Contact us: 888-996-4642 | info@itegria.com

3 Ways to Keep Your RIA Firm Cyber Secure When Employees Travel

Traveling, working remotely from home, or accessing accounts at a client site are all normal business activities for employees of any company. However, for Registered Investment Advisory (RIA) firms, keeping your company and your clients’ sensitive financial data secure when they are out of the office is imperative. Any time an employee has to access your network using Wi-Fi, there is an increased opportunity for a cyber breach.

Before you implement any tools or install any software applications, train your employees on cyber security. Employee training is THE most important component of any RIA firm’s information security policies and procedures because employees unknowingly pose the greatest security risk to your firm. Making your employees aware of the types of cyber security threats that arise while traveling, how to protect against suspicious activity and avoid bad practices, as well as the consequences of a breach to the firm and its clients is the very first step to take to start protection. Remember, information security culture starts at the top. Read why CEOs Need to Walk the Talk Regarding Cyber Security.

While employees may be the weakest link in your cyber security armor, they are also your first line of defense in recognizing attacks. Training and a culture of compliance is essential for protection.

In addition, here are three important steps you can take to protect your firm’s network when employees travel or work remotely:

Install VPN Network Software

Being able to access your data and network via Wi-Fi while traveling or working from home is such a productivity saver. However, public Wi-Fi and even your employee’s home wireless network is very dangerous from a cyber security standpoint. Even logging into a Wi-Fi network at a client’s site can be risky, if their firewall or network protection is not as robust as you need.

Why is working remotely such a danger? When you use the Internet to conduct business transactions, the data you entered travels from your computer directly to the Internet. Anyone who is maliciously recording all traffic on the same Public Wi-Fi or unsecured private Wi-Fi you are using will be able to see what you are browsing and what data you are sending. A large percentage of the data used by general Internet services is usually in plain text, so a hacker can see which site you’ve visited, what you’ve typed in and sent, what you were looking for and if any financial data or account numbers were shared. While this has improved over the last few years with regulatory mandates for encrypting website use via Transport Layer Security (TLS) technologies, deciphering what sites are and are not protected can still be very tedious and convoluted.

So, if your employees log on to a public Wi-Fi network at a hotel, coffee shop, or conference, your data is open to eavesdropping unless you are supplying a secondary level of encryption from Virtual Private Network (VPN) software.

VPN works as a secured barrier, or an encrypted tunnel, that goes between your computer and the Internet to stop this breach of security. This software combined with remote desktop access technology provides a conduit for you to take over a work station in your office and therefore use your firm’s private network for all transactions.

With VPN protection, the readable plain text and all the traffic between your computer and the Internet is automatically encrypted into a string of unreadable, garbled text, numbers and symbols. The encryption happens between your computer and the VPN server, so any of your data that is maliciously recorded while using Wi-Fi will be undecipherable to the attacker. This is why VPNs are vital to the security of your online data when logging in remotely.

One important note on VPNs: We don’t recommend using an Internet-based VPN service. Any VPN that will give you the level of protection you need for sensitive financial data is one that you own and control. It should be located in your office and allow you to create an encrypted tunnel to your office network. Many Internet-based VPN services are really just anonymity services, promising to protect you by keeping your online identity 100% anonymous. However, read the fine print. In their privacy policy, many of these services say that they log your activity, storing certain pieces of data like when you log in, IP addresses, and the total amount of data transferred. They do this to properly maintain and optimize their systems or their network and some policies say they keep this data in case they need to release it to law enforcement personnel.

Let us bust a myth about online anonymity. You are never 100% anonymous when you are online, even when using privacy tools like a VPN. Every service has at least one piece of information, like a set of IP addresses, that can be used to distinguish different users. While not 100% fool proof, a dedicated VPN does greatly increase your privacy and security online, which is what you want more so than trying and failing to be 100% anonymous.

Embrace Multi-Factor Authentication

A tool RIA firms can use to add an extra layer of protection to their network is multi-factor authentication (MFA). Using MFA methodology is one of the best ways to keep a firm’s data safe and more secure by creating a layered defense, making it much more difficult for an unauthorized person to access a computing device, network, or database. MFA requires employees to provide multiple forms of identification or information to confirm their identity for an online transaction, to access their computer or smart phone, or to gain access to a corporate application. To get access to the firm’s network or database, every employee enters their strong, unique password but then they also have to provide a second piece of data — whether it’s a code, or a temporary password, or the swipe of a finger – before the firm’s account can be accessed.

If a hacker is able to use tools to figure out the password, they still need to go through one more barrier of protection to create a data breach. MFA has become more and more common to log into devices and especially to access cloud based applications where very sensitive data is transmitted and stored.

Manage Complex and Unique Passwords easily with Password Vaults

In addition to MFA, RIA firms can strengthen their passwords to thwart breaches. A firm’s network is only as secure as its weakest password. The stronger your password, the more protected your computer will be from malicious attacks. However, strong passwords are hard to remember because they are longer, contain different types of characters, and don’t contain complete words. To make it easier for RIA firms and their employees to use robust passwords, we recommend using Password Vaults. Password Vaults or Password Managers are software applications that allow an RIA firm and their employees to store their sensitive data like multiple passwords, credit card numbers, or account login information in a secure area. The stored data is encrypted but can be accessed with one master password. By making it easy to remember just one master password, it encourages your employees to use stronger passwords for all of their accounts. Creating these longer, stronger and more random passwords is easy. The tool will do it for you.

As a bonus for RIA firms, these Password Vaults or security applications also track access of passwords for compliance audit purposes. Although the SEC will never mandate that you use password management tools, like Last Pass, these tools do allow you to create a more difficult, robust, and controlled methodology to protect access to your network. The SEC likes to see that you are taking steps to protect your data.

Here are some additional Wi-Fi Security Tips that you can share with your employees. They should get in the habit of protecting themselves at work and personally.

If you have more questions about cyber security and helping employees maintain cyber security while traveling, please give us a call at 224-563-3602. We are happy to help. We only serve RIA firms, so we understand the complexities of your industry and can share best practices in cyber security to help you protect your business and your clients.

Knowing that cyber security is probably a top initiative for you, we also wanted to let you know about two solutions we have developed to help our customers protect their firm and comply with SEC cyber security mandates. The first solution for existing ĪTEGRIA® customers is Total AdvisorSecure™, a solution that uses a suite of robust tools, allowing us to scan your system to identify risks and vulnerabilities, pinpointing all the weaknesses that could leave you at risk for malicious and criminal behavior that could compromise you and your clients’ most sensitive information. We also proactively work with you to design a robust Security RoadMap that is unique to your firm.

Additionally, we have a new cyber security solution in the works for clients who aren’t currently having us manage their IT network. Sign up for our newsletter to receive more information on that solution when it is announced.

You May Also Like:

5 Things Every RIA Firm CEO Needs to Know About Cyber Security
The SEC Wants Your RIA Firm to be Cyber Secure
Valuable Cyber Security and Compliance Tips for RIA Firms