Contact us: 888-996-4642 |

CEOs Need to Walk the Talk Regarding Cyber Security

By Richard Mabbun, CEO, ITEGRIA

It is imperative that CEOs begin to measure or evaluate every employee, including themselves, on their level of cyber awareness. This is especially important for CEOs of Registered Investment Advisor (RIA) firms where cyber insecurity can cause loss of reputation and significant fines.

Every day, clients entrust their investment advisors at RIA firms with valuable financial data. The kind of data that identity thieves would love to get their hands on. While employees may have the best intentions, if they are unaware of the dangers of cyber attacks, or get a little lax on security precautions because they are time consuming, it is just too easy for data to leak.

In light of the devastating cyber attacks in recent years, a new push is underway in businesses for CEOs to begin measuring or evaluating themselves and each and every employee under their control as to the level of cyber awareness. Have they received training? Do they understand the importance of the firm’s security precautions? Is the CEO and the management team walking the talk and holding themselves accountable to the same level of security and awareness?

It starts at the top.

As the CEO of ĪTEGRIA®, I’m in the same boat. I have conversations frequently with our RIA client partners and CEOs on how willing are we to subject ourselves to security policies and then really stick to those policies? One of the most important roles we can play as leaders is to be a cheerleader for those IT security policies, knowing that those practices and procedures are there to protect us individually, as a firm, and most importantly for the people that we serve – our clients.

How do we portray that security posture to our managers and employees so that it becomes accepted. The IT security procedures need to become so rote that no one questions them and they become second nature. The “way we do things” here. Think of this analogy. We all get nervous and extra attentive walking down a dark alley. We are on high alert for something bad to happen. We breathe a sigh of relief when we make it safely through the alley. However, when it comes to cyber attacks, there is no relief when you walk in the daylight again. When it comes to cyber security it is too easy for information to leak and in situations that don’t raise red flags.

How to Create a Culture Change

For a groundswell to happen and create positive attitudes about cyber awareness amongst all of your employees, it starts with the CEO and the management team. CEOs, start evaluating yourself on your attitude, activities, and conversations. Do you talk about cyber security enough? Bringing it up in meetings and employee communications will serve as a great reminder but also give the topic weight. Next, focus on your managers.

Stress how important it is for them to set the example for the rest of the organization. Are they demonstrating adherence to the security protocols or policies during the work day. When they are working remotely? In front of customers? Are they all in? Are they embracing the policies and enthusiastically sharing them with their team frequently? Are they cultivating that culture of awareness? If management is walking the talk, it will trickle down to all employees. And when it comes to cyber security, every single employee must be aware and adhere to procedures. Leaks can happen anywhere and often do so where least expected.

Evaluate every employee. Do they listen? Are they adhering to the security policies and do they truly understand the impact a leak could have on the company and on them.

Leaks don’t just happen in the office.

With wi-fi service so easy to find and firm sponsored cloud-based infrastructure, people work wherever they can. Are your employees following security procedures with regard to their own systems at home, on their smartphones, on their tablets, or on their laptops? Sensitive data walk out of your building every day. Your employees are the stewards to protect it.

Systems and processes can be put in place to secure and lock down the technical aspects of cyber security such as the network infrastructure or physical location of your data servers. But we know that typically, cyber security is weakest at the user or at the individual level.

So, do you have weak links in your organization? Don’t let the weak link be you.

If you need help understanding how to best protect your firm, your employees, and your clients from cyber attacks, give us a call. We’d be happy to have a conversation because we are passionate about helping RIA firms not only meet but exceed IT compliance and cyber security practices.

You Might Also Like:

Which Cloud Based IT Infrastructure is Best for RIA Firms?

How RIAs Can Proactively Meet Cyber Security Standards