being transmitted within it and keeps it from being intercepted by unauthorized parties. Your RIA can use a VPN to encrypt your communications between the office and remote workers, minimizing the risk of data privacy and security concerns such as breaches and cyberattacks.

Establish access control systems

Your IT provider can’t completely manage all the devices that your RIAs and staff use as well as the home and public networks they connect to while working remotely. These potential entry points make your corporate network vulnerable to a host of security threats, so it’s imperative that your RIA practice has a system in place to keep unauthorized users out.
Identity and access management (IAM) helps you confirm the identity of users attempting to access your network. It also checks whether they are authorized to use particular resources or perform certain actions before granting or denying them access.
The most commonly used technologies that simplify aspects of IAM are the following:

• Single sign-on (SSO) – eases the management of various usernames and passwords by allowing users to use only one set of login credentials to access multiple applications
• Multifactor authentication (MFA) – requires users to provide other credentials (e.g., a fingerprint or a code sent via SMS) besides their username and password to verify their identity
• Privileged access management (PAM) – monitors, controls, and manages access given to users based on their roles and job functions

Related reading: Why your RIA should use multifactor authentication tools from Microsoft

Access control is among the simplest yet most effective ways to keep unauthorized users from infiltrating your RIA network. However, you must keep in mind that your data will not be 100% secure if you rely solely on one IAM tool. It’s best to implement at least three layers of protection to effectively regulate access to your systems and data.

Develop a security-oriented culture

Security must be embedded into everything your hybrid workforce does in order to substantially minimize data privacy and security risks. Your IT provider can help you instill cybersecurity awareness in your staff through frequent security training, which can be done virtually and in person. This helps ensure that everyone in your firm is able to successfully identify and guard against hybrid work-related threats, enhancing the overall security of your RIA firm.
The key to securing your RIA’s hybrid work environment is staying on top of cybersecurity. You can start by checking your Microsoft Secure Score, which shows how well your firm is implementing best practices. If you need help shoring up your RIA’s cybersecurity or have questions about securely managing and supporting your IT infrastructure, get in touch with our experts today.

While working from home, you need to have the right amount of resources and support to be productive. You need a functioning computer and sufficient internet bandwidth. But chances are, you’re not aware of the minimum internet bandwidth requirements needed to be fully productive while working away from the office. Read on to learn if your internet bandwidth can handle your current workload.

What is bandwidth?

Bandwidth refers to the maximum data transfer rate possible in a network or internet connection. It indicates the amount of data that can be sent over a connection in a given amount of time, and is usually expressed in bits per second (bps).
Imagine two computers with the same internet speed at 100 megabits per second (Mbps): the first computer only has a 50 Mbps bandwidth, while the second one has 100 Mbps. If they were to download the same packet with 500 megabits (Mb), the first computer would be able to do it in 10 seconds, while the second one could do it in just 5.
This is because the first computer’s bandwidth is capped at 50 Mbps — even with a high-speed internet service, the limit of transfer would still be low. Therefore, the higher the bandwidth, the more data can be sent over a connection, contributing to faster uploads and downloads and a better internet experience overall.

How much bandwidth do you need for remote working?

To answer this question, you need to factor in the type of work that you do and the apps that you use. If your job mostly consists of sending emails, editing and writing on Google Docs, and communicating on Slack, then you can do your job with ease even with a low bandwidth. On the other hand, if your day-to-day tasks consist of frequently attending meetings through video calls, then you’d need a plan with higher bandwidth.Once you have a clear picture of how much data you send and receive on an average workday, you can start looking for plans that can support your needs. And while you don’t need to conduct virtual meetings in 4K quality, you also won’t want your clients and colleagues to appear pixelated during a meeting. Neither would you want a session that gets choppy or cut off mid-conversation.Here are the minimum requirements for the most common video chat apps used by remote workers today:

• 
  Zoom
  

• For 1:1 video calling:

• 600 Kbps (up/down) for high-quality video
• 1.2 Mbps (up/down) for 720p HD video
• Receiving 1080p HD video requires at least 1.8 Mbps (downspeed)
• Sending 1080p HD video requires at least 1.8 Mbps (upspeed)

• For group video calling:

• 800 Kbps/1.0 Mbps (up/down) for high-quality video
• For 720p HD video: 1.5 Mbps (up/down)
• Receiving 1080p HD video requires at least 2.5 Mbps (downspeed)
• Sending 1080p HD video requires at least 3.0 Mbps (upspeed)

• 
  Google Meet
  

• HD video quality:

• Outbound signals must always meet a 3.2 Mbps minimum bandwidth requirement.
• Minimum inbound signals: 2.6 Mbps with two participants; 3.2 Mbps with five participants; and 4.0 Mbps with 10 participants

• Standard definition (SD) video quality:

• Outbound signals must always meet a 1 Mbps minimum bandwidth requirement.
• Minimum inbound signals: 1 Mbps with two participants; 1.5 Mbps with five participants; and 2 Mbps with 10 participants

• 
  Skype
  

• Video calling:

• HD: 1.2 Mbps (up/down)
• SD: 400 Kbps (up/down)
• The more participants, the higher the bandwidth requirement for downloads: 512 Kbps for three participants; 2 Mbps for five participants; and 4 Mbps for seven people. Upload requirements remain constant at 128 Kbps.

• 
  Microsoft Teams
  

• Teams requires the same upload and download internet bandwidth for the following scenarios:

• At least 30 Kbps for peer-to-peer audio calling
• At least 1.2 Mbps for peer-to-peer HD-quality video calling at 720p
• At least 1.5 Mbps for peer-to-peer HD-quality video calling at 1080p
• At least 500 Kbps/1 Mbps for group video calling

If you’re worried about your internet bandwidth, you can opt for audio calls instead of video calls. This considerably helps lower the information you need to upload and download.
For more tips and solutions on how you can work from home without a hitch, call us. We’d be happy to help.

Many businesses still rely heavily on landlines, which remain one of the first points of contact businesses have with their customers. With the marriage of traditional telephony and digital connectivity comes a more affordable and reliable option: internet phones. Is this the best option for your RIA? Read on to find out.

Different phone systems

Today’s businesses still use landlines to connect with various stakeholders, such as customers, investors, and suppliers, to service their needs. However, telephony has come a long way from when it first came about in 1876. For instance, Voice over Internet Protocol (VoIP) phones have virtually unlimited reach, are automated, and are cheaper than ever to acquire.
VoIP is a telephony solution that uses the internet instead of wired circuits to transmit data. VoIP does more than just transmit audio — it can also send a variety of data (video, multimedia, SMS, etc.) and perform other tasks as well.
A VoIP system’s hardware (phone units, cables, CPUs, etc.) and software (one or more applications that run the system) can be either on-premises or hosted:

• On-premises – Hardware and software are physically housed within the premises of the company.
• Hosted – Some of the hardware, like phone units and other equipment, can be found within the premises. But most, if not all, of the software is hosted online. Service providers look after hosted systems for their clients.

Life cycles: On-premises vs. hosted

With hardware, it doesn’t matter whether it’s on-premises or hosted. Hardware is affected by the wear and tear stemming from daily use. Barring any accidents or physical damage, VoIP hardware should last several years.
On the other hand, software requires regular updates. It’s worth noting that it’s faster and cheaper to update software that’s hosted in the cloud versus one that’s on premises. However, there’s not much difference in how much either one can last — software for both types of VoIP systems can last upwards of 10 years, depending on how dependable your IT support is.

Technology today vs. before

In the past, hardware and software were built to last. Today, they’re built to adapt and change, thanks to cloud technology.
The effect of this shift on hardware and software is dramatic:

• Most hardware components are very similar, with replacements and upgrades coming every 5–8 years on average.
• Cloud software is faster, easier, and cheaper to upgrade than software for on-premises systems. Critical cloud updates can be released almost constantly, and a cloud system may be completely overhauled in as short as 2–3 years’ time.

Whichever phone system you choose, it should integrate smoothly with the other systems in your business, such as email or customer relationship management software. And as your business expands, your chosen phone system should easily scale with it, too.

Be a step ahead

Downtime results in loss of potential sales and, essentially, wasted money. If your phone service is spotty and constantly unreliable, perhaps it’s time to switch to VoIP phones.
Nowadays, it’s not the longevity of a tech solution that’s important, but rather staying ahead of the curve to trump the competition. Call our experts today so you can always leverage the best VoIP and other IT solutions available today.

There are three main categories that phishing messages fall into: email, text message and phone calls. Let’s break down these three categories to learn more:

Email

Perhaps the most common method of phishing is done through email. We’ve all received these messages at work and on our personal accounts. Although IT has tools in place to help limit these messages coming through, there are those that do reach their target, us. This is why we must be diligent in watching for phishing emails.
We teach the SLAM method for spotting these malicious messages. SLAM stand for: Sender, Links, Attachments and Message. These four areas should be carefully inspected before acting on any unsolicited email.

Text message

Text message phishing scams are becoming more common. There may be fewer security controls to filter out these malicious text messages from scammers on our phones. In addition, scammers can pick random phone number combinations and usually have success, or they may find phone numbers available after breached data is posted on the Dark Web.
The SLAM method can also be applied to these messages as well, but be cautious with links and text messages, as they can’t be hovered over to view where they are directing you. If the text claims to be a company you use or do business with, try going to their website directly rather than clicking on any links provided.

Phone calls

Phone call phishing scams, also referred to as vishing, is another constant threat.
Although they lack the links or malicious attachments, scammers can use these phone calls to trick their victims into sending them money. Providing sensitive personal or company data, or convincing them to install ransomware on their own machine. Listen for prize offers, deals that seem too good to be true and threats or consequences for failing to act quickly. You should be exceptionally cautious with phone calls you did not initiate. When in doubt, just hang up.
Make sure you take phishing and its various forms seriously. And if you do spot a phishing message that has a chance of affecting others around you at work, report it to your supervisor and IT so everyone can be prepared.

Lax bring your own device (BYOD) policies are a growing concern for all businesses, including RIAs. If you’re not managing your firm’s BYOD policy properly, it can pose a host of security risks. Below are some of the inherent security risks of BYOD.

• Loss or theft of devices – Employees often bring their personal devices wherever they go. This means there’s a higher chance of devices, as well as the data stored in them, being lost or stolen.
• Man-in-the-middle (MITM) attacks – Cybercriminals can intercept information transmitted from employees’ devices if these are connected to poorly secured public Wi-Fi networks. Learn more about MITM attacks.
• Jailbroken devices – Jailbreaking is the process of removing the restrictions imposed by the manufacturer of a device, typically to allow the installation of unauthorized third-party software. This increases the risk of an employee inadvertently installing malicious software on a personal device.
• Security vulnerabilities – If employees have outdated operating systems and software on their devices, cybercriminals can exploit unpatched vulnerabilities to gain unfettered access to company systems
• Malware – A personal device that has been infected with malware can spread that malware to other devices that are connected to the company network and cause data loss and downtime.

To mitigate these risks, you must devise a BYOD security policy that works for the needs of your business as well as the needs of your employees. Here’s what you need to do:

Related article: The cost of a ransomware breach at your RIA

1. Set passwords on all BYOD devices

Prevent unauthorized access to company data by enforcing the use of passwords on all employee devices and accounts. Passwords should be unique; contain letters, numbers, and symbols; and be at least 12 characters long. It’s also a good idea to implement multifactor authentication to add another method of identity verification such as fingerprint scans or temporary passcodes sent via email.

2. Blacklist unsanctioned applications

Blacklisting involves prohibiting the installation of certain applications on BYOD devices that are used for work purposes. This includes applications like games, social networking apps, and third-party file sharing platforms. The simplest way to blacklist applications is through a mobile device management platform that enables your IT services provider to secure and enforce policies on enrolled devices.

3. Restrict data access

Adopt the principle of least privilege on both BYOD and company devices. This means that a user is able to access only the data and software required to do their job. This can reduce the effects of certain types of malware and limit the fallout in the event of a data breach.

4. Invest in anti-malware software

Anti-malware software identifies and removes malware before they cause irreparable harm to a device. The best anti-malware programs are often backed by the latest threat intelligence databases and use behavior-based detection techniques to pick up any traces of malware. Microsoft Defender is a good options for most RIAs.

5. Backing up device data

A well-thought-out BYOD policy can go a long way toward minimizing the risk of a security breach, but if something manages to slip past your defenses, you need to have backups prepared. Back up your data in off-site servers and in the cloud to ensure that any data stored locally on a device can be quickly recovered.

6. Educate your staff about security

The vast majority of BYOD-related security risks involve human error. This is why you should educate your employees about proper mobile safety. Train them on spotting apps that could contain malware, sharing security threat updates, and securing their devices beyond enabling default security settings.
You should also approach us if you need assistance protecting your BYOD environment. As a professional managed IT services provider, we keep tabs on the latest trends and innovations related to BYOD and will recommend solutions that work for your RIA. Contact us today to see how we can help.

Backing up SharePoint is a necessity to protect RIA firms from the risk of data loss. However, many RIAs don’t do regular or complete backups of their SharePoint files, which can be dangerous as RIAs deal with such highly sensitive financial and personal information. The reason SharePoint backups aren’t routinely done is because many people just assume it’s already being done — and we all know what happens when we simply assume.
If this is the case for your RIA practice, then you should look into backup tools that are easy to use and can be configured to automatically conduct backups so you don’t need to monitor them constantly.

Do RIAs need a third-party tool to back up SharePoint?

Many RIA practices use third-party tools to back up SharePoint, and while they are effective, they also bring in their share of problems. Some recurring complaints about certain third-party tools are lack of basic technical support, inadequate documentation, and the constant need to escalate seemingly minor problems to higher tier technical support.
Third-party backup tools are fine to use, but you can easily simplify your backups by using Microsoft tools, as these are part of your subscription and you can be assured of seamless integration and user-friendliness.

Related article: OneDrive and SharePoint for RIAs: Which one to use?

What other methods can RIAs use to back up SharePoint?

Your RIA can manually back up SharePoint files one by one. It’s a very simple process, although it can become time-consuming if you wish to back up a lot of files. You only need to perform the following steps:

• 1. Open SharePoint Online in a web browser.
• 2. Go to your files library and click on Documents.
• 3. Select the files you wish to back up and click on Download.
• 4.Your files will be downloaded onto your computer, and you can then move them to your preferred backup destination.

A better alternative is to keep your backups within the Microsoft 365 ecosystem via your Microsoft OneDrive sync client. Here’s how to do it:

• 1. Open SharePoint Online in a web browser.
• 2. Go to your files library and click on Documents.
• 3. Click on Sync, then choose which OneDrive folder to save your backups.
• 4. Click on Open Microsoft OneDrive.

Your RIAs can also use SharePoint’s built-in eDiscovery feature to back up files. This tool can help you retain critical business data for a period of time required by regulatory bodies, thus helping you meet compliance requirements. To access this function, you will need to have an existing Microsoft 365 Enterprise E3 or E5 plan. Setting up backups with the eDiscovery tool is as easy as doing the following:

• 1. Log in to the Microsoft 365 admin center.
• 2. Click on Admin Centers and then Security. You will then be redirected to the Security and Compliance page.
• 3. Click on eDiscovery and select eDiscovery from the drop-down menu.
• 4. Click on Create a Case to preserve or “hold” the user data.
• 5. Enter the Case Name and Description of the file and click on Save.
• 6. Click on Open and select the case you just created. This will redirect you to a settings tab for the case.
• 7. Select Holds on the toolbar and click on Create.
• 8. Enter the Hold name and description and click on Next.
• 9. Click on Choose Sites. In the next window, select the site you wish to add and click on Choose and then Done.
• 10. Click on Add Conditions to add filtering conditions like date, sender, size, subject, and so on. Click on Create This Hold to complete the process.

Your last option is to use the Microsoft 365 Compliance Center, specifically its Compliance Retention Policy setups and tools. Through this backup option, you should be able to retain all versions of your SharePoint data. Here’s what you should do:

• 1. Go to http://compliance.microsoft.com/
• 2. Click on Policies and then Retention.
• 3. Click on New Retention Policy.
• 4. Type in your chosen name for your new policy and then click on Next.
• 5. Choose your preferred retention settings and click on Next.
• 6. Select which sites you’ll apply the retention policy to by clicking on Choose Sites. Click on Done and Next once through.
• 7. Review your settings and then click on Create This Policy.

Better yet, leave your SharePoint backups to data management experts that specialize in the RIA industry. RIA WorkSpace is one of the most trusted IT solutions providers in the United States today. Contact us to learn more about our SharePoint backup solutions.