RIA Workspace

Blog

  • Spear phishing attacks – SCAM OF THE MONTH

    Spear phishing attacks – SCAM OF THE MONTH

    In the offices of a renowned robotics firm, Lisa, a lead engineer, was designing a new autonomous drone system. Her concentration was broken by an unexpected email from Dr. Morris, a prominent figure in robotics and someone Lisa greatly respected.

    The subject of the email read, “Urgent: Proposal for Collaborative Project in Robotics.” Intrigued, Lisa opened the email, which articulated a proposal for a joint venture between her firm and the university where Dr. Morris was a lead researcher.

    Attached was a document named “Project Specifics.pdf.” The email captured the tone Lisa would expect. She was ready to open the attachment when a detail made her pause: the email address looked strange. She found the professor’s official university email on the department website and sent an inquiry, attaching the received proposal for reference. Dr. Morris replied, confirming Lisa’s suspicions: she had not sent the email and it was likely a scam.

    Did you spot the red flags?

    • Lisa should not have forwarded the document to Dr. Morris in case the attachment contained malware.
    • Lisa should have alerted her IT team and her fellow employees about the message.
    • The sender’s email address looked suspicious. Always use the SLAM method to evaluate the different parts of a message.

    What you should know about this scam

    If you are unsure whether an email is legit or not, it is best to research the organization’s contact information or verify the message with the sender through another source.

    Spear phishing attacks often use specific details about an individual to get them to trust the message. With AI, cybercriminals can generate these messages easier than ever before. Just because a message includes information personalized to you, doesn’t mean you can automatically trust it.

  • Top RIA solutions for secure file sharing: A detailed comparison

    Top RIA solutions for secure file sharing: A detailed comparison

    As a registered investment advisor (RIA) or financial advisor, you have a responsibility to securely handle and protect your clients’ sensitive financial information. This involves implementing effective solutions for file sharing, as your clients will need to send and receive important documents over the course of your relationship.

    Traditional methods of exchanging files — such as email or physical mail — are not secure enough for the critical and confidential nature of financial information. Data breaches and security vulnerabilities pose a constant threat, and even a minor mistake can have serious consequences for your clients and your business. Fortunately, there are a variety of secure file sharing solutions available for RIAs and financial advisors.

    This guide will compare some of the leading solutions in the market, highlighting their key features and considerations. By the end, you’ll be well on your way to implementing a secure and streamlined file sharing system that will give you and your clients peace of mind.

    Leading secure file sharing solutions for RIAs and financial advisors

    Here are eight secure file sharing solutions commonly used by RIAs and financial advisors:

    • Box – cloud content management and file sharing service that offers advanced security features and collaboration tools
    • ComConnect – file sharing platform specifically designed for financial professionals, providing encrypted communication and document exchange
    • Dropbox – popular cloud storage service that allows users to store, sync, and share files securely, with built-in collaboration features
    • Egnyte – cloud-based platform for enterprise file synchronization and sharing, with advanced security and compliance capabilities
    • FutureVault – digital vault platform designed for financial advisors to securely store, manage, and share important documents with clients
    • ShareFile – secure file sharing and storage solution focused on enhancing business productivity and data protection
    • SharePoint – web-based collaboration platform by Microsoft that integrates with Microsoft 365, offering secure document management and sharing
    • SideDrawer – intuitive digital vault platform that enables secure sharing and organization of financial documents for advisors and their clients

    Feature comparison

    Evaluating the following key factors can help you determine which secure file sharing solution is best for your RIA or financial advisory practice.

    Security

    The most critical factor to consider when choosing a file sharing solution is security. Look for platforms with robust features, including data encryption and user authentication such as two-factor authentication (2FA) or multifactor authentication (MFA). Compliance certifications relevant to the financial industry are a plus.

    Box ComConnect Dropbox Egnyte FutureVault ShareFile SharePoint SideDrawer
    Encryption, access controls, compliance certifications, 2FA Encryption, access controls, compliance certifications Encryption, access controls, MFA Encryption, access controls, compliance certifications, 2FA Encryption, access controls, compliance certifications, MFA Encryption, access controls, compliance certifications, MFA Encryption, access controls, compliance certifications, MFA Encryption, access controls, compliance certifications, MFA

    User management and permissions

    Granular control over user access is crucial for secure file sharing. Opt for solutions with features that allow you to define user roles, set permission levels for different file types, and track user activity for audit purposes.

    Box ComConnect Dropbox Egnyte FutureVault ShareFile SharePoint SideDrawer
    Granular user permissions, group sharing, audit trails Granular user permissions, role-based access, audit trails Basic user management, shared folder permissions, limited audit trails Granular user permissions, role-based access, audit trails Granular user permissions, role-based access, audit trails Granular user permissions, role-based access, audit trails Granular user permissions, site permissions, audit trails Granular user permissions, client-specific access, audit trails
    Related reading: How to lock down your devices and protect your data: A device security checklist for RIA and financial advisory firms

    File sharing and collaboration features

    Besides secure file sharing, many solutions offer additional collaboration features, such as real-time document editing, version control, and commenting. Determine which features are critical to your workflow.

    Related article: Uploading documents securely: Enhancing data protection with the file request feature in OneDrive and SharePoint
    Box ComConnect Dropbox Egnyte FutureVault ShareFile SharePoint SideDrawer
    Secure client portals, document annotation, version control Secure client portals, secure messaging, eSignature capabilities File sharing with basic collaboration features Secure file sharing, document annotation, version control Client portals, digital rights management, secure messaging Secure file sharing, document annotation, version control Secure file sharing, co-authoring capabilities within Microsoft ecosystem, version control Client portals, secure messaging, file request functionality

    Mobile access

    Secure access to client files from mobile devices such as smartphones and tablets is essential for today’s on-the-go advisors. Look for platforms with dedicated mobile apps offering the same level of security as the desktop versions.

    Box ComConnect Dropbox Egnyte FutureVault ShareFile SharePoint SideDrawer
    Mobile app with strong security features Mobile app security can vary based on configuration Mobile app with strong security features Mobile app with strong security features Mobile app with strong security features Mobile app with strong security features Mobile app security can vary based on configuration Mobile app security can vary based on configuration

    Integrations

    The ability to integrate with other tools and software can significantly enhance the functionality of a file sharing solution. Look for platforms that offer a wide range of integrations, particularly with software commonly used in the financial industry.

    Box ComConnect Dropbox Egnyte FutureVault ShareFile SharePoint SideDrawer
    Integrations with various business applications Integrations with financial software Limited integrations with other business applications Integrations with various business applications Integrations with financial software Integrations with various business applications Tight integration with Microsoft 365 suite Limited integrations with other business applications

    Pricing comparison (as of July 2024)

    Pricing can vary significantly between different file sharing solutions. Consider the features and services included in each plan to determine which option offers the best value for your budget.

    Box ComConnect Dropbox Egnyte FutureVault ShareFile SharePoint SideDrawer
    Starts at $17.30 per user, per month, billed annually, minimum of 3 users Setup fee of $99, then $30 per month for two users; additional users $15 per month Starts at $15 per user, per month, billed annually, minimum of 3 users Starts at $20 per user, per month, billed annually Pricing is tailored to specific client needs Starts at $16 per user, per month, billed annually, minimum of 3 users Starts at $5 per user, per month, billed annually for SharePoint only Starts at $12.50 for Microsoft 365 Business Standard Starts at $16 per user, per month, billed annually, minimum of 3 users
    Related article: The RIA’s guide to sharing SharePoint files and folders

    With the increasing demand for secure file sharing in the financial industry, there is no shortage of options to choose from. By accounting for the above factors, you can select a solution that best meets your needs and budget. Remember to prioritize ease of use and customer support as well. With the right file sharing solution, you can enhance collaboration and security for your team and clients.

    Our experts at RIA WorkSpace can help you choose and implement the best file sharing solution for your firm. Contact us today to learn more.

  • What is the best document management system for RIAs and financial advisors?

    What is the best document management system for RIAs and financial advisors?

    Running a small to mid-sized registered investment advisory (RIA) firm can feel like a constant battle against paperwork. Client files, account statements, regulatory documents — the list seems never-ending. Picture spending hours searching for a specific document, only to realize it was misfiled or lost in the chaos of your physical filing system.

    Thankfully, document management systems (DMS) exist to make your life easier and more organized. These software solutions enable you to create a digital repository for all your documents, making them easily searchable and accessible.

    This article will compare some of the top DMS software solutions for RIAs and financial advisors to help you find the best fit for your firm.

    Top DMS contenders for RIAs and financial advisors

    Some of the most popular DMS options for RIAs and financial advisors include:

    • Finity360 Docs – cloud-based DMS designed specifically for the financial services industry, offering robust security and compliance features
    • Laserfiche – scalable enterprise content management platform with a variety of document management functionalities, suitable for RIA or financial advisory firms of all sizes
    • NetDocuments – cloud-based DMS with advanced search capabilities, automation features, and customizable security controls, used mainly by legal and financial services firms
    • Paperclip – user-friendly content management solution that offers features such as document encryption, access controls, and audit trails, and is suitable for ensuring security and compliance
    • SharePoint – widely used content platform integrated with Microsoft 365, offering a familiar user interface for existing Microsoft users and seamless integration with other Microsoft products commonly used by RIAs
    • Worldox (now owned by NetDocuments) – popular on-premises DMS option with customizable workflows and document version control features

    Feature comparison

    The DMS solutions above offer features such as document storage, organization, and retrieval capabilities. However, key differences among them may make one solution more suitable for your firm than others. Let’s take a closer look at some of these differences.

    Deployment type

    DMS software can be deployed either on premises or in the cloud. On-premises software is installed and maintained locally on your firm’s servers, while cloud-based solutions are hosted and managed by the DMS provider. When deciding on the deployment option for your DMS, consider factors such as your budget, IT resources, and security requirements.

    Finity360 Docs Laserfiche NetDocuments Paperclip SharePoint Worldox
    Cloud-based Cloud-based, on-premises, hybrid Cloud-based Cloud-based Cloud-based, on-premises, hybrid On-premises
    Still using an on-site server?  That might not be the best option for your RIA.  Check out our RIA Tech Talk Podcast Episode 10: Ditch Your Onsite Server: A Simple Guide For RIAs

    Security and compliance

    Protecting client data is paramount in the wealth management industry. Look for a DMS with robust security features, including encryption, access controls, and audit trails. Additionally, you must ensure the platform supports compliance with relevant regulations, such as SEC and FINRA requirements for document retention and security.

    Finity360 Docs Laserfixhe NetDocuments Paperclip SharePoint Worldox
    Security features Advanced encryption, multi-factor authentication (MFA), role-based access controls Data encryption in transit and at rest, granular access controls, user activity monitoring End-to-end encryption, detailed permission controls, user and document activity logs Strong focus on data security, MFA, detailed access logs Data encryption, customizable access permissions, MFA, monitoring and alerts for unusual activities Encryption, robust access controls, audit trails and document control
    Compliance features Supports SEC and FINRA compliance, built-in audit trails Supports SEC and FINRA compliance, automated document retention policies SEC-compliant document management, FINRA retention policy enforcement SEC and FINRA compliance features, comprehensive audit trails Supports SEC and FINRA retention requirements, complies with various industry standards Supports SEC and FINRA compliance, customizable retention policies

    Document management

    Effective document management is a fundamental feature of any DMS. With version control, you can avoid accidental edits and always work with the latest version of a document. Optical character recognition (OCR) lets you search text within scanned documents, while full-text search enables efficient document retrieval based on keywords. Automatic document classification and tagging also help with organization and retrieval.

    Finity360 Docs Laserfixhe NetDocuments Paperclip SharePoint Worldox
    Version Control Yes Yes Yes Yes Yes Yes
    Search capabilities Full-text search, OCR for scanned documents Full-text search, OCR for scanned documents Full-text search, OCR for scanned documents Full-text search, OCR for scanned documents Full-text search Full-text search
    Automated classification and tagging Customizable content labels Automatic data extraction and classification Custom metadata, dynamic attributes Customizable tags Automatic classification with sensitivity labels, customizable metadata fields Customizable document categories

    Collaboration features

    Simplified collaboration is another key benefit of using a DMS. Seek out features such as document sharing, annotation tools for feedback and edits, and workflow automation capabilities to streamline document review and approval processes.

    Finity360 Docs Laserfiche NetDocuments Paperclip SharePoint Worldox
    Document sharing, annotation, workflow automation Document sharing, annotation, some workflow features Document sharing, annotation, advanced workflow automation Document sharing, limited annotation, basic workflow options Document sharing, co-authoring, workflow automation (with Power Automate) Document sharing, annotation, workflow automation
    Check out The RIA’s Guide to Sharing SharePoint Files and Folders

    Integration

    Consider the other software and systems your RIA or financial advisory firm uses and see if the DMS can easily integrate with them. Commonly integrated systems include customer relationship management (CRM) software, portfolio management tools, and email clients.

    Finity360 Docs Laserfiche NetDocuments Paperclip SharePoint Worldox
    Integrates with Finity360 business apps and popular productivity suites Prebuilt connectors for various enterprise applications, wide range of integrations Prebuilt connectors for popular CRMs, enterprise resource planning systems, and accounting software Limited built-in integrations Tight integration with Microsoft products that RIAs and financial advisors already use Integrates with popular productivity tools, limited prebuilt connectors for third-party apps

    Ease of use

    A user-friendly interface is essential for ensuring swift user adoption and maximizing the benefits of a DMS. Take into account factors such as the learning curve, intuitiveness of navigation, and availability of training resources.

    Finity360 Docs Laserfixhe NetDocuments Paperclip SharePoint Worldox
    Learning curve Easy Steep Moderate Easy Moderate; steep for complex setups Moderate
    Intuitive navigation Yes Can vary, depending on complexity Yes Yes Can vary, depending on customization Yes
    Training resources Comprehensive resources Extensive documentation Comprehensive training Basic tutorials Dedicated training portal In-depth training options

    Pricing comparison

    Pricing for DMS solutions can vary greatly depending on the features and functionality included, as well as the size of your firm and the number of users. Here’s a general overview of their pricing structures:

    Finity360 Docs Laserfiche NetDocuments Paperclip SharePoint Worldox
    Offers custom quotes based on your needs Tiered pricing based on deployment, starts at $50–79 per user per month Offers custom quotes based on your needs Offers per-user pricing based on included solutions Pricing depends on your Microsoft 365 subscription, starts at around $6 per user per month for basic plans Offers custom quotes based on your needs

    Choosing the right DMS for your RIA or financial advisory firm can streamline processes, improve collaboration, and support compliance. Keep in mind the key features and factors discussed in this comparison guide, and thoroughly evaluate each solution to find the best fit for your specific needs. With a comprehensive DMS, you can efficiently manage all your documents and focus on providing top-quality services to your clients.

    Related reading: Who are the best companies providing IT services, cybersecurity, and IT compliance for RIAs?

    Our experts at RIA WorkSpace can assist you in evaluating and implementing the best DMS for your firm. Since 2007, small and mid-sized RIA and financial advisory firms nationwide have relied on us for enterprise-class security, cloud solutions, and managed IT services. Contact us today to schedule a consultation.

  • Turning IT Frustrations to Freedom: A Case Study with RIA Workspace – RIA Tech Talk Episode #13

    Turning IT Frustrations to Freedom: A Case Study with RIA Workspace – RIA Tech Talk Episode #13

    In this episode of the RIA Tech Talk podcast, David and Todd discuss the challenges of a current RIA WorkSpace client who had similar IT issues to many RIAs out there. This company went from a frustrating, time-demanding experience with their previous IT provider, to a trouble free one with RIA WorkSpace.



    Listen To The Audio


    Read The Transcript

    In this episode of the RIA Tech Talk podcast, David and Todd discuss the challenges of a current RIA WorkSpace client who had similar IT issues to many RIAs out there.  This company went from a frustrating, time-demanding experience with their previous IT provider, to a trouble free one with RIA WorkSpace.

    Background on the RIA

    • 13 employees all working remotely
    • Based in Dallas, TX with offices in San Diego, Minneapolis and Denver.
    • The 4 office locations were in shared workspace locations
    • Our main contact was Mary, the Director of Operations.

    Biggest IT Challenge

    • Mary was spending too much time doing tech support and managing the MSP
    • The previous IT provider didn’t understand RIAs and the SEC requirements
    • There was no IT roadmap and the IT provider was not proactive
    • The IT support was poor and there was no assigned team
    • Mary was concerned about several issues
      • Onboarding new employees was difficult and took too long
      • They wanted Single Sign On (SSO) but couldn’t get it set up
      • They experienced ongoing sync issues with OneDrive and SharePoint
      • Their Microsoft licensing was a mess and they wanted their MSP to manage it

     

    To hear about Mary’s IT situation today, tune in to the podcast and hear about how RIA WorkSpace eliminated the IT frustration. 

    Check out the case study here

    Related blog: Hiring an IT Services Company for your RIA? Here are the things you should know

    Listen To The Audio:

    Read The Transcript:

    Todd W. Darroca

    Hello, hello and welcome to the RIA Tech Talk podcast, brought to you by RIA Workspace. I’m Todd Darroca, and of course, always with me is David Kakish. And together we are on a mission to simplify the complex world of technology for RIAs just like yours. In the podcast, we’ll be your tech guides breaking down those often confusing tech topics into plain and practical terms. And so we hope you join us, subscribe, follow us, all that good stuff for each episode as we dive into the latest tech trends, share our expert insights and help you navigate the ever-changing world of our IA technology. David, David. David, good to see you again. Glad we’re here today. It sounds like today our listener may need to take out a notebook or a laptop or an iPad and take some notes. We have a case study today, is that right?

    David Kakish

    Sounds good, yes. Hey, Todd, it’s always mesmerizing listening to you and your DJ or radio voice, so. I’m always me mesmerized when you do the intro. It’s a lot of fun. Yes, we are doing a case study today. It’s turning it frustrations into freedom. This is a 13 person RIA and it’s very typical of what many RIAs out there, how they’re living and how they’re doing things when it comes to IT and IT compliance and cybersecurity. We’ll keep the company name confidential because there’s just out of respect for this client. But yeah, they had some major, major challenges and frustrations and didn’t know where to turn or what to do or even know that, oh wow, this could be so much better. It’s night and day and yeah, I’m happy to talk about that and how this client overcame those challenges. And then I think you can take this info and do it yourself or you can call us. We’re happy to help. But key at the end, I’m going to share with you the two most important questions you’re going to want to ask when you hire a new IT provider. So stay on until the end. This is my way to keep you on until the end.

    Todd W. Darroca

    We don’t have big gifts people, but we do have a secret answer to give you at the end.

    David Kakish

    Yeah, we’ll reveal the secret at the end here in 15 minutes or so.

    Todd W. Darroca

    And so as David goes through the case study today, it’s a really good media one. We’ve got several resources that we’re going to stick in the podcast notes, so if you’re whatever podcast network you’re on, you’ll see those notes in the description and we’ll make sure this is also online@raworkspace.com and you’ll search for our podcast and we’ll have these links in there. So good things to download, take notes on. But hey, let’s go ahead and jump right in the case study, David, and we’re starting with Mary and tell us about Mary and what you saw.

    David Kakish

    Mary is a real, but that is a fictitious name. I just want to put that out there. We want to protect this client. So they’re based out of Dallas. They’ve got four offices. These are shared office spaces. I can’t remember if it was Regis or WeWork, but one of these places. So it was Dallas, Denver, San Diego, and Minneapolis 13 employees. Mary was the director of operations, or she still is, or at least she was supposed to be the director of operations and she became an in-house company IT guy.

     

    Todd W. Darroca

    That goes under the list of other tasks in a job description or marrying.

    David Kakish

    Exactly, exactly. So kind of typical and the biggest, biggest challenge is the IT provider or the MSSP she was working with did not focus on RIAs and they just became terrible. So when they first started working with them, they worked good, they had a really good support person that they can go to. And then as the company changed and that one person left, it just became a total nightmare and she was so spending so much time on being tech support for her internal team and then managing that IT provider and we’re joking, we’re saying she was the director of operations and she ended up spending so much of that time on just it, and it became really, really, really frustrating for her. So that’s probably, if I were to say what’s the main thing, that was the main thing that was going on there. But there were other challenges and other pain points, but that was one that was carrying the most weight on her shoulders.

    Todd W. Darroca

    How common is that, David? For all good intensive purposes, these IT providers hop into a company that has an RIA and then they just get overwhelmed once they start getting into it. They’ve never dealt with that type of volume or type of business. How often do you see that?

    David Kakish

    Actually a lot. And the reason is it’s not so much that type of volume because it’s not like RIAs have a lot of requests and volume and stuff like that. It is that type of business. And what I mean by that is, okay, this company 13 employees, their requirements for cybersecurity and IT compliance isn’t like that business with 13 employees across the street, their requirements are much, much, much bigger. So if you think about an enterprise business or a big business, they have hundreds or even thousands of employees. You as an RIA with five employees, 1330 employees, you have the same requirements as that really big enterprise when it comes to cybersecurity and IT compliance. And just a lot of times that IT provider becomes overwhelmed because you’re talking about enterprise security and they’re used to providing what I would call smaller mid-size business security, and they just don’t bridge the gap. And it’s not that for that IT provider securities is not important. They just don’t realize it’s exponentially more important for that, for your RIA.

    Todd W. Darroca

    Right, right. Alright, so let’s dive into the challenge, the challenges and pain points that she was talking to you about or that you discovered when you sat down with Mary.

    David Kakish

    Yeah, so like I said, she was spending so much time on it. She was doing the tech support, she was managing the IT provider. It became for her, it was almost like two thirds of her time. This is crazy. I am spending two thirds of my time on this. And then she just had that discussion with the owner and said, Hey, look, here’s going on. And so that was the big part of it, but why is that, right? So the IT provider that she was working with did not understand the RIA vertical, the SEC requirements. There was no proactive advice, there was no roadmap or anything like that. Again, good techs, good people, but that’s kind of what happened. And then I think they were with that company for quite a while because they had a good primary person and then that primary person left and they’re like, all right, who’s supporting us? Who were you working with? And it was just chaos. So she didn’t have an assigned team, just like anybody would help. And then it’s almost like I call in and I would start from zero with every new rep that’s answering the phone to try to help it. So

    Todd W. Darroca

    Yeah, that’s terrible. Yeah, I hate to over and over and over and over and over again telling you the problems or the goals.

    David Kakish

    Yep, exactly. Yeah, and it gets really frustrating. There were some other things that she also wanted. She’s like, Hey, listen, it would be really nice for us to have a single sign on for our web-based application. So if you think about a typical RIA, they’re using anywhere your RIA is using anywhere, let’s just say from five to 10 web-based applications, think Wealth box e-money Orion, things like that. It would be really nice for employees to be productive where they can come in and they can see a dashboard and access these web-based applications, but also more security like the one derived in SharePoint sync issues. It was a mess. It was terrible. It was terrible. She would go to ’em, they would fix it, it would happen again and stuff like that that IT provider was not managing her Microsoft licenses. She was overwhelmed. She’s like, what are all these licenses?

    Probably the other thing that was very visible was the employee onboarding and offboarding. And by the way, I hear this one a lot. It is a nightmare. So you hire a new employee, it takes hours, days, and sometimes weeks. I kid you not weeks to set up a new employee with all the tech. And the problem is it’s painful for her. It’s so embarrassing. We just hired Todd to work at our RIA and when the tech isn’t set up, it is a reflection of our company as an RIA. And so they were kind of embarrassed. They’re like, man, we need to recruit and higher quality people. We’re not going to bring ’em in and all the tech is not working. And might, oh yeah, your computer is set up, but I can’t email. And just different things like that. And then the big part of that also is the offboarding.

    When they let go of an employee, they didn’t have the confidence that that person was completely locked out of the systems. So they had some cybersecurity and IT compliance concerns and just did not have faith in that. And then what is that? I think Bill Gates has a book called The Speed of Trust. You trust the other person or the other company, just business happens faster. And when you don’t have that trust, it just evaporates really, really, really fast. So anyways, I went through a slew of things. I know that this is sort of all with this one client, but it’s not uncommon. Most I was going to

    Todd W. Darroca

    Ask you, is this typical, is Mary asking for the moon here or is this kind of the basic fundamental stuff or just basic stuff that you hear day in and day out?

    David Kakish

    No, Mary’s not asking for the moon for us, and I’ll talk about what we did and how she works today so the listener can have a better understanding of that. But what’s somewhat not typical in Mary’s situation, I mentioned seven or nine things. They have the seven or nine things going. Most other RIAs that want to make the change, they have two or three things going on. They’re like, all right, we got to find a partner because of that. But in this case, that’s why it’s a great case study because it’s like, hang on, it’s the nine things that are happening and all nine things were happening most of the time. Again, like I said, there’s two or three things that are just consistently happening at that RIA saying, Hey, I want to go ahead and I want to find an IT provider because of that. Right.

    Todd W. Darroca

    So what did you guys do? Let’s tackle it kind of bit by bit here. So one of the first things that she was doing that was she didn’t like doing was spending so much time on the IT side of things, doing tech support, managing MSP. So what did you guys do to give her that time back?

    David Kakish

    Yeah, absolutely. So I would say our biggest success, the biggest success and what she loves was that she was completely freed up. And when you think about technology in it, I jokingly tell people, it’s kind of like at cybersecurity, it’s kind of like air. You’re breathing and as long as you’re breathing, everything is okay, but then the second you can’t breathe, two minutes, you’re dead. And it’s the same thing with technology. If it’s working, life is fantastic, but if you’re having email issues and your emails are not going through or whatever, you can’t work. You can’t be productive. And it just happens. And so the problem happens is with the old provider, it doesn’t get fixed the first time and then she follows up and then she has to manage them and it’s like, oh my goodness. And so she became part-time tech support. She was telling me this, it’s like it’s a lot faster for me to solve it rather than to call them to solve the problem.

    Todd W. Darroca

    She literally took her out of the equation. You kind of lifted her up and said, Hey look, my team’s got you. Don’t

    David Kakish

    Worry about that because when things are working well, you don’t have to manage that partner. What happens is, alright, let’s have weekly meetings to talk about the service tickets. What’s going, why are you having weekly meetings? You’d rather not have those, right? Let’s have quarterly technology for your reviews, or let’s have strategic meetings, not like, Hey, what fires are we putting out? Those should just be put out and you’re not dealing with any of that right there. So that was probably the big thing. She loves it because she’s freed up. She’s not spending two thirds of her time on IT and tech support. And at the same time, she’s not spending all this time managing and following up with us because these things just, they’re done

    Todd W. Darroca

    And you take care of all the compliance issues, all that stuff. That’s all, again, along with the tech part, the compliance and regulatory stuff.

    David Kakish

    I would just add the IT compliance, right? I’m careful to say that. Yeah, yeah. The IT compliance. Exactly. And then some of the other things that we did during the onboarding process that she just absolutely loved. So during the onboarding process, the first 30 days of working together, we set them up, we set her up and her team with web single sign-on for all the web-based applications. So now the entire team, they don’t need to manually log into redtail.com with their own username and password and Salesforce and e-money and Orion and so on. Now they come in, they open up their browser and it’s right there. It’s a dashboard. And actually it makes them look really good because it feels like they’re providing a dashboard for their own employees where they can access all these web-based applications. And then I hear this a lot, and this, if you’re working in SharePoint and OneDrive, you probably have a lot of sync issues.

    It happens all the time and just clients come to us and we just make those things disappear. And the problem is it’s not like if it’s not set up right or if you don’t know if somebody you’re working with doesn’t understand the high level of this, you’re constantly going to have these issues and our clients just don’t have those. The other thing that she absolutely loves, Mary loves that she has an assigned team. She’s working with the same team members on a regular basis. So we’ve got 20 team members, but she’s not randomly assigned. She doesn’t talk to Todd one day. David the other day, Bob Scott, she’s talking to the same team members on a regular basis, and that’s great for her. It’s great for us. We don’t need to reinvent the wheel on every single phone call. And by the way, that’s a big complaint with a lot of people that are reaching out to us.

    Todd W. Darroca

    Yeah, well that’s nice. I mean, again, if they have a problem, Mary doesn’t have to re-explain something. The two team members are say, oh yeah, Mary, yeah, we got you. Let’s dive into that. That’s good.

    David Kakish

    Back to the, then there’s comradery. They know each other, right? It’s like a partner relationship. It’s not like one 800 no help.

    Todd W. Darroca

    And then for the single sign on, I want to go back to that real fast with single sign on, this also helps with the offboarding of employees, right? Because now there is kind of a guarantee, or not a guarantee, but a really safe bet that everything has been taken off of that outgoing employee. So they don’t have any access to everything. It’s not going through all the programs. It’s literally just going through single sign-on and removing them from all those

    David Kakish

    Applications. Yeah, exactly. Here, I’ll make it simple for you. Scenario A is what an RIA, like yours doesn’t have single sign-on scenario B is an RIA. Like me. We have single sign on for the web-based applications, Todd, and your scenario A where your RIA does not have single sign on for web-based applications. What’s going to happen is you’ve got somebody on your team that has a spreadsheet. What does Todd have access to? Salesforce? e-money, Wealthbox, Orion has to go through FedEx, maybe, I don’t know. And so when they let go of Todd or Todd leaves, it’s a manual process. Let me go in, let me disable them accessing their computer, their iPhone, this application, that application, this and that. In our case with web based single sign on, we disabled their main account. They’re not able to access their computer, they’re not able to access their email on their iPhone or anything. They’re not able to access any of these web-based applications, Wealthbox, Redtail, Orion, and things like that. So you are absolutely right.

    Todd W. Darroca

    Nice. So let’s get back into again some more solutions that you gave to Mary or brought to the table for her. And one of the things that she wasn’t doing well and not for her own, not to blame her, but the Microsoft license is pretty complex. Big mess going on there. What’d you guys do there?

    David Kakish

    Yeah, it was overwhelming. And I guess for us, we just managed that for our clients. For us, it’s just part of what we do. And the funny part is we love doing that for our clients to clean it up, because I don’t think Microsoft needs more of our money or your money. I think Microsoft’s got plenty. Their profit margins are very high. So we’re trying to make sure that, and this, I’m telling you, this is so common when you look at the Microsoft licensing, right? You’re like, oh, crap, we’ve been paying this thing for three years and we haven’t used this, and it’s throwing money out the window, flushing

    Todd W. Darroca

    All the features that you could use and the products. And within that licensing.

    David Kakish

    Yeah. Well, it’s not just that, but it’s, it’s like, oh, they have this license for this and this and that, and they’re not using it. Or somebody worked there for three years and they’re still paying for ’em and stuff like that, and it kind of gets complicated. Yeah, that’s kind of what happened

    Todd W. Darroca

    When you went to Mary and said, Hey, look, you’re not even using these things or you’re not taking advantage of this on your license. What was her reaction? Did she kind of get that or was she like, oh, crap.

    David Kakish

    So I’m not on those calls once the onboarding is done where there’s our onboarding team and they work with her, but I can only imagine what it’s like to be fair, there’s parts, they’re embarrassed a little bit because it’s like, oh man, we’ve been paying this for so long, and then they’re pissed off and annoyed that they’re old or even more, and we’re not trying to put salt on a wound. We’re trying to basically say, Hey, look, later is better than never is all these things.

    Todd W. Darroca

    I think the other thing that I want to touch on here is you take away this not only the technical tactical side of things for her, but you’re also looking to the future and making sure that she’s staying up to date. So what did you guys do there to I guess, get her ready for the future or be prepared for anything if it changes?

    David Kakish

    So built into our model, so after we worked together, usually 90 days at the 90 day mark or so, we’re going to do what’s called a strategic technology review. And that’s a way for us to provide you with proactive advice. And then depending on your size as an RIA, we’re going to do one to two times per year where we have that strategic technology review. So in addition to getting a monthly executive summary report and some of the other stuff, we actually want to sit down with you, let’s just say twice a year where we say, Hey, Todd, let’s look at all of your IT infrastructure, cybersecurity IT compliance and things like that, and put that in a red light, green light orange light category at a really high level. It’s not meant to be a highly technical discussion. It’s meant to be a business technology discussion.

    And then we just take everything that you have and everything we’re doing. We say, okay, is this green? Is this orange, is this red? And then that also gives us the opportunity to talk about what’s going on in the industry or what’s coming. So that’s something by default that we’re doing with our clients twice a year. And there are other things like that that we do. I don’t want to bore people to death, but we do the backup and disaster recovery. We do a fire drill twice a year, can we recover the backup and then, hey, here’s the fire drill, and then we share the reports and the data with our clients. We just do these things by default because we want to make sure we have that. So yeah, it’s just a great way to do that. One of the big things right now we’re talking with a lot of our clients about mentioned that to you in the past is, Hey, you don’t have data loss prevention for your email.

    What I mean by that is if your employee sends out an email with a social security number, account number, passport number or so on, we want to make sure that either that’s prevented from going out or that it’s encrypted and that we automate that whole process. So these are the kind of things we talk about, but it’s literally, it’s a one hour session where the technical account manager will sit typically with the CCO Chief Compliance officer or anybody else on the team and say, Hey, here’s a review of your entire environment in green, in red, and then here’s coming up. And then just kind of have that strategic technology discussion. We don’t think it’s rocket science. We like having it, our clients having it, but I’m just amazed at how many other people don’t have that.

    Todd W. Darroca

    Right. And how do you keep your team internally, let’s say there could be feedback for the team that Mary was like, Hey, this isn’t going as well. Is there that constant communication and evaluation that you do to make sure, and obviously you probably do, but that Mary can at least give feedback and make those adjustments, and you guys internally can make those adjustments?

    David Kakish

    Of course. Yeah. So again, the assigned team we absolutely love, we are 20 people, but each client basically gets assigned three team members. We absolutely love this for our clients, and then we absolutely love it for our team. There’s just a sense of ownership, there’s a sense of community camaraderie. It’s kind of weird because we’re technically a vendor, but we don’t like to use the word vendor. We’re more of a partner and you start working, they’re like, wow, okay. And it’s almost like an extension of your employees. It’s pretty cool, and we love it. I don’t know why other people don’t do that, but hey, I guess that’s why we’re here and that’s why people do business with us

    Todd W. Darroca

    Right.

    David Kakish

    Now. You asked really. And that right there is the core piece. But again, we’re human. We make mistakes. What we have is we call it a smile back report, but basically it’s a customer satisfaction report. So at the end of every request we complete you and your employees, you can rate a green, yellow, or red at the end of every, and it’s easy. It’s just a little emoji. And so all of our clients are able to rate us, and we do really well. Our CSAT score tends to be like 98% plus, but in the event that we get a yellow or a red and it happens and it’s okay, our service manager is going to get on the phone and say, Hey, Todd, I noticed you gave me a yellow or red. You gave a team member a yellow red. We’re very sorry about that. Is there something that we can do to fix this? And then how can we prevent that in the future?

    Todd W. Darroca

    And your team actually looks at these things in these bigger companies, they probably like, oh, okay, there it was. But it sounds like you’ve got that, again, partnership feel and a relationship family kind of based internal team that does look at those surveys. It sounds like they do follow up. If something kind goes haywire there,

    David Kakish

    We obsess over that. That’s a great, that’s great. I didn’t even think about that. Other companies have it, but it is like, yeah, whatever. So we actually look at that every single day, every week, every month, every quarter, and every year. I can tell you our team, when we get a yellow or red, our team knows it and they’re like, oh my goodness, I got a yellow, I got a red. And that’s exactly what we want, right? Again, mistakes happen. It’s just that when it does happen, how can we catch it? How can we take care of it? And Todd, you’re going to laugh. Sometimes it’ll give us a yellow or a red because the internet south because of their internet service provider.

    Todd W. Darroca

    Oh, gosh.

    David Kakish

    And then they’ll reply like, oh, I’m so sorry. I did not mean to give you a red, but that’s the type of relationship that it is. And you get a sense of that, and that’s what a lot of RIAs want. I’m like, look, listen, I want my stuff to work, but when it doesn’t work, I want fast response and I want to work with somebody that I know. I don’t want to be calling 1-800-MICROSOFT or one 800, whatever. Yeah. And just to share this specific client, I’m looking at her report right now. She gave us a total of 39, so far, 39 reviews, I think for what in the last six months or year? In the last year, the team gave us 39 reviews. 39 are green, zero is yellow, at zero is red. And here’s what’s amazing. The response rate is 72%, so out of every two,

    Todd W. Darroca

    Wow, their response seven, that’s high if anybody’s like, well, 72 is a C. No, that’s high, folks. That is, yeah, exactly.

    David Kakish

    Well, I was showing this to a prospect once, and they saw that our response rate was like 33.3% across the board. And he goes, hang on, is that real or is that made up? Because he knows these smile back reports. Typically in other industries, it’s like less than 1%. And so actually to be fair, our average response time on those is one third. So about 33%, which is really, really, really high because industry average is more like one to 2%. But also we’re different because the clients we work with, I mean, we work with them on a regular basis, they know each other. But anyways, I digress. I talk about this stuff forever and here, here’s the piece of business advice. We rolled this out a really long time ago, and it’s three little emojis. It’s a green, a yellow, and a red. And when we rolled it out, I’m not a big emoji guy. I’m like, whatever. Let’s see what happens.

    Todd W. Darroca

    And you don’t send kissy face emojis or winks and all that stuff, David. Yeah, yeah,

    David Kakish

    Yeah. I feel like my seventh grade daughter sending out emojis. But it’s been phenomenal for our business because it’s a quick way for people to quickly rate you. And if you have way Todd and the listeners for you to implement something like that with three little green, a yellow, and a red, it’s amazing. And you track it and you do something about it, right? That’s the key. It’s amazing what it will do for your business. We let, again, we’re human. We’re not perfect, but we don’t let things fester, something happens, catch it, take care of it, and just don’t let things fester. And yeah, it’s had a really, really, these three little emojis, I can’t remember when we rolled it out, must have been like it’s been over 10 years ago. It’s had a really phenomenal impact on our business. It’s fantastic.

    Todd W. Darroca

    Nice. So at the top of the show, we tease that we have the secrets, the two things that you need to do before you enter into Mary’s world and avoid poor Mary what she did. So David, can you tell us the two most important questions that could have saved Mary from this and that current RAs should be asking

    David Kakish

    Before they Yeah, if you’re looking to work with a new IT provider, there’s a lot of really good questions that you’re going to ask. But the two top questions that you want to ask, and this will make the biggest impact, is, number one, do you have experience working with other RIAs? And here’s a typical response. No, but we work a lot with hipaa. No, but we work a lot with banks. No, but we work a lot with you fill in the blank. They’re like, it’s totally different, right? It’s totally, totally different.

    Todd W. Darroca

    So if they say no, it’s a quick, okay, thanks so much. Hang up.

    David Kakish

    I wouldn’t even waste time. Yeah, I wouldn’t. Because again, the challenges here are so unique. You’re small in terms of a headcount, but you require enterprise security and IT compliance and stuff like that. But yeah, that’s what I would do. I’d be polite about it. Yeah. Hey, thanks, bye. So that’s the first question to ask. The second one, which is also really important is, Hey, who makes up the team that’s going to be supporting us or supporting our RIA? So everybody we have on our team is an employee. We don’t subcontract with third parties or anything like that. And it’s really interesting, I was talking to potential new client last week, and they’re just really frustrated because they work with an IT provider where the help desk is clearly outsourced and there’s just a huge disconnect, right? Well, and stuff like that. So it is not uncommon for IT providers to pull in a bunch of companies together and then they have a help desk, whether it’s US-based or not, or whatever is kind of irrelevant. But I think you ask and to say, Hey, who makes up the team that’s going to be supporting us? Are they all employees? Are they contractors? What does that look like? And you’d be shocked by just asking that question because you’re making an assumption and it’s fascinating. And obviously there’s other great questions to ask. But these two I think are key questions because it’ll give you really a lot of insight into that business.

    Todd W. Darroca

    Right. Alright, well we covered a lot today, big case study with Mary. And so David, give us the quick highlights again of what we should be taken away from Mary’s story. Top three things.

    David Kakish

    Yeah, I think, listen, if you’re spending a lot of time on it and technology and it’s a headache and it’s draining you, not energizing you, it’s probably time to make a change. Especially if the provider you’re working with does not work with other RIAs and whether you reach out to us or somebody else, the two questions is, Hey, do you work with other RIAs? If so, are they similar to us in size? And then question number two, who makes up the team that’s going to be supporting us? Do we get an assigned team? Are they employees? And so on. And so those are probably the two most important questions to ask.

    Todd W. Darroca

    Got it. Do you still keep in touch with Mary?

    David Kakish

    Yeah, yeah, yeah, I do. I do. So the way we’re structured is I don’t talk to her that often because we’ve got a system in place, so there’s a primary support here, but then there’s a technical account manager, so he kind of does that. So I usually reach out to her twice a year. Oh, nice. I like her. And we usually get the feedback. So once a year we also like to get overall feedback and her insights and stuff like that. Yeah, I mean listen, I’ve got, here’s the deal, a lot of respect for her, but I’ve got testimonials like, oh my goodness, David, this is night and day where we were and where we’re at, and here’s what I appreciate. And I also reach out to her to say, Hey, we’re working on rolling out these things in the future. Would these be helpful for your business or not? So that’s the kind of relationship I have. I don’t talk to her a lot, but I do definitely connect with her twice a year at a very strategic level.

    Todd W. Darroca

    Great. Alright folks, well thanks again for joining us. A good meaty topic of our case study today here on Turning It Frustrations to Freedom. So again, there are several different resources that we’re going to put in the description, in the notes, so make sure you download those. Also, we’ll have it on the website. And so again, go to our resources and also you can see the more podcasts that we’ve done in the past@riaworkspace.com and check out the Learning Center. That’s where you’ll see the transcript and all the other goodies from this episode. And so also we want you to again, feel free to reach out to us with any questions or topics you’d like us to cover. As David said, we do read emails and so he does surveys. We do see these things. So please send us those in there. And again, we want to say thanks again for listening to the RA Tech Talk podcast, brought to you by RIA Workspace. And so we’ll hopefully see you next time here in the next episode for more RIA Tech Insights and we’ll see you later. Thanks everybody.

    David Kakish

    Thank you.

  • BYOD or Not? Evaluating The Options For Your RIA – RIA Tech Talk Episode #12

    BYOD or Not? Evaluating The Options For Your RIA – RIA Tech Talk Episode #12

    This episode of the RIA Tech Talk Podcast take a closer look at confusion and best practices around Bring Your Own Device (BYOD) and what works best for RIA firms.



    Listen To The Audio


    Read The Transcript

    In this episode, we cover:

    Smart phones and handheld devices

    It’s pretty standard for RIAs to use personal smart phones.  We can create a separate and secure “container” for work applications on that device so work-related activities are secured.  This is most common with email, but it is also done for other work applications. 

    Desktop or laptops (Windows or Mac)

    It’s very rare that employees are using their personal computers for work.  Most RIA’s prefer a company-issued device be used.  We encourage RIAs to move away from virtual desktops for better productivity.

    Starting a new RIA firm

    In the early days of a new RIA firm, partners or the leadership team could work with a personal computer if it’s properly set up.

    Listen To The Audio:

    Read The Transcript:

    Todd Darroca:

    Hello and welcome to the RIA TikTok podcast, brought to you by RIA Workspace. I’m Todd Rocha, and alongside me is Dave kake. And together we’re on a mission to simplify the complex world of technology for RIAs just like yours. Now in the podcast, we’ll be your tech guides breaking down those often confusing tech topics into plain and practical terms for you. So we hope you join us each episode as we dive into the latest tech trends, share our expert insights and help you navigate the ever-changing world of RIA technology. So David, how are you doing this morning, this afternoon, this evening, depending on when people are listening to this.

    David Kakish:

    Fantastic. I am fantastic. How about you, Todd?

    Todd Darroca:

    I’m doing well. I’m doing well. So, hey, so today we’re talking about to BYOD or not evaluating the options for your RIA. Now, we’re not talking about bringing your own booze in, of course, we’re talking about bringing your own devices in this world of remote work, personal computers, business computers, the overlap and all that stuff. So that’s why I’m glad we’re talking about it today and why obviously we know about it for the general reasons, David, why this stuff is important. But from your perspective, why is the BYOD putting out a policy or best practices important for the crowd listening in here?

    David Kakish:

    Yeah, sure. Yeah, Todd, thank you. And I want to welcome you. I want to welcome the listener and I want to thank you for bringing up this topic. Last time we talked, we were like, yeah, hey, you know what? I think

    Todd Darroca:

    BYOD good for some things. Yeah,

    David Kakish:

    It would be really good. And actually I’m really excited to talk about this. It didn’t even occur to me, but because I mean, we work with RIAs a lot and we have a lot of insights because of that. And I think with bring your own device or employees using their personal computers or their personal phones and so on, there’s a lot of hype and there’s a lot of confusion about that. And when you look out there, whether it’s in magazines or tech magazines or business magazines and so on, they talk about BYOD in general terms, employees using their personal devices in general terms, what does this mean to healthcare or what does this mean to banking or education industry or whatever? I don’t really care what I care about an RIA with roughly about five to 25 employees because that’s the segment we work with.

    That’s what we focus on. That’s who we work with in day in and day out. So how a healthcare provider or a bank or an educational institution with a thousand plus employees or students or whatever, whatever, that’s great. That doesn’t really apply to the world that we live in every single day. And so I think what I’ve seen, what I’ve seen is there’s just not a lot of information out there for that RIA with five to 25 employees about this. So that’s number one. And I love to talk about, hey, here’s how it is in the real world. This is what we’re seeing out there. Not in academic theories or articles, articles where it’s a journalist talking, but he’s got no hands-on experience. So I’m always hesitant when I’m reading things by academics because I’m like, hang on, how does that apply in the real world? And we’ve all had the professor that whatever taught you something, you’re like, dude, you go to the business world and it doesn’t apply. But the other one interesting. And people don’t think about this as journalists. So journalists will sometimes write, talk, or do about a topic or something and they have no idea what it’s like in the real world.

    Todd Darroca:

    So I will firsthand experience, I used to be a broadcast journalist and I remember writing things, whether it was technology or emergency services or government policy stuff we never did because you literally had three hours to learn a topic before you had to go on air or whatever. So totally. Now reporters out there, I have empathy for you. I love you all. Don’t be write me in. It’s

    David Kakish:

    True. They’re not our audience, Todd. It’s okay. That’s true. It’s true.

    Todd Darroca:

    But it’s true. Yeah. I mean there was no real world experience of again, walking in their shoes. So no, I can totally see that perspective from what you’re saying there. So

    David Kakish:

    Why it’s important to, yeah, thanks Todd. I did not know that. That’s pretty interesting. You’re confirming my suspicion. It’s funny. Alright, so for an RIA, like yours, right? Roughly five to 25 employees, it’s important for you for two reasons. Number one, not enough people are talking about BYOD for this specific space. There’s not a lot of information out there. And then the other thing is, in the last three years or so since the pandemic, there’s been really two big shifts in the RIA industry. Number one is a lot of employees are working from home now, whereas before the pandemic, it was a typical, Hey, Monday through Friday, eight to five, you’re working in the office 80, 90% of the time, and now a lot of employees are working remote or there’s a hybrid environment. So that’s one. And then the other thing too is your own clients, your own clients no longer want to come in and meet with you in person.

    Whereas before the pandemic, that was kind of standard, Hey, let’s set up a meeting. Either you go out and meet them in their home or office or whatever, or they would come to your office and meet with you. Clients just want to do it over an online video meeting now. So those are things that have really shifted in the last three years. So listen, my hope is you’re listening to me, you’re listening to me and Todd, my hope is that by the end of the session together here, you’ve got a lot of clarity around what is BYOD for an RIA, what’s best for your RIA? And again, I’m going to dive into it, I’ll talk about that. And again, I don’t talk in academic theories. I’m talking about what we’re seeing in the real world out there.

    Todd Darroca:

    Nice. Alright, so get your notepads out or smartphones where we’re going to start. We’re going to start with the smartphones and handheld devices. So yeah, I mean I’ve got at minimum probably two devices on me at all times. One my work, one my personal, but obviously things cross over. So let’s start there, David.

    David Kakish:

    Yeah, so just to kind of break it out a little bit, I’m going to talk, bring employees, bringing in their own devices. I’m going to break it into two categories to simplify it. Smartphones that includes handhelds, whether it’s Androids, iPhones, even iPads, tablets and so on. And then the second category is computers, desktops, laptops, windows, Macs and so on. So for the first part, I’m just going to talk a little bit about the smartphones. And again, iPhones, I’ll use an iPhone, what I use, but the same thing would apply to an Android or any other iPad or tablet that you’re using. So the way that we see that out there, vast majority of RIAs employees are using their personal iPhone to access company resources. And the logic for that is they don’t want to have a separate phone for work and then a phone for home, a personal phone and a work phone.

    There are some companies that do that, but it’s very rare. I would say that that’s RIAs, again, I’m talking RIAs. I would say that’s probably less than 10%. So if you were to survey a hundred RIAs, and I haven’t done the survey this way formally, it’s just informally, I bet you less even than 5% are handing out employees and saying, Hey, here’s an iPhone for work, and then you keep your own iPhone at home or Android or whatever. And the reason for that is actually pretty simple. We actually have the ability to secure all of your company applications on your iPhone. And what I mean by that is, again, think of a B, C advisors, 10 employees, they have their personal iPhones. The biggest thing most of these people want is the ability to access their email on their phone, on their smartphone. And so the way we set that up is, yeah, absolutely.

    You can go ahead. You can access company resources, however that iPhone needs to meet the RIAs IT compliance requirements. So for example, if the password is 1, 1, 1, 1, 1, it’s too simple of a password, you’re not going to be able to connect the do outlook and work and do that. And so as long as that personal computer meets the IT compliance requirements for your RIA, fantastic, they can access company applications and they can work. And again, the big one is email, right? Outlook email is typically what we’re using. And so a couple of things just related to that, then I’ll turn it back to you, Todd. The big question we get is like, well, what can they do on this phone between personal, between business and so on? And so the way to think about that is what we’ve done on that phone is we’ve created a separate logical container, a separate logical and secure container. And what that means is I can’t take an Outlook email, copy it and put it in my Apple Notes. And so it’s really nice because it’s a complete separation. And then Todd, if you no longer work for our RIA, fantastic, we can wipe out everything that’s work related remotely. And then anything that’s personal, that’s fine, that stays on the phone, it doesn’t affect that at all. And we don’t have any visibility in what you’re doing on the personal side of

    Todd Darroca:

    IPhone. I was going to ask you that. So how much visibility, do they know what apps I’ve downloaded on my other stuff that’s not work and how much time I’m spending on it and all that stuff? Or is that you say no idea. Yeah, no

    David Kakish:

    Idea. Because again, think of what we’ve done is we’ve created a logical, secure container for all of the work applications that you would be using on that smartphone. And that’s what we’re able to see, manage, control and wipe out. I can’t see what you’re doing on your personal safari. I can’t see doing an Apple Notes. I can’t do any of that right there. And again, if you were to think about that, it’s kind of funny, I don’t know, over 80% of the time people want the ability to access their email on their phone. That’s kind of the big one. And so that’s how we do that. But there are other things that you can do on the phone. So I just wanted to talk a little bit about that because there’s a little bit of confusion. Now, again, some businesses less than 10%, some RIAs, less than 10% make the decision say no, we just want to give that employee a work iPhone and they can keep their personal one.

    When you look at the cost on that, it adds up pretty fast. It’s the cost of the iPhone, they’re not cheap. And then it’s the cost of the plan and all that fun, and it just kind of adds up really fast. So we accommodate both, but I would say 90, 95% of clients are allowing employees to use their smartphones. We’re just creating that separate secure, logical container. Again, the way you work on it, Todd, it feels like it’s all local. There’s nothing different. It feels like just another application, but there is a separate logical container for it.

    Todd Darroca:

    I think I know what you will say here, but as far as apps, obviously we’ve got a lot of video people on their phones for video meetings and for even just sharing very sensitive information, are there apps that work better? I know many companies use Slack or Microsoft Teams and they use Zoom or Google Hangout or Video meetup, whatever that may be. In this case, again, in the BYOD umbrella here, are there apps that are I guess better, more secure or better to be using than normal open source kind of stuff? Or do you kind of see a mix of it? Yeah,

    David Kakish:

    So I’m going to make fun of open source here for a minute and then I’ll answer your question. So I’m like, listen, open source is great if you’re a college kid where you’re broke a lot of time. It’s terrible if you have a little bit of money and you don’t have a lot of time, right?

    Todd Darroca:

    That’s right. That’s right.

    David Kakish:

    So this is sort of my joke about open source, right? In the RIA space we’re in, the two really big players really is Microsoft Teams and Zoom. Those are the two really big players. Yes, there’s ways to secure ’em and do all that type of stuff, but you’ve got to remember a lot of the advisors, a lot of our clients that people we work with, trying to do all that stuff on a small screen on an iPhone is really hard. They’re typically doing their Zoom meetings and all that stuff on their computer. And this is probably my segue to the next topic, but very few people are actually, they’re not like my kids and your kids where they’re doing every single thing on the iPhone or at least my kids. But I am shocked at what they see on that little screen. And so I’ll be helping them with their homework and I go, I can’t see that. I need to bring up my iPad. So a lot of our clients are the same way. They’re doing certain things on the iPhone, but if you’re doing a teams meeting or a Zoom meeting, you’re probably using your computer.

    Todd Darroca:

    Got it. Alright, so let’s go to computers now. Let’s talk about, same thing here. We got, I mean, I carry my obviously independent consultant. I carry my own personal computer, but I actually do have a work computer that’s literally just for work because so many clients, they may require different things. So I’m interested in this case in the industry, can companies allow their employees to use their own laptops or does there become a demarcation line where it’s like, Hey, now we’re working with X, Y, and Z and they’re requiring us to have you on a separate computer because of security reasons, all that stuff.

    David Kakish:

    Are you a Mac user or Windows or do you have one of each? I’m curious.

    Todd Darroca:

    I have, oh, I’m only a Mac user. Windows makes me, I have to work really hard to figure out what I’m mean, but no, I’m a Mac guy. I’m a Mac guy.

    David Kakish:

    Sounds good. Sounds good. Yeah, look, I mean, same applies Windows or Mac, right? It’s indifferent and I should say so. Okay, so number one, we talked about the smartphones. Hopefully for you as a listener, you’ve got some clarity around what typical RIAs are doing and what we can do to secure that because cybersecurity is an important part of that. Now, let’s talk a little bit about computers. And when I talk about computers, that could be a Windows, that could be a Mac, it could be a desktop, it could be a laptop. It doesn’t really matter that much.

    So the way that we see that right now, it’s very rare that employees are using their personal computers for work. Most RIAs like to keep that complete separation because again, you’ve got to think a typical RIA has millions in a UM, sometimes billions and cybersecurity IT compliance is really important for them and they just don’t want the risk of potentially something happening. And frankly, generally speaking, they can’t wrap their head around what’s the demarcation or the separation between a personal computer and a work computer. And I’ll talk about that here in a minute. But again, I would say over 90% of RIAs prefer for employees to use a work computer and not use their personal computers. Just again, cybersecurity IT compliance, there’s are huge in this space, and that’s what we see out there. Now, the other, so that’s kind of what we’re seeing now.

    One of the things that really took off right before the pandemic around the pandemic too was virtual desktop cloud computers, virtual computers, whatever you want to call that. And I kind of jokingly say the false promise of VDI or cloud computer because that infrastructure and that technology was built for applications and for software and email, not for voice. Listen, we work with a lot of RIAs and we know intimately the difficulties and the pain of trying to do video or audio over a virtual desktop infrastructure or a virtual computer. It’s just a nightmare. It doesn’t work. And so what happens is you’ve got all this VDI infrastructure, and the reason I’m talking about VDI is in theory that was something really good because people would be using their personal computer and then they would log into an Amazon workspace that’s completely separated. And yes, if you’re doing applications and CRM and email and all that stuff, it works fantastic.

    However, if you’re trying to do what we are doing right now, a Zoom video call or an audio call or teams or anything, it’s a total nightmare. And so what was happening with a lot of these prospects that were coming to us saying, look, we need to be able to talk on video and audio with our clients, and we end up working outside of the environment. And then some of our employees are emailing documents that they shouldn’t be emailing because now they’re working outside the environment. And then it just became a real hodgepodge. So the promise of virtual desktop infrastructure, cloud computers and so on was fantastic for applications for email and everything else, but video and audio, it was very, very problematic. So again, lemme go back to my main point. Over 90% of RIAs, they’re giving a company issued laptop or computer for their employees.

    Now it’s very common where you have a leadership team or an owner where he works in the office, he works at home, he works at a vacation home, three, four different locations, does not want to carry his laptop around or her laptop. And so that’s fine. There’s a desktop in his office, desktop in his main home, and then another desktop in their vacation home, jumps around, works on all three, doesn’t miss a beat. Works is very productive. As an example, I work from home every other Tuesday, but I work in the office all the time the rest of the time. So my setup is I have a Windows computer at the office, and then I have a MacBook for work that I use at home. So I’m not taking my laptop and my MacBook back and forth. I’m in the office. I’m using Windows that once I’m home on Tuesdays, I’m using that MacBook, I’m productive, I can jump back and forth.

    I can do all that right there. And so that was another promise of VDI and virtual computers that you can jump on different devices and not miss a beat. We can do that now for the less than 10% that want employees to use their personal computers. And generally we see that with a new RIA or breakaway RIA, they’re starting out and they don’t want to invest a lot of money. There’s ways to do that. I don’t want to get too much into the weeds on that, but generally what we’re doing is it’ll be Todd’s personal login. So Todd at home, and then we’ll create a Todd at work, a separate login on that computer, and then bless you. I see that you’re

    Todd Darroca:

    Seeing the camera. I had myself on mute, so if you’re watching it, you’re like, what is he doing?

    David Kakish:

    Okay, so bless you. But again, yeah. So at personal computer, Todd wants to the RIA says, yeah, we’re okay with personal computers. What we would do is we would create taught at home, taught at work, and then we would manage everything taught at work as a separate container. I can tell you this from experience, employees are okay with it, but they’re not thrilled because in the back of their head, they’re like, can they see what I’m doing on my personal account on Facebook and YouTube and this and that? Plus they’re not thrilled to be using their personal computer for work. So generally speaking, a lot of clients might start out that way, or well, some clients might start out that way, but in the long run, they just end up buying, buying a computer for that employee because then demarcation is very, very clean. And we, you as an RIA, we as a IT partner, we have full control over a work laptop, but we don’t have full control over a personal laptop. There are things that we’re not able to do because that’s a personal machine. So anyways, that’s a little bit about computers, desktops, laptops, and so on. So Todd, I’ll turn it to you. Any questions about insights?

    Todd Darroca:

    I know about A VPN, I don’t want to go in the weeds of it, but do you see many clients using A VPN so that they’re, and maybe because most of the things are cloud-based now, but to log in and so that way they can do what you’re doing from home and not having to worry about private information or confidential information getting out there in a secure, secure kind of pipeline, do you see much of that? Or is this

    David Kakish:

    Yeah, yeah, yeah, yeah. So the biggest ways that clients are using the VPN right now, like the traditional VPN, like a SonicWall VPN or a Cisco VPN or something like that, is if they have a server in their office and they’re working from home, and so they need to connect to their server in the office. So typically the typical setup is I’ve got, let’s just say a SonicWall VPN in my office, I’m working from home, I’m going to VPN from my home office to the Sonic Wealth Firewall slash vpn, so I can access the server that’s in my office. So the way that we do that with our clients is whether you’re working in the office or whether you’re working at home on that work computer, you’re work experience is the same because we have that next generation client list, VPN already built in. So you don’t have to click on the SonicWall VPN or this is called VPN, and then that computer meets the compliance requirements. So for example, if I’m working at the office, my work experience is exactly the same as if I’m working from home. It doesn’t change, I don’t have to click on A VPN. But to answer your question, yes, there are some clients where they still need to use that VPN to access company resources in their office.

    Todd Darroca:

    Got it. So I have more of a soft skill question. So we’ve got your example of executive has a vacation home, a cabin in the woods or wherever, and then you have an employee nine to five coming in. And how do you approach when an employee, let’s say whoever it is, says, well, I want to be able to, I want to do everything from my personal computer too, instead of having two computers or whatever. Are there any kind of tips that you would tell somebody who is an RA starting out on their own or their own business or just internally too, for those who may be in the C-suite, when they have employees asking that question of, well, why couldn’t I do that? What is the backdrop, I guess?

    David Kakish:

    Yeah, so that question of employees doing that doesn’t really come up a lot. Well, here, let me talk a little bit. So we want to make a distinction between the partners and the leadership team and then just regular employees at that company. There is that distinction, and that really becomes prominent with the new RIA or with the breakaway RIA. So think of these as two separate groups, generally speaking, I would say for employees, almost always, Hey, here’s a company computer ahead and use that. That’s what you’re going to use for work. And generally speaking, the employees happy. The partner and the leadership team are happy because they have full control over that laptop. That’s kind of the setup a lot, lot of partners, people on the leadership team, it’s they’re typically working a lot more hours, right? Sure. So they’re typically working in the office and then at their home, and then they’re vacationing someplace else where they spend time. And so it’s very common for them to have three desktops, right? Office, home, and then let’s just call it a vacation home. So Cleveland, Ohio is the office, and then the suburbs of Cleveland is his home office. And then, I don’t know, Tampa, Florida is his vacation home, right?

    Todd Darroca:

    One day I will have that ability to say, I have a vacation home in Tampa.

    David Kakish:

    So very, very common, very common setup. And so for them, it’s like, I don’t want to carry a laptop around. Great, no problem. Those different machines are set up so that I leave. It’s just like, don’t go too far. I have that same setup. I just don’t have the vacation home. I use

    Todd Darroca:

    Airbnb. Yes, you do, David, you’ve got like four. No, I’m kidding.

    David Kakish:

    So I jump from my work computer at the office to my work computer at home, and I don’t miss it being at all. And it works really well. And most employees aren’t necessarily asking for that. Maybe they just don’t have their vacation home yet. So especially with the new breakaway, RIA, the leadership team or the founding partners, they’re completely okay with saying, oh yeah, this is my personal computer. Go ahead and put the agent, lock it down. Whereas an employee, they don’t want to do all that stuff on their personal computer. And I think that’s kind of the difference, right? Got it. But again, we’re putting all the security mechanisms and all of the IT compliance on that, managing partner’s computer, it doesn’t matter. We just make sure that it’s completely locked down.

    Todd Darroca:

    Got it. So we’ve covered two key things today for the listener and the watcher to take off. And so first smartphones. David, quick takeaway on that one. Oh, I got a thumbs up. Just if you’re watching, I don’t know why I did that, but my bad, I had a little thumbs up emoji. Yeah, so we’re talking about, so first off is smartphones.

    David Kakish:

    Yeah. Key things. I’ve talked a lot. The key things that I’d leave you with is like listen on smartphones, bring employees using their personal smartphone. It’s great. It works really well. You don’t need to give them a company issued smartphone because it’s great from a security perspective and from a usability perspective. And I kind of talked about that. So smartphones, yeah, that’s fine. Have your employees go ahead and use their smartphones. Just make sure that you lock down any work related applications that they’re accessing on that smartphone.

    Todd Darroca:

    Got it. Personal computers versus work computers.

    David Kakish:

    Yeah. So personal computers for employees ain’t so great. I’ll just, I kind of talked about that. You can do it, right? You don’t have full control over that endpoint, but it ain’t so great. And what’s going to happen is your employees with time are going to come back and say, Hey, can we just get a company computer?

    Todd Darroca:

    And then on the flip side, personal computers for those partners and leadership team members,

    David Kakish:

    That would work really well, especially in the early days of a new RIA. And a lot of times those partners, the leadership team, the partners, they don’t want to have that separation. They’re like, listen, this is sort of my life, right? Then I do everything here and that’s fine. Now, some of it will make that separation, but if you don’t, that’s completely okay because we’re going to treat that personal computer and really lock it down even though it is a personal computer.

    Todd Darroca:

    Got it. So we are, I don’t know if we’re in the wild, wild west anymore of BYOD, but I think we’re still learning kind of best practices. And so today, I think, I hope that many of you listening and watching are getting a little better footing of what to do when this comes up in your business or with your employees. So of course, David awesome on the information here and in given us some sound advice. But one thing that we always love to hear is some real world examples from you guys out there in listener viewer world. So what we’d love to hear from you is stories of, Hey, this is how I did this in my company, or maybe even tragically some horror stories of this is what happened when you don’t do this kind of thing. We’d love to see and hear those stories and maybe have you on the show at one point or another, but well anyways, so thanks again today listening on the BYD to BYD or not BYD.

    So obviously we’ve got all these episodes online@www.riaworkspace.com, our proud sponsor of the podcast. And all you have to do is go to the learn more or the resources tab in the learning center, and you’ll be able to get all of these podcasts and episodes for free. We’d love for you to subscribe and the show as well. And that way turn those notifications on, and you’ll automatically get us in your mobile feed or on your desktop and without even trying, kind of creepy. But hey, we’re always here for you. So hey guys, thanks again for listening. Feel free to reach out to David or myself for any questions. And again, we hope you have a great day, and we’ll see you next time. Thanks everybody.

  • Discover the best CRM software for RIAs and financial advisors in 2024

    Discover the best CRM software for RIAs and financial advisors in 2024

    Running a registered investment advisory (RIA) or financial advisory firm is no simple task. From managing client relationships and overseeing investments to balancing compliance and ensuring seamless operations, there’s a lot on your plate. This is where customer relationship management (CRM) solutions prove invaluable, helping you streamline processes and stay organized while providing top-notch service to your clients.

    But with countless CRM options available, how do you choose the ideal one for your firm? This guide cuts through the clutter, comparing the top CRM software options for RIAs and financial advisors. We’ll analyze features and pricing to equip you with the knowledge to make the best choice.

    Top CRM software for RIAs and financial advisors

    While the market offers a wide range of CRM solutions, some cater specifically to the needs of RIAs and financial advisors. Here’s a quick look at six popular options:

       

        • AdvisorEngine – With a focus on wealth management, AdvisorEngine boasts a comprehensive set of features for RIAs, including portfolio management, client onboarding, and data aggregation.

        • Advyzon – This cloud-based CRM offers a user-friendly platform with features geared toward client communication, portfolio management, and streamlining workflows.

        • Redtail – A leading CRM for financial services, Redtail offers robust functionality for contact management, portfolio performance tracking, and regulatory compliance.

        • Salesforce – A powerhouse CRM solution, Salesforce provides a highly customizable platform for managing client relationships and integrating with various financial tools.

        • Tamarac – A part of the Envestnet suite, Tamarac offers a feature-rich, web-based platform built on Microsoft 365 for independent advisors.

        • Wealthbox – Known for its user-friendly interface, Wealthbox offers a simple yet powerful CRM solution for managing client relationships, tasks, and data.

      Feature comparison

      Now that you’re familiar with the key players, let’s delve into the features offered by each CRM software to see how they stack up. Below is a breakdown of their capabilities across several key areas:

      Lead management

      How effectively does the CRM help you capture, nurture, and convert leads into clients? Look for features such as lead scoring, automated workflows, and marketing integrations.

      AdvisorEngine Advyzon Redtail Salesforce Tarmac Wealthbox
      Offers lead management features such as capturing leads through web forms, contact management, and growth tools for nurturing leads Provides basic lead capture functionalities, along with integrations for marketing automation platforms Has lead capture and tracking functionalities, but may require additional tools for advanced lead nurturing and scoring Offers robust lead management functionalities such as lead capture, scoring, routing, and nurturing Includes lead management tools for capturing, qualifying, and tracking leads Provides lead capture forms, client pipeline management, and integrations with marketing automation platforms

      Contact management

      Does the CRM offer robust contact management tools? Consider features such as contact segmentation, notes and activity tracking, and customizable fields. 

      AdvisorEngine Advyzon Redtail Salesforce Tarmac Wealthbox
      Offers comprehensive contact management with detailed profiles, activity tracking, and communication tools Provides user-friendly contact management with centralized contact database and communication features Offers robust contact management with detailed client profiles, activity tracking, and task management capabilities Provides highly customizable contact management with advanced filtering, segmentation, and communication features Offers in-depth client profiles with financial data integration, but may require additional tools for advanced communication features Provides user-friendly contact management with detailed profiles, search and filtering, and communication tools focused on building client relationships

      Portfolio management

      Does the CRM integrate with portfolio management tools or offer basic portfolio tracking functionalities? Features such as performance reporting and rebalancing tools can be valuable.

      AdvisorEngine Advyzon Redtail Salesforce Tarmac Wealthbox
      Offers integrated portfolio management tools with performance tracking, rebalancing capabilities, and reporting functionalities Provides basic portfolio tracking features, with integrations for external portfolio management tools Limited built-in portfolio management features; focuses on managing client contacts and interactions Limited built-in portfolio management features; primarily relies on integrations with third-party tools Offers comprehensive portfolio management with performance tracking, reporting, and client portal functionalities Limited portfolio management features; focuses more on client communication and relationship management

      Reporting & analytics

      How insightful are the reporting tools offered by the CRM? Look for features that go beyond basic data visualization.

      AdvisorEngine Advyzon Redtail Salesforce Tarmac Wealthbox
      Offers comprehensive reporting and analytics dashboards for client performance and overall business insights Provides customizable reporting tools with client performance tracking and analytics Offers robust reporting and analytics capabilities with customizable dashboards and pre-built reports Provides highly customizable reporting and analytics with advanced data visualization tools and integrations for comprehensive business insights Offers powerful business intelligence reporting with prebuilt templates and the ability to create custom reports Provides basic reporting with customizable dashboards and prebuilt reports

      Integrations

      Does the CRM integrate with other financial tools you use, such as portfolio accounting software or marketing automation platforms? Seamless integrations streamline workflows and enhance functionality.

      AdvisorEngine Advyzon Redtail Salesforce Tarmac Wealthbox
      Integrates with popular portfolio management, accounting, and marketing automation tools Offers integrations with various financial tools and marketing automation platforms Integrates with a wide range of financial and business applications Offers a vast ecosystem of integrations with various tools and platforms for extensive customization Integrates with wealth management tools and accounting software Offers integrations with popular financial and marketing automation tools

      Security & compliance

      Does the CRM prioritize data security and offer features to ensure compliance with industry regulations (e.g., SEC, FINRA) as well as data privacy laws (e.g., GDPR, CCPA)? Look for features such as data encryption, access controls, and audit trails.

      AdvisorEngine Advyzon Redtail Salesforce Tarmac Wealthbox
      All offer industry-standard security features such as data encryption, access controls, and user authentication. However, it’s important to check each vendor’s specific compliance certifications relevant to your region and regulations.
      Listen to the first episode of our RIA Tech Talk podcast, Seven Microsoft Gems: Empowering Your RIA For Security & Compliance.

      Customization

      How customizable are the CRM interface and functionalities? Tailoring the CRM to your specific needs and preferences greatly enhances its usefulness.

      AdvisorEngine Advyzon Redtail Salesforce Tarmac Wealthbox
      Offers a drag-and-drop interface for customizing dashboards, workflows, and reports Allows customization of dashboards, layouts, and workflows Provides some level of customization, but complex customizations require external tools or workarounds Offers high levels of customization but requires technical expertise or additional investment in development tools and resources Provides some customization options, including custom fields and reports Offers basic customization options such as custom fields and filters

      Ease of use

      Is the CRM user-friendly and intuitive? Consider factors such as navigation, data input and organization, and ease of access to important features. 

      AdvisorEngine Advyzon Redtail Salesforce Tarmac Wealthbox
      Offers a modern, intuitive interface with easy navigation and streamlined data input Provides a user-friendly interface with drag-and-drop functionality for easy customization Offers a straightforward interface but may have a learning curve for some features or workflows Provides robust functionalities but may require training or technical knowledge to fully utilize Offers an organized and straightforward interface with simple data input and access to important features Provides an easy-to-use interface, with guided setup and intuitive navigation

      Pricing comparison (as of July 2024)

      Pricing for these CRMs can vary greatly depending on the features and number of users. Here’s a general overview of their pricing structures: 

      AdvisorEngine Advyzon Redtail Salesforce Tarmac Wealthbox
      Starts at $65 per user, per month, billed annually
      Free demo available       		Starts at $6,500 for up to 150 accounts per year
      Free trial available       		Starts at $39 per user, per month (up to 5 users), billed annually
      Free trial available       		Starts at $25 per user, per month, billed monthly or annually
      Free trial available       		Custom pricing based on firm size
      Free trial or demo available       		Starts at $49 per user, per month
      Free trial available

      Choosing the right CRM can greatly impact your success in managing client relationships and growing your business. Consider the features, integrations, security, customization options, and pricing when making your decision. With the perfect CRM in place, you’ll be well equipped to provide top-notch service to your clients and achieve greater efficiency.

      Related reading: How to choose the right financial advisor software for your RIA tech stack: A comprehensive guide

      For personalized guidance on selecting the best CRM and other IT needs for your RIA or financial advisory firm, contact RIA WorkSpace today. Our team specializes in providing tailored IT services for small and medium-sized firms, ensuring you have the best tools and support to 

    • AirDrop scams – SCAM OF THE MONTH

      AirDrop scams – SCAM OF THE MONTH

      Carrie lives in the city and often finds herself in crowded places such as subways and airports. She passes the time traveling by scrolling on her phone. One day, Carrie was on a bus when a notification popped up on her phone. It was an AirDrop requesting to send her a file. Carrie didn’t realize she had her share settings open to everyone. She didn’t know the sender but out of curiosity, she accepted the file.

      The file was nothing special. It had data related to a company Carrie was not familiar with. She clicked around on the file, and it opened a strange link. Carrie closed out of the file and the link and assumed it was sent to her by mistake. But really, it carried malware that worked its way through her device. Over the next few days, her phone began to behave erratically, with apps crashing and battery life draining unusually fast. Carrie ignored the signs, assuming she just needed a new phone.

      Did you spot the red flags?

      • Carrie should have had AirDrop turned off when not in use or set to private. Some use AirDrop to send inappropriate photos or malicious files.
      • When Carrie started noticing her phone acting erratically, she should have scanned her device with a trusted antivirus app.

      What you should know about this scam

      AirDrop has had issues in the past with vulnerabilities, allowing cybercriminals to see a user’s phone number or email address. Keep devices updated to make sure any security vulnerabilities are patched as soon as possible.

      AirDrop on Apple devices and Nearby Share on Android devices let users send pictures or files without an internet connection. They use Bluetooth and create a peer-to-peer Wi-Fi network. Keep these sharing features private or off when not in use, and only accept files from trusted contacts.

    • FINRA Tools Spotlight: Small Firm Business Continuity Plan Template

      FINRA Tools Spotlight: Small Firm Business Continuity Plan Template

      Whether you’re a new RIA who is just getting started on a Business Continuity Plan (BCP) or you already have one in place but want to be sure you’re following all the best practices, the FINRA Small Firm Business Continuity Plan is a good place to start.  You should check out the site regularly for ongoing updates, but at the time of writing, the current template covers the critical components of a BCP. 

      • Emergency contact persons
      • Firm’s policy for business continuity
      • Description of your business
      • Locations including alternative locations for employees
      • Details on your customers’ access to funds and securities
      • Details of your data back-up and recovery
      • Your procedures for financial and operational assessments
      • Description of your mission critical systems
      • Your alternate means of communication with your customers, employees, and regulators
      • How you’ll identify impacts on critical business constituents, banks, and counter-parties
      • Your regulatory reporting process
      • How you disclose your BCP to your customers
      • Details of your BCP annual review and updates

      This template is meant to be a guideline and not an exact fit for every RIA.  You should consult with your IT services provider to confirm if your BCP meets your needs.  You should also update your BCP on a regular basis as your firm changes. 

      If you find yourself concerned about any of the following, you may want to revisit your BCP soon. 

      • You’re not sure if your backup and recovery is sufficient and if it’s tested regularly.
      • Your staff isn’t trained or prepared in the event of accidental deletion or corruption of your data.
      • You don’t know how much data loss or downtime you can withstand in the event of a cyberattack.
      • You’re unclear about your cyber security and your vulnerability to a cyberattack.

      If you need help with your BCP, check out the business continuity services we provide to our RIA clients. 

      Here’s the direct link to the FINRA Small Firm Business Continuity Plan Template

    • FINRA Tools Spotlight: Small Firm Cybersecurity Checklist

      FINRA Tools Spotlight: Small Firm Cybersecurity Checklist

      FINRA offers RIAs a basic checklist for your cybersecurity.  The FINRA Small Firm Cybersecurity Checklist should be your starting point to identify what you’re doing well and what needs improvement to protect your firm and customer data. 

      The checklist is a spreadsheet you can use to begin to identify some of your risks and protected assets.  Your IT services provider should be able to help you with this. 

      The spreadsheet includes tabs for:

      • An inventory of your risks including personally identifiable information (PII) and other sensitive information your firm stores, uses, or transmits
      • How your can minimize the use of PII and other sensitive information
      • If your firm shares PII or other sensitive information with third parties and how you manage that securely
      • What your firm is doing to protect PII and other sensitive information such as password protection, malware and antivirus protection, and other solutions such as firewalls
      • An inventory of your systems and what you have in place to secure them
      • How you use encryption to protect PII and other data
      • An inventory of your devices and how they’re secured
      • How you control access to your systems and data
      • How you provide cybersecurity training for staff
      • What you have in place to detect risks
      • Details of your Intrusion Detection System and Intrusion Prevention System
      • Your response plan in the event of an incident
      • What you have in place for recovery after an incident

      Another great tool to assess your security is the Microsoft Secure Score.  If your firm uses Microsoft, this is a free tool available to you.  We have more information on how your can check your RIA’s Cloud Secure Score.    

      Here’s the direct link to the FINRA Small Firm Cybersecurity Checklist