RIA Workspace

Tag: Security

  • Resolving IT Frustrations for a Growing RIA: Case Study

    Resolving IT Frustrations for a Growing RIA: Case Study



    Download PDF

    The Problem

    Frustration was growing after this RIA’s IT provider had been acquired by a larger company.  Service quality declined dramatically and they felt their needs were being sidelined in favor of larger clients.

    Terrible Service and Response Time

    “We don’t want to call multiple times to fix the same thing.”

    Day-to-day issues were often delayed, and critical problems didn’t get the urgent attention they required.

    Phishing Emails

    The firm received a large number of phishing emails in their inboxes.  This was a persistent problem, causing significant security concerns for their team.

    Onsite Server Management

    This RIA still relied on a physical server, which was cumbersome and couldn’t keep up with the standards of modern cloud-based solutions.

     

    RIA WorkSpace Understood Their Concerns

    When we first spoke to this RIA, their concerns were consistent with those of other RIAs of the same size. 

    • They felt overlooked by an IT partner who prioritized larger clients
    • They felt that their IT infrastructure wasn’t meeting the needs of their hybrid office
    • They wanted security issues (like phishing) to be resolved with best-in-class cybersecurity solutions
    • They felt it was time to transition away from a physical server setup

     

    Our Solution

    RIA Workspace stepped in with a Managed IT solution that resolved all of their concerns. 

    Dedicated, Responsive Support

    Like all RIA WorkSpace clients, this RIA has a dedicated support team, ensuring they had a direct point of contact who understood their business. This included an Onboarding Technician and a dedicated Primary Support Engineer who is always their first stop for any requests.  All support tickets, from all clients – regardless of sized, are prioritized based on their urgency and each request has strict response and resolution timelines the team stands behind. 

    Enhanced Phishing Protection

    Phishing had become a significant issue for a lot of businesses.  The security services that are part of our Managed IT package includes comprehensive security measures, including employee training and advanced phishing filters, to mitigate these risks.  Also keeping their RIA secure is a full, enterprise-level cybersecurity solution so they are not only protected, but IT compliant as well. 

    Transition to Cloud-Based Solutions

    When they started working with us, this RIA relied on an outdated onsite server. We migrated them to a cloud-based system using Microsoft 365, ending the need for physical servers and allowing remote employees to access their files securely from anywhere.

     

    The Results

    Once onboarding was complete and this RIA was on the RIA WorkSpace platform, they saw immediate improvements. 

    • Faster Response Times: Day-to-day questions are resolved quickly, with no need for follow-ups or repeat calls.
    • Secure Operations: Phishing incidents dropped significantly, giving the team peace of mind.
    • Streamlined Infrastructure: Migration to the cloud has simplified file management, enhanced security, and supported their hybrid work model.

    csat

  • Unmasking fileless malware: How hackers attack without a trace

    Unmasking fileless malware: How hackers attack without a trace

    The techniques cybercriminals use to hack into systems are not any simpler. Today, there’s a glut of malware types that don’t rely on traditional methods for infiltration. Fileless malware, in particular, is an incredibly elusive and dangerous threat that can bypass even the most sophisticated security measures.

     

    What is fileless malware?

    Fileless malware is a type of malicious program that operates without using executable files to infect a computer like how traditional malware does. Instead, it operates within the system’s memory (RAM) or uses legitimate programs already running on your machine to covertly infect your systems.

    The initial exploit, or intrusion point, can vary, but the most common method used by cybercriminals is through phishing emails containing malicious links or attachments. Once clicked or opened, the malware will execute its code and spread quickly by escalating its privileges and exploiting vulnerabilities in the operating system or applications. It typically leverages built-in system tools such as PowerShell and WMI (Windows Management Instrumentation) to carry out its malicious activities without ever leaving a single file or detectable footprint on the hard drive.

    Although fileless malware doesn’t install itself permanently on a system, it can establish a persistent foothold by modifying system configurations or scheduling tasks to run malicious scripts every time the system boots up. Its ability to adapt and mimic legitimate processes means it can avoid detection for longer periods, leading to greater damage over time.

     

    How to mitigate fileless malware threats

    To protect against fileless malware, businesses need to take a proactive approach and implement multiple layers of security measures. Here are key strategies for mitigating the risk of fileless malware attacks:

    Implement advanced endpoint protection
    Rather than relying solely on basic antivirus software, which may not detect fileless threats, it’s crucial to deploy advanced endpoint protection solutions that can monitor system behavior. These tools can identify suspicious activity in real time, even if no files are involved, by recognizing patterns of abnormal memory usage or unexpected behaviors in trusted programs.

    Utilize application whitelisting
    Application whitelisting is the practice of allowing only approved programs to run on a system. It can be accessed through the operating system’s security settings or through third-party software, where you can determine which applications and scripts are allowed to run based on their digital signatures, publisher, or file paths. By implementing a strict whitelist, businesses can prevent unauthorized programs from running and stop fileless malware in its tracks.

    Regularly update software
    Exploiting software vulnerabilities is a common entry point for fileless malware. To prevent this, it’s critical to ensure that all your software, operating systems, and third-party applications are up to date with the latest patches. Regular patching closes known vulnerabilities that attackers could use to compromise your system.

    Train employees on phishing awareness
    Many fileless malware attacks begin with a phishing email that tricks the user into clicking a malicious link or opening an infected document. Providing regular cybersecurity training to your employees on how to recognize phishing attempts, suspicious links, and unexpected attachments can significantly reduce the chances of malware gaining initial access to your network.

    Segment networks
    If a fileless malware attack successfully infiltrates one part of your network, segmentation can contain the threat, prevent it from spreading, and reduce the overall impact of fileless malware. To segment your network, you can create separate subnets or VLANs and implement strict access control policies that prevent unauthorized communication between different parts of the network.

    Monitor and analyze network traffic
    Network traffic monitoring can identify anomalies or unusual communication patterns that might indicate a fileless malware infection. For instance, if a system suddenly starts communicating with unknown or suspicious IP addresses, it could be a sign of malware activity. Early detection of any unusual network behavior can help organizations respond quickly and mitigate potential damage.

    Fileless malware is incredibly sophisticated, and your technical expertise must match its stealthy and evasive nature. If you don’t have cybersecurity experts on your team, working with a managed IT services provider like us can help you implement the necessary security measures and continuously monitor your systems for any signs of fileless malware. Contact us today to protect your business from this growing threat.

     

    Published with permission from TechAdvisory.org. Source.

  • MFA fatigue attacks – SCAM OF THE MONTH

    MFA fatigue attacks – SCAM OF THE MONTH

    Miguel is a dedicated employee in the corporate offices of a department store chain. As part of his daily routine, he uses multi-factor authentication (MFA) to access his work applications. One morning, while he was focusing on a crucial project, his phone buzzed with a push notification asking him to approve an MFA request. Distracted, he declined the request, thinking it was a mistake. But the notifications kept coming—buzz after buzz, interrupting his workflow.

    Frustrated by the barrage of alerts, Miguel approved one of the notifications, hoping it would stop the interruptions. The alerts did stop, but this was exactly what the attacker was counting on. A cybercriminal had obtained Miguel’s login credentials through a phishing scam and was now using an MFA fatigue attack to gain access to his company’s system. By the time Miguel realized his mistake, the attacker had already infiltrated the network, leading to a significant security breach.

     

    Did you spot the red flags?

    • Miguel should have discussed the issue with a manager or IT worker before approving the verification attempt.
    • Miguel should not have approved the MFA request since he did not try to log into his account in the first place.

     

    What you should know about this scam

    If you receive multiple unexpected MFA requests, do not approve them. Immediately report the incident to your IT department and change the related account’s password.

    Instead of using push notifications, try other types of MFA. Consider using biometric authentication (like face scans or fingerprints) or authenticator apps, which are less susceptible to MFA fatigue attacks.

  • Spear phishing attacks – SCAM OF THE MONTH

    Spear phishing attacks – SCAM OF THE MONTH

    In the offices of a renowned robotics firm, Lisa, a lead engineer, was designing a new autonomous drone system. Her concentration was broken by an unexpected email from Dr. Morris, a prominent figure in robotics and someone Lisa greatly respected.

    The subject of the email read, “Urgent: Proposal for Collaborative Project in Robotics.” Intrigued, Lisa opened the email, which articulated a proposal for a joint venture between her firm and the university where Dr. Morris was a lead researcher.

    Attached was a document named “Project Specifics.pdf.” The email captured the tone Lisa would expect. She was ready to open the attachment when a detail made her pause: the email address looked strange. She found the professor’s official university email on the department website and sent an inquiry, attaching the received proposal for reference. Dr. Morris replied, confirming Lisa’s suspicions: she had not sent the email and it was likely a scam.

    Did you spot the red flags?

    • Lisa should not have forwarded the document to Dr. Morris in case the attachment contained malware.
    • Lisa should have alerted her IT team and her fellow employees about the message.
    • The sender’s email address looked suspicious. Always use the SLAM method to evaluate the different parts of a message.

    What you should know about this scam

    If you are unsure whether an email is legit or not, it is best to research the organization’s contact information or verify the message with the sender through another source.

    Spear phishing attacks often use specific details about an individual to get them to trust the message. With AI, cybercriminals can generate these messages easier than ever before. Just because a message includes information personalized to you, doesn’t mean you can automatically trust it.

  • AirDrop scams – SCAM OF THE MONTH

    AirDrop scams – SCAM OF THE MONTH

    Carrie lives in the city and often finds herself in crowded places such as subways and airports. She passes the time traveling by scrolling on her phone. One day, Carrie was on a bus when a notification popped up on her phone. It was an AirDrop requesting to send her a file. Carrie didn’t realize she had her share settings open to everyone. She didn’t know the sender but out of curiosity, she accepted the file.

    The file was nothing special. It had data related to a company Carrie was not familiar with. She clicked around on the file, and it opened a strange link. Carrie closed out of the file and the link and assumed it was sent to her by mistake. But really, it carried malware that worked its way through her device. Over the next few days, her phone began to behave erratically, with apps crashing and battery life draining unusually fast. Carrie ignored the signs, assuming she just needed a new phone.

    Did you spot the red flags?

    • Carrie should have had AirDrop turned off when not in use or set to private. Some use AirDrop to send inappropriate photos or malicious files.
    • When Carrie started noticing her phone acting erratically, she should have scanned her device with a trusted antivirus app.

    What you should know about this scam

    AirDrop has had issues in the past with vulnerabilities, allowing cybercriminals to see a user’s phone number or email address. Keep devices updated to make sure any security vulnerabilities are patched as soon as possible.

    AirDrop on Apple devices and Nearby Share on Android devices let users send pictures or files without an internet connection. They use Bluetooth and create a peer-to-peer Wi-Fi network. Keep these sharing features private or off when not in use, and only accept files from trusted contacts.

  • FINRA Tools Spotlight: Small Firm Business Continuity Plan Template

    FINRA Tools Spotlight: Small Firm Business Continuity Plan Template

    Whether you’re a new RIA who is just getting started on a Business Continuity Plan (BCP) or you already have one in place but want to be sure you’re following all the best practices, the FINRA Small Firm Business Continuity Plan is a good place to start.  You should check out the site regularly for ongoing updates, but at the time of writing, the current template covers the critical components of a BCP. 

    • Emergency contact persons
    • Firm’s policy for business continuity
    • Description of your business
    • Locations including alternative locations for employees
    • Details on your customers’ access to funds and securities
    • Details of your data back-up and recovery
    • Your procedures for financial and operational assessments
    • Description of your mission critical systems
    • Your alternate means of communication with your customers, employees, and regulators
    • How you’ll identify impacts on critical business constituents, banks, and counter-parties
    • Your regulatory reporting process
    • How you disclose your BCP to your customers
    • Details of your BCP annual review and updates

    This template is meant to be a guideline and not an exact fit for every RIA.  You should consult with your IT services provider to confirm if your BCP meets your needs.  You should also update your BCP on a regular basis as your firm changes. 

    If you find yourself concerned about any of the following, you may want to revisit your BCP soon. 

    • You’re not sure if your backup and recovery is sufficient and if it’s tested regularly.
    • Your staff isn’t trained or prepared in the event of accidental deletion or corruption of your data.
    • You don’t know how much data loss or downtime you can withstand in the event of a cyberattack.
    • You’re unclear about your cyber security and your vulnerability to a cyberattack.

    If you need help with your BCP, check out the business continuity services we provide to our RIA clients. 

    Here’s the direct link to the FINRA Small Firm Business Continuity Plan Template

  • FINRA Tools Spotlight: Small Firm Cybersecurity Checklist

    FINRA Tools Spotlight: Small Firm Cybersecurity Checklist

    FINRA offers RIAs a basic checklist for your cybersecurity.  The FINRA Small Firm Cybersecurity Checklist should be your starting point to identify what you’re doing well and what needs improvement to protect your firm and customer data. 

    The checklist is a spreadsheet you can use to begin to identify some of your risks and protected assets.  Your IT services provider should be able to help you with this. 

    The spreadsheet includes tabs for:

    • An inventory of your risks including personally identifiable information (PII) and other sensitive information your firm stores, uses, or transmits
    • How your can minimize the use of PII and other sensitive information
    • If your firm shares PII or other sensitive information with third parties and how you manage that securely
    • What your firm is doing to protect PII and other sensitive information such as password protection, malware and antivirus protection, and other solutions such as firewalls
    • An inventory of your systems and what you have in place to secure them
    • How you use encryption to protect PII and other data
    • An inventory of your devices and how they’re secured
    • How you control access to your systems and data
    • How you provide cybersecurity training for staff
    • What you have in place to detect risks
    • Details of your Intrusion Detection System and Intrusion Prevention System
    • Your response plan in the event of an incident
    • What you have in place for recovery after an incident

    Another great tool to assess your security is the Microsoft Secure Score.  If your firm uses Microsoft, this is a free tool available to you.  We have more information on how your can check your RIA’s Cloud Secure Score.    

    Here’s the direct link to the FINRA Small Firm Cybersecurity Checklist

  • FINRA Tools Spotlight: Core Cybersecurity Threats and Effective Controls for Small Firms

    FINRA Tools Spotlight: Core Cybersecurity Threats and Effective Controls for Small Firms

    This FINRA tool highlights some of the most common cybersecurity threats that RIAs should be on top of.  FINRA explains how cybercriminals use these tactics to target the financial services industry specifically and questions you should ask to know if you’re doing enough to protect your firm and customers. 

    Specifically, FINRA highlights the following threats:

    • Imposter websites
    • Phishing
    • Customer and Firm Employee Account Takeovers
    • Malware
    • Ransomware
    • Data Breaches

    This tool also provides guidance on core cybersecurity controls for RIAs.  This is a good starting point and you should work with your IT services provider to  ensure that you have these in place, at a minimum.  These include recommendations for:

    • Governance and Risk Management
    • Vendor Management
    • Access Controls
    • Data Protection
    • Technical Controls
    • Branch Controls
    • Incident Management and Response
    • Training

    Here’s the direct link to the FINRA Core Cybersecurity Threats and Effective Controls for Small Firms.    

    The best way to mitigate the risk of these and other cyber threats is to stay ahead of them.  If you’d like to learn more about how we protect our RIA clients, you can check out our page on Cybersecurity Service for RIAs

  • Fake news websites – SCAM OF THE MONTH

    Fake news websites – SCAM OF THE MONTH

    Max enjoys staying up to date with economic and business news. One morning, as Max scanned news stories online, a breaking headline popped up about a severe economic crash. The article was detailed and convincing, citing unnamed experts and confidential reports. It painted a grim picture of the days ahead, advising readers to divest from certain stocks and invest heavily in others it claimed were recession-proof.

    Driven by a mix of fear and the opportunity to outmaneuver the market, Max made the decision to adjust his portfolio accordingly, redirecting significant funds into the recommended assets.

    Days turned into weeks, and the predicted economic catastrophe failed to materialize. It was only then that the truth dawned on him – he had followed the advice of a fake news article designed to manipulate the market or get unsuspecting users to click on certain malicious links.

    Did you spot the red flags?

    • Max should have verified the news through other sources before making decisions based on one article.
    • Instead of scanning news stories online from random websites, Max should have specifically gone to the websites of credible news outlets that he trusted.
    • Max should have paused before acting on emotions fueled by something he saw online.

    What you should know about this scam

    Many headlines (real and fake) related to current events use emotionally charged language or shocking details to get the user to click a link or stay on their site. It is important to be aware of this. Take a step back and think twice before acting on a headline.

    Some cybercriminals create fake news websites that resemble the design, name, and URL of real news websites. It is important to scrutinize websites and URLs before interacting with a site or clicking on links.