RIA Workspace

Blog

  • The wait for Microsoft Teams is over! Can your RIA firm benefit?

    The wait for Microsoft Teams is over! Can your RIA firm benefit?

    Slack is a well-known, cloud-based collaboration tool that helps your firm communicate better and be more productive. Microsoft Teams is Window’s own version with a twist and some of the features might be ideal for your RIA firm. It’s been reported that prior to its release, a gigantic update was rolled out that equipped Teams with a bevy of features that will definitely make a difference.

    Smarter meetings

    The latest addition to Microsoft Teams is Scheduling Assistant, responsible for finding the ideal time to schedule a meeting. It takes into consideration the schedules of all members, and suggests the best possible time for all attendees. Needless to say, whereas Teams allowed users to schedule only intra-team meetings, Microsoft now supports one-on-one meetings. If you want to steer clear of Skype, read on.

    Bots, bots, and more bots

    With the latest update, bots are now capable of tapping into conversations happening in a team as opposed to a separate chat. To activate team bots, simply type “@” and begin interacting with the bot from there. Microsoft is also working on adding a Bots tab to Teams. This allows you to keep track of all the bots that have been added to a certain team while allowing you to discover new tabs as well. Other bot-related improvements include:

    • New bot gallery – the gallery displays a complete list of all the available bots on Microsoft Teams. Alongside the gallery is where you can add bots to one of your teams.
    • Discover bots via search – simply click on the search bar at the top and select “Discover bots”. From there click on a bot to start chatting, or click “Add” to add it to a team.
    • Add a bot with an @mention – to add a bot to a channel, simply type “@” in your compose box, then select “Add a bot”

    Public teams

    With public teams, anyone from your RIA firm can join the team, unlike the private teams which are open only to specific members. Public teams will show up when a user is trying to join a new team, and you can also turn your existing private team into a public team (and vice-versa).

    When it was launched in November 2016, Teams was a relatively minimal service. But in just four months, it’s become a lot more powerful and stable. Microsoft Teams has been available to Office 365 Business Essentials, Business Premium, and Enterprise E1, E3 and E5 users since March 14th. If you have any questions, don’t hesitate to give us a call!

  • Selecting the best Office 365 plan for your RIA firm

    Selecting the best Office 365 plan for your RIA firm

    Office 365 Business, Business Premium, Enterprise E1, E3, and E5. Each of these Office 365 plans offer different features and services. Implement the wrong one, and you may end up with a solution that doesn’t fully meet your RIA firm’s needs. To help you select the right Office 365 license, we’ve summarized and listed the different features of each plan.

    Business or Enterprise?

    If you’re running a cloud-first RIA firm, you’ll have to decide between Office 365 Business and Enterprise. Both have access to Office Online and OneDrive, but there are some notable differences between the plans.

    For one, Office 365 Enterprise E3 and E5 plans have unlimited archive and mail storage space, while Business plans have a 50-GB storage limit and don’t provide archive access from the Outlook client.

    When it comes to SharePoint, Business plans are short on enterprise search, Excel services, and Visio features. Additionally, unified communication solutions, Power BI, and Delve analytics are also missing from the Office 365 Business offering.

    Although it may seem like Enterprise subscriptions are superior — and in some ways they are — Business plans are perfect for smaller companies running on a tight budget. Office 365 Business and Business Premium cost $10 and $15 per user per month respectively, while E5, the biggest Enterprise plan, costs $35 per user per month.

    As a general rule, start looking for Enterprise plans when the employee headcount at your RIA firm exceeds 50 people and users require more storage space and solutions.

    E1, E3, or E5?

    If you do opt for Office 365 Enterprise plans, you’ll have to examine the features and choose one of three plans (E1, E3, and E5) that suits your needs.

    E1 offers basic enterprise solutions such as Outlook and Word, OneNote, PowerPoint, and Excel online for only $8 per user per month. Apart from this, users also get access to SharePoint Team sites, video conferencing, and Yammer for enterprise social media.

    E3 provides all E1 features plus data loss prevention, rights management, and encryption to ensure business security and compliance. While E5 is a full enterprise-grade solution with all the aforementioned features plus analytics tools, advanced threat protection, flexible Skype for Business conferencing, and unified communication solutions.

    Small- and mid-sized RIAs will usually select either E1 or E3 subscriptions and decide to add third-party applications to meet cloud security and VoIP demands. But if you have the resources and prefer a fully-managed suite of Microsoft applications, E5 plans are the way to go.

    Migrating to an Office 365 platform is a big step, and if you’re still undecided about which plan to opt for, contact us today. We don’t just provide Office 365, we assess your business and find the best solution that meets your budget and objectives.

    Published with permission from TechAdvisory.org. Source.

  • Old hardware sitting around? Understanding IT asset disposition

    Old hardware sitting around? Understanding IT asset disposition

    IT asset disposition (ITAD) is the disposal of IT hardware in a way that is good for the environment and doesn’t compromise your security. If you have hardware that your RIA firm longer wants because it is outdated or not working for you, your choices are to refurbish it – possibly for resale, sell it, recycle it, or dispose of it. The process applies to all IT assets, from mice, to laptops, servers and smartphones.

    Data Destruction

    Start by backing up everything on the equipment you are disposing of. Most companies with managed IT services have automatic backups of the devices connected to their network. However, it’s best to check and be sure, especially if this is a mobile device that you’re not sure has been managed as part of your network.

    You want to be sure that the equipment you dispose of doesn’t become a security liability. Data destruction isn’t as simple as wiping a device. When done properly, all hard drives and media is destroyed based on the standards set out by the Department of Defense or National Institute of Standards and Technology. There are different ways to destroy data. CSO has a good article that outlines the pros and cons of each.

    Recycle or donate

    Donating your equipment is a great way to let someone else make use of it. Many different organizations collect old hardware and make them available to worthwhile charities.

    Recycling is also a good option and can help keep some environmentally sensitive materials out of the landfill. Different electronic components have different recycling requirements. Check out E-cycling Central to find a depot in your area, or you can check back with the company you purchased from as some offer in-store or event recycling.

    Did you know?

    • By recycling one million laptops, we save the equivalent of the electricity used by more than 3,500 US homes in a year (Source: EPA)
    • By recycling one million cell phones, we recover 35,000 pounds of copper, 772 pounds of silver, 75 pounds of gold, 33 pounds of palladium. (Source: EPA)

    Next steps – who to engage

    It’s unlikely that most small or mid-sized RIA firms want to manage this themselves. This is one of those jobs best left to the experts.

    Here in the Chicago area, we often encourage clients to reach out to a company like Ava Recycling. They will manage the data destruction, recycling and disposal process for you. There are similar companies across the United State and you should be able to find one in your area. NAID is the international trade association for companies who provide information destruction services and they have an online directory of their members who can do this kind of work.

    When you find someone to work with be sure you can check the following boxes:

    • They offer DOD level data destruction
    • They present you with the transfer of liability paperwork
    • You receive a letter of destruction from them
  • Cyber Security and Cloud Computing for RIAs

    Cyber Security and Cloud Computing for RIAs


    If you are the CEO, CCO, or CFO of an RIA firm that is already using cloud computing or mobile devices to allow employees to access company information – or who wants to introduce cloud and mobile computing – then this is a “must attend” event.
    During this webinar we’ll cover:

    • Cloud and mobile computing 101: What it is, how it works and the pros and cons of integrating cloud and mobile devices into your firm. We’ll answer the most commonly asked questions in simple terms (not “geek-speak”) about cloud and mobile computing, including cost saving strategies, security policies and the protections you must have in place.
    • Critical policies, procedures and protections EVERY RIA firm must have in place NOW before allowing employees to use mobile devices to access the company network; overlook even one and you’re exposing yourself to security breaches, damaging and expensive litigation, employment lawsuits and having confidential company information exposed to competitors, hackers and cyber criminals.
    • iPads, laptops, tablets, Oh my! What are the BEST mobile devices for working remote? We’ll discuss pros and cons of the various devices and operating systems, what the limitations are of each and discuss how to properly plan your next network upgrade to take advantage of the latest mobile and cloud technologies without exposing yourself to more costs and risks.

    Who Should Attend?

    C-Level executives and professionals who:

    • 1. Are already using mobile devices themselves and/or allow employees to use personal, mobile devices to work from home or on the road, and are concerned about: lost or stolen devices, privacy of confidential information, employment litigation introduced when employees use personal devices to access company data and State and Federal laws that carry heavy fines for lost or stolen data.
    • 2. Are considering cloud technologies, but want to hear non-technical straight talk about what these technologies are—the tangible benefits, costs and limitations of these technologies—before making a decision.
    • 3. Are facing a network refresh, upgrade or expansion in the next 12 months.
    Meet your Presenter:


    David Kakish is the founder and President of
    RIA WorkSpace, and author of several technical publications. He holds technical certifications from vendors such as Microsoft and Cisco and has his Certified Information System Security Professional (CISSP) designation. As author, entrepreneur and IT expert, David is committed to helping RIA firms navigate their way through the worlds’ ever change technology and increasing complex IT environment. David’s fundamental belief is that small and mid-size RIA firms have similar IT and technical challenges as large enterprises, but with limited resources. With the increasing complexity of IT and compliance regulations, small and mid-size firms are actively seeking partners that can help them overcome these challenges.While not at the office, David enjoys playing sports, especially soccer and basketball. He loves travelling, learning and spending time with his family. On the weekends, you’ll typically find him busy coaching one of his kids sports teams.

  • Hacking of Small RIA in the News. Keep Yourself Out of the Headlines!

    Hacking of Small RIA in the News. Keep Yourself Out of the Headlines!

    Earlier this week, the SEC announced that an RIA based in St. Louis will be fined $75,000 for not properly guarding their client data from hackers. And they were hacked! Hacked from a sourced traced to China who accessed the RIAs server with the personal information of approximately 100,000 clients.

    The SEC tells us that none of the 100,000 clients whose information may now be in the hands of cyber criminals have reported any financial harm as a result.

    That’s good news for the clients!

    But this is not good news for the St. Louis advisor’s brand and reputation.

    The SEC was very clear about their stance on how RIAs must protect their data regardless of the outcome of a hack or the size of the firm:

    “As we see an increasing barrage of cyber attacks on financial firms, it is important to enforce the safeguards rule even in cases like this when there is no apparent financial harm to clients,” said Marshall S. Sprung, Co-Chief of the SEC Enforcement Division’s Asset Management Unit. “Firms must adopt written policies to protect their clients’ private information and they need to anticipate potential cybersecurity events and have clear procedures in place rather than waiting to react once a breach occurs.”

    Adopting Written Policies

    The SEC wants you to have them in place. You might already have bits and pieces or perhaps you created them a few years ago and know you need to revisit. Here are just a few places to start.

    1. Know what you’re protecting and where it is. By conducting a full asset inventory of your data and systems, you know what you have and where it is. You will want a list of all your hardware, software, applications, data, files and media regardless of its sensitivity. You want to know its location, who owns and uses it, who can access it and you can even assign a priority level or security level to it. This includes managing mobile devices. If your company has a BYOD policy, be sure you understand who has what and how it accesses your systems and data.
    2. Employee onboarding and training. The number varies depending on where you look, but many sources suggest that at least half of all security breaches come from employees – either accidentally or maliciously. Whatever the cause, you want to minimize the chance that the person down the hall from you could be the cause of a cyber nightmare. Know who you’re hiring by using proper screening practices and provide employee training when they’re hired and throughout their employment at your firm. Your Internet Usage Policy should also be part of the training and onboarding process to educate and remind employees of what they can and can’t do online with company hardware, software and internet access.
    3. Control Access. Not everyone at the firm requires access to everything – digitally or physically. Policies should dictate that your servers or other sensitive hardware are off limits to anyone other than those who have some ownership of them. The same is true for data and software or applications. If someone doesn’t require access to it as a regular part of their job then they don’t need access. Have a process in place to assign, remove and review all access permission levels.
    4. Adopt security best practices. We talk about this a lot with RIAs. We have our Top 10 that we seem to always be on our soapbox about. When it comes to getting your plan in place, you will want these to become part of your standard practices:
      • Automate your backups so you don’t have to rely on anyone to do it.
      • Consider going off site with your backups. The cloud is often the most convenient solution.
      • Image your server as a way to restore data if something is to happen
      • Maintain everything. The software and hardware you’ve created an inventory for needs to be kept current to prevent any vulnerabilities from showing
  • 74% of Advisors Experience Cyber-Threats. Where Are Your Vulnerabilities?

    74% of Advisors Experience Cyber-Threats. Where Are Your Vulnerabilities?

    In a February 2015 Risk Alert, the SEC published their findings of an examination of 57 registered broker-dealers and 49 registered investment advisers. The purpose of their examinations was to gain insight into how the two groups were doing with respect to cybersecurity in three areas: legal, regulatory and compliance. The findings revealed that 88% of the broker-dealers and 74% of advisers directly or indirectly via vendors, experienced some form of cyber-threat. Most commonly, the threat came in the form of malware or fraudulent emails.

    For many of us, malware and fraudulent emails are something we’re on the lookout for. Maybe even well prepared for. But in the financial industry, which is interconnected more than most industries, it isn’t just important that you and your firm are well prepared, it’s important that the industry is well prepared.

    An industry at risk of a “Single Point of Failure”

    Sarah Dahlgren, Executive VP at Federal Reserve Bank of New York spoke of the “single point of failure” threat during the OpRisk North America Annual Conference this year. We weren’t there but we read her remarks online and so can you. She sheds light on the risk to the financial services industry because so many of our systems are intertwined. If there is a single weak spot, it could be catastrophic.

    How this translates to your firm.

    While most RIA firms may not be able to solve the larger industry problem, you can think about this in the context of your own firm. If there is a “single point of failure” inside your firm, what kind of impact can it have on your operations?

    If you have a solid and comprehensive backup and recovery plan in place, a cyber-attack might only have a small impact. But if you don’t have a plan, you should put one in place, and know that you might not recover from a cyber-attack as easily.

    A few points of advice

    We recently published some of the top cybersecurity tips we often share with RIAs in a recent blog Are Small RIAs Perfect Targets for Cybercriminals? But in this context, there are a few other things we wanted to point out:

    • Train your employees well. If malware and fraudulent emails are the most common attack, training all your employees thoroughly and reminding them on an ongoing basis will be important. We’ll be publishing a blog focused on employee training in the coming weeks so watch for it if this is a concern for you.
    • Do due diligence on all the vendors and companies who have access to your system. You might trust that they aren’t “hackers” but you also want to be sure that they themselves are not vulnerable and will become that “single point of failure” into your system.
    • Consider taking an outsider’s look at where you’re vulnerable. A thorough Cyber Security Assessment Review can show you what a hacker can see by examining your external, internet facing systems and helping you prioritize improvements and changes.
  • Is your RIA’s Internet Usage Policy Working?

    Is your RIA’s Internet Usage Policy Working?

    The internet is an essential tool for RIA firms. There is no debating that fact. There is some debate however over whether or not the internet makes employees more or less productive. News stories tell us about all the time employees waste on social media sites while they should be working. In fact, Salary.com does an annual Wasting Time at Work survey and the 2014 results suggest that 89% of us use work hours to do something non-work related, and 26% of those said the internet was the biggest culprit. Yet a study by Pew Research Center says that 92% of working adults do not think that their productivity has been impacted by the internet. The study, Technology’s Impact on Workers also reports that 46% of respondents are aware of a company policy that limits the websites they visit or blocks certain sites entirely.

    So you know your RIA firm needs the internet – especially if your employees work outside of the office and need access to the network remotely. But you also want to manage internet use so it does not impact productivity.

    That’s where a solid Internet Usage Policy comes in. It’s important that your employees know about the policy and it might be good practice at your firm to encourage employees to help evolve the policy over time. But if you’re just starting out building one or want to review the one you have in place, here is a summary of a few things we encourage our clients to consider for their policy.

    Acceptable Use of the Internet

    • Communication between employees and non-employees for business purposes
    • IT staff software downloads for upgrades and patches
    • Vendor websites for product information
    • Referencing regulatory or technical information
    • General work-related research

    Prohibited Use of the Internet

    • Any activity associated with data or content that is illegal, pornographic or negatively depicts race, sex or religion
    • Any form of gambling
    • Online shopping
    • Online games, contests or promotions
    • Use of resources for an external business or political enterprise
    • Distribution of proprietary company, client or partner data
    • Accessing or altering web-based company information outside of your scope of work
    • Conduct considered criminal or that could lead to civil liability
    • Conduct that infringes on copyrights, trademarks, trade secrets or patent rights
    • Transmission of proprietary, confidential or sensitive information without proper controls in place
    • Download of shareware or files without authorization

    This lists isn’t exhaustive and your language around each of these will need to be formalized for your policy. We post a free example of a more comprehensive Internet Usage Policy on our website that you can use to get started.

  • 10-Steps to Prepare for an IT Disaster

    10-Steps to Prepare for an IT Disaster

    A disaster often comes without warning. Server meltdown, natural disaster that wipes out your office, hackers getting into your system. They can all put a stop to your operations at any time. Here are our best 10 suggestions on how to prepare yourself so that the downtime and the damage are minimized.

    1. Put it in Writing with a Written Plan.

    This might sound simple but many RIA firms find that the process of thinking through things in advance of an actual disaster goes a long way and puts things into perspective. A basic disaster plan should include:

    • An overview of what potential disasters might occur
    • Step-by-step process of what should be done
    • Instructions on who should do what
    • Contact information for providers that may need to be consulted
    • Usernames and passwords for key websites

    A valuable part of putting the disaster plan together is understanding what kind of budget you’ll need for disaster recovery. There are obvious costs to replaced hardware, IT support to get things back up and running etc, but you also need to consider the costs of downtime on your firm.

    • What will happen if you can’t access your network for a day? For a week?
    • How will your clients react if they can’t reach you or if you can’t access the data their asking about?
    • Will clients question the security of their information?
    • How will downtime impact employee confidence in your firm?

    If a few hours of downtime is more than your firm can afford then your disaster plan needs to take that into account and your plan needs to have you back up and running within that time frame.

    Your IT infrastructure should be consistent with your needs.

    When your plan is done, have a printed copy in a fireproof safe in your office, have a copy offsite – maybe at your home, and have a copy with your external IT consultant if you have one.

    2. Have a Trusted IT Professional on Board

    If you have encountered a disaster that impacted your IT infrastructure, you know that recovering your systems and getting you back up and running isn’t something you’d want to do without a qualified IT professional. And recovering your data is probably something you shouldn’t entrust to just anyone. A single mistake during recovery and your data could be gone forever or your downtime extended to weeks. Find an IT professional or firm who has experience to not only help you set up your disaster recovery plan, but also has experience in data recovery.

    3. Plan for Communications

    A communications plan is important so employees know how to communicate with you if they can’t access the firm’s office, email or phones. You may also want to be prepared with how to handle client inquiries during this time and ensure everyone understands the situation and your progress.

    4. Prioritize Automated Backups

    From what we’ve seen with our clients, the most common cause of lost data is human error. Tapes are not swapped properly, the backup is not setup correctly, or something is forgotten or missed. Automating backups means it’s always done as scheduled and the possibility of human error is minimized.

    5. Take your Backup Offsite

    It’s good to have a backup in the firm’s office, but if that’s your only backup, it’s exposed to the same risk to theft, flood, fire or hackers as your server. Maintaining a recent copy of your data offsite with a different server or storage device is ideal.

    6. Establish Remote Network Access and Management

    If your employees have access to the network remotely they can continue to work if a disaster such as flood or fire has limited your access to the office. Remote access also allows your IT staff or consultant to access your system during an emergency or for routine maintenance. An added plus is that with remote network access, many RIA firms are offering flexible work-life-balance environments that lets employees work at flexible times and flexible locations.

    7. Image your Server

    Imaging your server makes an exact replica of your server. This is an important step to help speed up data recovery and restoring your systems. All the information that is being stored offsite needs to be restored somewhere for you to use it. That includes all of your applications like Microsoft office, databases, accounting software etc. If you have imaged your server, that replica can be copied to the new server as it was on the old one saving you a lot of time and money to get you back up and running. This also helps you keep your preferences, configuration and favorites.

    8. Document your Network

    It’s important to have a “blueprint” of your software, data, systems and hardware on your firm’s network. That is what network documentation offers and your IT staff or consultant should be able to do this for you. With good documentation, it’s easier and faster to restore your network and that usually means it’s cheaper too. Good network documentation can also make occasional network repairs easier and faster as well. Your insurance provider may also appreciate the documentation in the event that replacements are needed.

    9. Maintenance! Maintenance! Maintenance

    OK – proper maintenance might not protect you from fires, flood, theft or other natural disasters, but those causes of data or system loss are far less common. Proper maintenance is one of the most important ways to avoid the more common disasters caused by viruses, worms or hackers. Always keep your network patched, secure and up-to-date so it is less vulnerable. Part of the maintenance schedule should include monitoring hardware for deterioration, monitoring software for signs of corruption, and identifying software and hardware that is aging and needs to be replaced.

    10. Test, Test and then Test Again

    It’s a good practice to have an IT professional test your system once a month to be sure the plan and all the systems you’ve set up are working the way you expect them too. They can test to be sure your backups are working and there are no security liabilities in your system. If you’ve made the effort to plan for a disaster you want to be sure it’s working.

  • What keeps an RIA firm’s “IT Guy” busy?

    What keeps an RIA firm’s “IT Guy” busy?

    We’ve all seen our fair share of IT guys (and gals) come and go. Sometimes, a qualified IT professional is the hardest person on staff to keep. Eventually, the day-to-day doldrums of resetting forgotten passwords, retrieving accidentally deleted files, and well let’s face it – unjamming the printer, turns what might have started as a dream job into a jumping off point for something bigger and better somewhere else. Not everyone gets tired of these tasks, but many do. There are lots of great IT guys out there who have skills they want the chance to put to use and are just waiting for that opportunity.

    Many of the RIA firms we work with have in-house IT staff whose job function changes considerably once the firm outsources some of the basics computer support services. This makes that really great IT guy a lot easier to keep. Their current job is their dream job again as the focus changes from “why is my computer so slow?” to “how can you help us strategically?” Suddenly in-house IT moves from putting out fires to focussing on innovation, long term planning and revenue-generating contributions. That is an IT dream job!

    So how do you unburden your IT guy or gal so they can contribute at a whole bigger level and they are more likely to stay with the firm? Here are some suggestions.

    Recognize your IT guy’s skills and passions

    Good bosses understand what makes an employee love their job. Work with IT to understand where the firm’s priorities and goals merge with the employee’s skills and passions and then free up their time to focus on just those things. Letting your in-house IT support focus on the kind of strategic projects they are not only good at, but that they really enjoy is usually a win-win for everyone.

    Prioritize projects that generate revenue or help cut costs

    Evaluate your priorities. If your IT guy can’t do everything on his to-do list every day, you have to understand that the lack of priorities is impacting your bottom line. The time IT spends putting out fires and day-to-day trouble shooting, is time lost to bigger projects that can impact the bottom line. That’s not to say those fires don’t need putting out, but creating priorities for in-house IT staff is important if you hope to make progress with your IT infrastructure.

    Understand the day-to-day processes

    Do you know what the average day looks like for your IT guy? You don’t need to know all the technical details, but you should work to understand what day-to-day processes are in place to keep things running securely and efficiently. Now ask yourself:

    • Are these day-to-day processes the best use of your IT guy’s time?
    • What can be done by someone else in the firm?
    • What can be automated?
    • What can be managed more efficiently in the cloud or by others?

    Consider taking it to the cloud

    The cloud does not mean the end of in-house IT staff. In fact, for many RIA firms, moving to the cloud means freeing up time for the IT guy to become that strategic contributor he hopes he can be and you hoped he could be when you hired him.

    A move to the cloud is another tool that can help alleviate the day-to-day tasks that bog down IT staff and prevent them from getting on with the bigger and the better – those projects that cut costs, or generate revenue, and leverage your IT guy’s passions.

    Ask a Managed Service Provider what kind of difference they can make

    A good Managed Service Provider (MSP) is going to customize their services to offer your IT guy the kind of support he needs to alleviate much of the pressure and stress of the day-to-day fires. Not only does it free him up for those other projects, he also has a resource to support him as technology continues to become more complex on the backend with virtualization, cloud computing and advanced infrastructure.

    Depending on what you agree to with your MSP, your IT guy and your staff can have access to a help desk, tools for remote monitoring and mobile device management, and disaster recovery and business continuity. These all become things the IT guy no longer has to worry about.